Thank you very much! you explaining very well! I will close my eyes in this case.
Thanks very much again! -Motty On Fri, Dec 21, 2012 at 10:07 AM, Noel Jones <njo...@megan.vbhcs.org> wrote: > On 12/21/2012 11:25 AM, motty cruz wrote: > > Hello, > > I have the following in my configuration but does not seem to make > > any difference on the connection errors I see in the logs > > > > smtpd_error_sleep_time=1h > > The above is a good way to DoS yourself. Error sleep time should be > 0s or 1s, never more than a few seconds. This has nothing to do > with your log snippet below. > > > smtpd_soft_error_limit=10 > > smtpd_hard_error_limit=20 > > > Those are OK, but have nothing to do with your log snippet below. > > > > > > > > log: > > Dec 21 09:22:53 mas postfix/smtpd[23941]: connect from > > unknown[186.81.31.93] > > Dec 21 09:22:54 mas postfix/smtpd[23941]: NOQUEUE: reject: RCPT from > > unknown[186.81.31.93]: 554 5.7.1 Client host rejected: cannot find > > your hostname, [186.81.31.93]; from=<kg....@lincoln.com > > <mailto:kg....@lincoln.com>> to=<jason_grif...@sscsinc.com > > <mailto:jason_grif...@sscsinc.com>> proto=SMTP helo=<lincoln.com > > <http://lincoln.com>> > > Dec 21 09:22:54 mas postfix/smtpd[23941]: lost connection after RCPT > > from unknown[186.81.31.93] > > Dec 21 09:22:54 mas postfix/smtpd[23941]: disconnect from > > unknown[186.81.31.93] > > > > it's been going for about an hour and it does not stop, any idea? > > It's unclear what you want to stop. The above client was rejected > with the "reject_unknown_client_hostname" restriction. The > rejection is correct as the client hostname does not have a matching > A record. (name->address mapping failed). > http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname > > The client is also listed on several RBLs. If your intention is to > stop seeing rejections from this client in your logs, either close > your eyes, or firewall the IP. Unless you're getting enough > connections from this client to constitute a DoS attack, it's not > bothering postfix in the least, and not accepting any mail from the > offending client. > > If your intention is to temporarily block a persistent spammer, use > fail2ban. > > > > -- Noel Jones >