DL Neil skrev den 2022-11-02 18:39:
The daily pflogsumm report shows that (in recent days) 60~93% of attempts to connect are rejected, and bounce-off Postfix's settings, eg450 4.7.1 <00nyBxbT>: Helo command rejected: Host not found; proto=SMTP helo=<00nyBxbT> (total: 1) 1 115.213.249.159 (<>)
looks like a DSN ?, with a tempfailing helo, you should not reject or tempfail random helo, but hardfail if helo is your own helo outside of mynetworks, in inside of mynetworks you should not tempfail helos anyway
The EHLO string changes with each attempt, but the IP address may be the same for dozens, hundreds, or thousands of these.
only bots changes helo :)
The server moves along quite calmly, without stressing either RAM or CPU.
are dns working on this mta ?, you did not provide postconf, so its sparse guesing here
Maybe: if it ain't broke, don't fix it?
your choice ?
That said, is Postfix the best tool for this job, or should something else (maybe like Fail2Ban) act as Bouncer, by pre-processing such connections? Will welcome rationale(s)...
fail2ban why not keep it smtp ?, or even postscreen ? https://multirbl.valli.org/lookup/115.213.249.159.html 25 blocklisted, more proff needed ?
