On 30 Apr 2020, at 10:52, Keith <kwo...@citywest.ca> wrote:
Have enabled postscreen as per docs, one thing as this machine does not have TLS or any type of auth enabled, so I did not enable tlsproxy in master.cf. Doesn't seem to have affected things and I had to manually null a .eu IP that would not stop auth after the reload. So far looks ok and have not seen any AUTH attempts since then, or at least for the last hour. > Using version 3.2.2 under FreeBSD 11. >The current version of 3.2 is 3.2.12, so update at least to that. Will look at that in the next few days. > There are a lot of this in the log as bots etc try to AUTH on port 25. Is > there a way to turn this off or at least not have it scattered in the logs? >99.9% of these have no hostname associated with the IP. >Two things you should do >1) Stop allowing auth connections on port 25 at all This is controlled via master.cf using -o options under smtp? >2) use postscreen >Also, when you saw there are a lot of these attempts, how many are we talking >about? >Is it preventing legitimate access and making the server load so high you are >losing mail, or is >this just a reaction to looking at the logs? Yesterday's log file counted 1500+. Server load is negligible and has lots of room and mostly a knee jerk to seeing a crap to in logs scrolling by. Sometimes for a few mins that’s all I see. One last, is pflogsumm still a valid tool for log stats? Thanks very much for the pointers. So far this appears to have cleaned things up. Keith
