Hi, this is probably not the correct forum for this as it’s a postfix/dovecot issue, but I’m getting many similar entries in the mail.log. They are of the format:
Dec 2 11:22:11 oak postfix/smtpd[12314]: warning: hostname 84-241-1-21.shatel.ir does not resolve to address 84.241.1.21: Name or service not known
Dec 2 11:22:11 oak postfix/smtpd[12314]: connect from unknown[84.241.1.21]
Dec 2 11:22:13 oak postfix/smtpd[12314]: disconnect from unknown[84.241.1.21] helo=1 auth=0/1 quit=1 commands=2/3
What is going on here? Are people testing for open relays or trying to gain information? They are never ending
Yeah, probably. I see all kinds of things like this. My favorite is the ones scanning for PHPmyAdmin pages. It puts out like 2 dozen HEAD requests for different variations of it. Just part of having a machine on the internet, and a good reminder to make sure to secure it even if you thin nobody else knows. Scanners are everywhere!
I’m not really sure how this is Let’s Encrypt related, though.
Many mail providers block sending MX servers with bad reverse DNS. You can accomplish this with postfix by setting reject_unknown_client_hostname.
If you are seeing repeated unauthorized access attempts from a particular IP address, you can use software like fail2ban to block them after a number of unsuccessful attempts.