The are after username/passwords. And when that happend they will user your server als relay. Happend on one of my servers also.
One of my users used his email and pass in facebook and linkedin. And the same as on the server.. :-/ About 60.000 mails where tried to send over my server. What i did was, i limited the use of sasl auth with my firewall to only from within my country with xtables geo block. Port 25 does not allow sasl, only 587 is allow and that port is limited to my country. And i told my user to never use the same username/pass of the server on any other place. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: thomas.keller8...@gmail.com [mailto:owner-postfix-us...@postfix.org] > Namens Thomas Keller > Verzonden: vrijdag 24 juni 2016 9:50 > Aan: Postfix users > Onderwerp: thousands of "lost connection after AUTH" > > This is not a real problem, but I am curious to understand what is > happening here. > > I am running a small postfix server for personal use. One thing that I > observe over and over again is thousands of "lost connection after AUTH" > connections, such as these: > > 08:23:19 postfix/smtpd[4925]: connect from unknown [155.133.38.30] > 08:23:19 postfix/smtpd[4925]: lost connection after AUTH from unknown > [155.133.38.30] > 08:23:19 postfix/smtpd[4925]: disconnect from unknown [155.133.38.30] > > now, these are not causing much trouble for me (other than flooding my > logs), and I know I can tweak the anvil rate limits (I am using these > below and since these "lost connection after auth" happen every 1 - 2 > minutes, they are not caught by my anvil filter.): > > anvil_rate_time_unit = 60s > smtpd_client_connection_rate_limit = 10 > smtpd_client_message_rate_limit = 10 > smtpd_client_new_tls_session_rate_limit = 10 > > I am curious to know, who are these agents connecting to my server, and > what are they trying to achieve ? > > AFAICT, they don't even attempt to send spam, or use me as relay. What > do they want? >
