Postfix-3.2-20160917 with FreeBSD-11.0 /64 bit
Lately, I have been finding the following entries in the maillog:
13643:Sep 30 02:00:40 scorpio postfix/smtpd[83056]: warning: hostname
ip-address-pool-xxx.fpt.vn does not resolve to address 118.71.251.67: hostname
nor servname provided, or not known
13822:Sep 30 02:00:40 scorpio postfix/smtpd[83056]: connect from
unknown[118.71.251.67]
13904:Sep 30 02:00:41 scorpio postfix/smtpd[83056]: disconnect from
unknown[118.71.251.67] helo=1 auth=0/1 quit=1 commands=2/3
While the IP, etcetera will change, the basic message is the same. I
thought I had postfix configured to block attempts like this. Obviously
not though. My config file is below. What am I missing?
~ $ postconf -nf
alias_maps = lmdb:/usr/local/etc/postfix/aliases
authorized_submit_users = !www, static:all
broken_sasl_auth_clients = yes
canonical_maps = lmdb:/usr/local/etc/postfix/canonical
command_directory = /usr/local/sbin
compatibility_level = 2
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
default_database_type = lmdb
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_long_queue_ids = yes
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/local/libexec/dovecot/dovecot-lda -f "$SENDER" -a
"$RECIPIENT"
mailbox_size_limit = 0
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 30000000
meta_directory = /usr/local/libexec/postfix
milter_default_action = accept
msa_tls_ciphers = medium
msa_tls_dh1024_param_file = /usr/local/etc/postfix/ssl/DHparams/dh2048.pem
msa_tls_exclude_ciphers = MD5, RC4, 3DES
msa_tls_protocols = !SSLv2, !SSLv3
mydestination =
mydomain = seibercom.net
myhostname = scorpio.seibercom.net
mynetworks = lmdb:/usr/local/etc/postfix/my-networks
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sender_dependent_relayhost_maps = lmdb:/usr/local/etc/postfix/sender_relay
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = lmdb:/usr/local/etc/postfix/sasl_passwd
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtp_tls_ciphers = medium
smtp_tls_exclude_ciphers = MD5, SRP, PSK, aDSS, kECDH, kDH, SEED, IDEA, RC2,
RC5, aNULL
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = RC4, MD5
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache
smtpd_milters = unix:/var/run/clamav/clmilter.sock
smtpd_reject_footer = For assistance, please provide the following information
in your problem report: time ($localtime), client ($client_address) and
server ($server_name).
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
permit_tls_clientcerts reject_unknown_client_hostname
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/postfix/certs/postfix-cert.pem
smtpd_tls_dh1024_param_file = /usr/local/etc/postfix/ssl/DHparams/dh2048.pem
smtpd_tls_dh512_param_file = /usr/local/etc/postfix/ssl/DHparams/dh512.pem
smtpd_tls_key_file = /usr/local/etc/postfix/certs/postfix-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = lmdb:/usr/local/etc/postfix/transport_maps
unknown_local_recipient_reject_code = 550
virtual_alias_maps = lmdb:/usr/local/etc/postfix/virtual_alias
virtual_gid_maps = static:1002
virtual_mailbox_base = /var/mail/vmail/
virtual_mailbox_domains = seibercom.net stemnc.org
virtual_mailbox_maps = lmdb:/usr/local/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:1002
