You can use fail2ban and enable postfix-sasl filter, then those IP will
be banned after few knocks.
Gao
On 2017-12-04 11:17 PM, Colony.three wrote:
Looks like it's doing what it's supposed to, but just checking...
Dec 5 06:58:26 quantumn postfix/smtpd[51554]: lost connection after
AUTH from unknown[110.83.135.178]
Dec 5 06:58:26 quantumn postfix/smtpd[51554]: disconnect from
unknown[110.83.135.178] ehlo=1 auth=0/1 commands=1/2
Dec 5 06:58:26 quantumn postfix/smtpd[51554]: warning: hostname
178.135.83.110.broad.nd.fj.dynamic.163data.com.cn does not resolve to
address 110.83.135.178: Name or service not known
Dec 5 06:58:26 quantumn postfix/smtpd[51554]: connect from
unknown[110.83.135.178]
Dec 5 06:58:27 quantumn postfix/smtpd[51554]: lost connection after
AUTH from unknown[110.83.135.178]
Dec 5 06:58:27 quantumn postfix/smtpd[51554]: disconnect from
unknown[110.83.135.178] ehlo=1 auth=0/1 commands=1/2
Dec 5 06:58:27 quantumn postfix/smtpd[51554]: warning: hostname
178.135.83.110.broad.nd.fj.dynamic.163data.com.cn does not resolve to
address 110.83.135.178: Name or service not known
Dec 5 06:58:27 quantumn postfix/smtpd[51554]: connect from
unknown[110.83.135.178]
Dec 5 06:58:28 quantumn postfix/smtpd[51554]: lost connection after
AUTH from unknown[110.83.135.178]
Dec 5 06:58:28 quantumn postfix/smtpd[51554]: disconnect from
unknown[110.83.135.178] ehlo=1 auth=0/1 commands=1/2
Dec 5 06:58:28 quantumn postfix/smtpd[51554]: warning: hostname
178.135.83.110.broad.nd.fj.dynamic.163data.com.cn does not resolve to
address 110.83.135.178: Name or service not known
Dec 5 06:58:28 quantumn postfix/smtpd[51554]: connect from
unknown[110.83.135.178]
Dec 5 06:58:28 quantumn postfix/smtpd[51554]: lost connection after
AUTH from unknown[110.83.135.178]
