Um, perhaps you should utilize some sort of DNS blacklist, which is what my setup here does.
If not, then you might want to try relocating what you put into your /etc/hosts.allow file to your /etc/hosts.deny file. I would also recommend utilizing fail2ban -- http://theether.net/kb/100141 On Sunday, March 20, 2016 13:11 CDT, "@lbutlr" <[email protected]> wrote: > I have many thousands of these over the last seven days: > > Mar 20 10:45:27 mail postfix/smtpd[19480]: warning: unknown[185.103.253.246]: > SASL LOGIN authentication failed: UGFzc3dvcmQ6 > > They are all the exact same, including the UGF… portion. > > Mar 20 10:48:34 mail postfix/postscreen[75523]: CONNECT from > [185.103.253.246]:61153 to [65.121.55.45]:25 > Mar 20 10:48:34 mail postfix/postscreen[75523]: PASS OLD > [185.103.253.246]:61153 > Mar 20 10:48:34 mail postfix/smtpd[19790]: connect from > unknown[185.103.253.246] > Mar 20 10:48:36 mail postfix/smtpd[19683]: warning: unknown[185.103.253.246]: > SASL LOGIN authentication failed: UGFzc3dvcmQ6 > Mar 20 10:48:36 mail postfix/smtpd[19683]: lost connection after AUTH from > unknown[185.103.253.246] > Mar 20 10:48:36 mail postfix/smtpd[19683]: disconnect from > unknown[185.103.253.246] ehlo=1 auth=0/1 commands=1/2 > > I mean, nothing is getting in, but there are thousands of these, 2000 > yesterday, and today there are over 3400 so far, and it’s barely even noon. > The first day there were 700, and it’s just ramped up since then. > > /etc/hosts.allow: > ALL : 185.103.253.246 : DENY > > Has no effect. > > -- > 'You make us want what we can't have and what you give us is worth > nothing and what you take is everything and all there is left for us is > the cold hillside, and emptiness, and the laughter of the elves.' >
