Hi, this is probably not the correct forum for this as it’s a postfix/dovecot issue, but I’m getting many similar entries in the mail.log. They are of the format:
Dec 2 11:22:11 oak postfix/smtpd: warning: hostname 84-241-1-21.shatel.ir does not resolve to address 220.127.116.11: Name or service not known
Dec 2 11:22:11 oak postfix/smtpd: connect from unknown[18.104.22.168]
Dec 2 11:22:13 oak postfix/smtpd: disconnect from unknown[22.214.171.124] helo=1 auth=0/1 quit=1 commands=2/3
What is going on here? Are people testing for open relays or trying to gain information? They are never ending
Yeah, probably. I see all kinds of things like this. My favorite is the ones scanning for PHPmyAdmin pages. It puts out like 2 dozen HEAD requests for different variations of it. Just part of having a machine on the internet, and a good reminder to make sure to secure it even if you thin nobody else knows. Scanners are everywhere!
I’m not really sure how this is Let’s Encrypt related, though.
Many mail providers block sending MX servers with bad reverse DNS. You can accomplish this with postfix by setting
If you are seeing repeated unauthorized access attempts from a particular IP address, you can use software like fail2ban to block them after a number of unsuccessful attempts.
Thanks for that (reject_unknown_client_hostname) - much appreciated - killed almost all entries in the log - only my details in the log now.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.