I'm coming back into Postfix after not really needing to dig into it much
the last few years and trying to
catch up to some of the changes. Last version I really used heavily was 2.x
something.
Using version 3.2.2 under FreeBSD 11.
I see a lot of these in the logs:
Apr 30 01:51:42 mail1 postfix/smtpd[32690]: too many errors after AUTH from
unknown[103.125.191.93]
Apr 30 01:51:42 mail1 postfix/smtpd[32690]: disconnect from
unknown[103.125.191.93] ehlo=1 auth=0/1 commands=1/2
There are a lot of this in the log as bots etc try to AUTH on port 25. Is
there a way to turn this off or at
least not have it scattered in the logs? 99.9% of these have no hostname
associated with the IP.
There are two machines acting as MX serving a legacy domain that is slowly
going away over time and at this point
has less than 600 active users. But between these two Postfix servers we
still see over 50k of messages a day, with
about a 30 percent spam block rate.
Thank you,
Keith
