Since upgrading to Postfix, my system is seeing a lot of this
activity. My prior config was Sendmail 8 with Cyrus SASL which did
not. My guess from this log is that AUTH is taking place unencrypted,
which may be the cause?
My server advertises (EHLO):
250-PIPELINING
250-SIZE [ omitted ]
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME
While I'm digging through the config (being somewhat a postfix newbie),
might someone comment on how I can discourage this type of activity?
I'm trying to understand what the bots and script kiddies are seeing,
that wasn't there before, that is advertising capability to do this.
Thanks.
Jun 11 15:31:19 mail postfix/smtpd[26189]: connect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:19 mail postfix/smtpd[26189]: lost connection after AUTH from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:19 mail postfix/smtpd[26189]: disconnect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194] ehlo=1 auth=0/1
commands=1/2
Jun 11 15:31:19 mail postfix/smtpd[26189]: connect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:19 mail postfix/smtpd[26189]: lost connection after AUTH from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:19 mail postfix/smtpd[26189]: disconnect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194] ehlo=1 auth=0/1
commands=1/2
Jun 11 15:31:20 mail postfix/smtpd[26189]: connect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:22 mail postfix/smtpd[26189]: lost connection after AUTH from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:22 mail postfix/smtpd[26189]: disconnect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194] ehlo=1 auth=0/1
commands=1/2
Jun 11 15:31:24 mail postfix/smtpd[26198]: connect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:27 mail postfix/smtpd[26198]: lost connection after AUTH from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:27 mail postfix/smtpd[26198]: disconnect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194] ehlo=1 auth=0/1
commands=1/2
Jun 11 15:31:28 mail postfix/smtpd[26189]: connect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:30 mail postfix/smtpd[26189]: lost connection after AUTH from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:30 mail postfix/smtpd[26189]: disconnect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194] ehlo=1 auth=0/1
commands=1/2
Jun 11 15:31:31 mail postfix/smtpd[26198]: connect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
Jun 11 15:31:31 mail postfix/smtpd[26198]: warning: Connection rate limit
exceeded: 6 from static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194]
for service smtp
Jun 11 15:31:31 mail postfix/smtpd[26198]: disconnect from
static-71-250-232-194.nwrknj.east.verizon.net[71.250.232.194] ehlo=1 auth=0/1
commands=1/2
Jun 11 15:34:53 mail postfix/anvil[26191]: statistics: max connection rate
6/60s for (smtp:71.250.232.194) at Jun 11 15:31:31
Jun 11 15:34:53 mail postfix/anvil[26191]: statistics: max connection count 1
for (smtp:71.250.232.194) at Jun 11 15:31:19
