On 4/7/2014 8:42 AM, Richard Laysell wrote: > > Hello all, > > What is the best way of dealing with pests like this? > > Apr 7 12:52:40 polyphemus postfix/smtpd[24765]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:41 polyphemus postfix/smtpd[9398]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[11788]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[1519]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[25494]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[8085]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:43 polyphemus postfix/smtpd[17639]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:43 polyphemus postfix/smtpd[20617]: lost connection after > AUTH from unknown[78.188.45.153] > > And on and on and on for another hundred or so lines > > Note that I don't advertise or accept 'AUTH' on this server: > > 250-polyphemus.xiphosura.co.uk > 250-SIZE 10240000 > 250-ENHANCEDSTATUSCODES > 250 8BITMIME > AUTH > 503 5.5.1 Error: authentication not enabled > > Should I just ignore this, or is there a way of preventing/ameliorating > this abuse in Postfix? My system seems to cope with it OK, but it > does rather annoy me. > > I'm using Postfix 2.10.1 > > Regards, > > Richard >
Just ignore this attempted abuse. Since you don't offer AUTH, they can't break anything. This won't affect your performance unless there are a large number (hundreds?) of concurrent connections, and they'll probably go annoy someone else at some point. If they annoy you badly, you can use fail2ban or similar to firewall badly behaving clients, but understand that's mostly just to make you feel better and can have unintended side effects, such as unintentionally blocking a good client. -- Noel Jones
