Thanks for the responses, and right on point, RDNS from my host has been failing here and there the last 2 days, they tell me they are fixing it, the ptr records exist but seem to be timing out at times, so good to see that's one of the problems as it should be fixed soon.
cleers.dustypex.com. is not my host name, I just keep seeing the warning from postfix saying it doesn't match the ip, which sorry I X'd it out, thought it wasn't needed, it is: 23.231.27.148 About the bot, yes that is something I was concerned about, I was getting a ton of failed ssh log in attempts, so I ip restricted ssh to only my work and home ip, and imap failed log ins, I restricted port 143 too, but for smtp I can't restrict that with iptables. I added the line you suggested, this is my setting: smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining So does it seem the errors are coming from these bots and not my own internal mail (if possible to tell)? And I'm not seeing any delivery codes, like 250 etc from any of that cleers.dustypex.com connections, so maybe they aren't succeeding in actually sending the mail out? From the logs it looks like they are trying to relay but its not going out. On Tue, Jun 3, 2014 at 3:45 PM, Wietse Venema <wie...@porcupine.org> wrote: > Paul C: >> Jun 3 14:22:41 PHX1-1831 postfix/smtpd[2092]: warning: hostname >> cleers.dustypex.com does not resolve to address xx.xx.xx.xx: Temporary >> failure in name resolution >> Jun 3 14:22:41 PHX1-1831 postfix/smtpd[2092]: connect from >> unknown[xx.xx.xx.xx] > > The client IP address has no PTR record, or the PTR record name > does not resolve to the client IP address. Postfix therefore logs > the client as "unknown" instead of cleers.dustypex.com. > >> Jun 3 14:22:41 PHX1-1831 postfix/smtpd[2092]: improper command >> pipelining after EHLO from unknown[xx.xx.xx.xx]: HELO >> hostname.domain.net.net\r\n > > The client sends > > EHLO some-host-name<CR><LF>HELO hostname.domain.net.net<CR><LF> > > This violates SMTP, and Postfix logs this. You can block mail from > such clients by using reject_unauth_pipelining in smtpd_*_restrictions. > >> First is probably someone trying to relay to my server, the >> cleers.dustypex.com hostname is not one of mine, but the ip I X'd out >> is mine, so my guess is they try to connect on that ip and send mail, >> and postfix is stopping it? I've gotten maybe 1000 of them in the last >> 2-3 days. > > You have a bot on your network, and you need to clean up that > machine. Unless Postfix is configured to block this, it will > forward their mail. > > Wietse
