On 30/09/16 11:26, Postfix User wrote: > Lately, I have been finding the following entries in the maillog: > > 13643:Sep 30 02:00:40 scorpio postfix/smtpd[83056]: warning: hostname > ip-address-pool-xxx.fpt.vn does not resolve to address 118.71.251.67: > hostname nor servname provided, or not known > 13822:Sep 30 02:00:40 scorpio postfix/smtpd[83056]: connect from > unknown[118.71.251.67] > 13904:Sep 30 02:00:41 scorpio postfix/smtpd[83056]: disconnect from > unknown[118.71.251.67] helo=1 auth=0/1 quit=1 commands=2/3
I notice that the last line of the log contains "auth=0/1" As I understand it, this indicates the remote is probing for username/password pairs. It may be a good idea to sweep the log for that pattern and add the offending IP address to some sort of local blacklist. What do others think? Allen C
