On 03.11.22 06:39, DL Neil wrote:
The daily pflogsumm report shows that (in recent days) 60~93% of
attempts to connect are rejected, and bounce-off Postfix's settings,
eg
450 4.7.1 <00nyBxbT>: Helo command rejected: Host not found;
proto=SMTP helo=<00nyBxbT> (total: 1)
1 115.213.249.159 (<>)
The EHLO string changes with each attempt, but the IP address may be
the same for dozens, hundreds, or thousands of these.
mostly bots. mailservers are supposed to introduce by FQDN and clients use
different port (465,587) where this check is not applied.
The server moves along quite calmly, without stressing either RAM or CPU.
Maybe: if it ain't broke, don't fix it?
I use this rule (or equivalents) for years and it's extremely rare to have
problem with it.
That said, is Postfix the best tool for this job, or should something
else (maybe like Fail2Ban) act as Bouncer, by pre-processing such
connections? Will welcome rationale(s)...
These help much too.
But as postfix said, postscreen is even better tool for catching bots.
I use both postscreen and other checks like these.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."
