I should have mentioned the mail system is on a VPS and I'm the only user. And yes, trouble makers are on the Internet.
What lead me to this was I did bzgrep "max auth" and noticed both smtp and submission was found. (max auth as in checking anvil rate limiting). Since I'm the only person that should (we hope) have valid usernames and passwords, blocking the port from the internet trouble makers make sense if there is no legitimate reason for others to use the port. My blocking list of trouble makers is self generated, so I won't be on it. I do think servers hammering 587 is odd, but I noticed I get about two a day. And these are just when rate limiting come in. I suppose they could be misconfigured servers. Original Message From: b...@bitrate.net Sent: Sunday, November 27, 2016 5:15 PM To: Postfix users Subject: Re: Port 587 users question On Nov 27, 2016, at 16.15, li...@lazygranch.com wrote: > > I hate to bug the list for what is probably a dumb question, but is there any > situation where an unauthorized user needs to connect to port 587? I'm > wondering if there is some oddball "edge" case. well, i suppose it would depend upon what your definition of "unauthorized" actually is, but making some assumptions, the short answer is likely no. since you refer below to blocking troublemakers, presumably we're talking about the internet, rather than an internal or such network where there might be the occasional device which cannot perform smtp auth, encryption, etc., and for which an exception might be necessary [for those edge cases, i use check_client_access and a cidr map]. > My thought is to use my ipfw table of known trouble makers to block 587. honestly, i'm not sure i'd bother. it may be fine, but it's also one more thing to include risk for a false positive.
