Hi All,
I've noticed recently that my home server gets bashed by email spammers. I'm successfully blocking their attempts by:
smtpd_client_restrictions = permit_sasl_authenticated,
permit_mynetworks, warn_if_reject
I'm also trying to limit the number of smtp connections by:
smtpd_client_connection_count_limit = 30
smtpd_client_connection_count_limit = 5
where anvil_time is set to 60 seconds.
However, netstat shows that I still get ~500 simultaneous smtp connections because they connect from *loads* of different machines at the same time.
A small snippet of the REJECTS from mail.log is listed below. As can be seen, lots of different IP addresses, albeit that they are all from dynamic.hinet.net.
Is there any way I can configure postfix to somehow block all connection requests from "*.dynamic.hinet.net"? Or any other suggestion that blocks these spammer dudes more efficiently, earlier on in the email processing chain?
My setup is a Linux server running postfix behind an adsl router, where smtp is forwarded from the router to the Linux server. I only have a handful of machines on the internet side of the router who need smtp access. Should I configure them (+router) to use a different port, say 8025? Or do email spammer scan all ports these days?
Any suggestions are appreciated!
Best,
Peter
********* mail.log ******
Jan 2 17:55:33 XXX postfix/smtpd[6579]: NOQUEUE: reject: RCPT from 114-45-61-81.dynamic.hinet.net[114.45.61.81]: 554 5.7.1 <csssss@yahoo.com.tw>: Relay access denied; from=<zaxzi@yahoo.com.hk> to=<csssss@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:33 XXX postfix/smtpd[6640]: NOQUEUE: reject: RCPT from 114-45-56-28.dynamic.hinet.net[114.45.56.28]: 554 5.7.1 <ajoe_911@yahoo.com.tw>: Relay access denied; from=<qxlsommoywv@pcome.com.tw> to=<ajoe_911@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:33 XXX postfix/smtpd[6557]: NOQUEUE: reject: RCPT from 114-45-60-222.dynamic.hinet.net[114.45.60.222]: 554 5.7.1 <yourk1218@yahoo.com.tw>: Relay access denied; from=<mvtxyonnq@yahoo.ca> to=<yourk1218@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6641]: NOQUEUE: reject: RCPT from 118-168-98-172.dynamic.hinet.net[118.168.98.172]: 554 5.7.1 <leaannc@yahoo.com.tw>: Relay access denied; from=<tibshzftgwnn@yahoo.no> to=<leaannc@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6595]: NOQUEUE: reject: RCPT from 118-168-98-172.dynamic.hinet.net[118.168.98.172]: 554 5.7.1 <panwe1226@yahoo.com.tw>: Relay access denied; from=<exoabzrzvxbicy@gmail.com> to=<panwe1226@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6619]: NOQUEUE: reject: RCPT from 114-45-61-186.dynamic.hinet.net[114.45.61.186]: 554 5.7.1 <chihuangg@yahoo.com.tw>: Relay access denied; from=<arnukzpmvahtd@yahoo.se> to=<chihuangg@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6594]: NOQUEUE: reject: RCPT from 118-168-97-196.dynamic.hinet.net[118.168.97.196]: 554 5.7.1 <fan.s.0909@yahoo.com.tw>: Relay access denied; from=<jpjhp@yahoo.de> to=<fan.s.0909@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6639]: NOQUEUE: reject: RCPT from 118-168-103-172.dynamic.hinet.net[118.168.103.172]: 554 5.7.1 <bork@yahoo.com.tw>: Relay access denied; from=<wloycfjlzzqttl@yahoo.dk> to=<bork@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6579]: NOQUEUE: reject: RCPT from 114-45-61-81.dynamic.hinet.net[114.45.61.81]: 554 5.7.1 <jackey419@yahoo.com.tw>: Relay access denied; from=<zaxzi@yahoo.com.hk> to=<jackey419@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
I've noticed recently that my home server gets bashed by email spammers. I'm successfully blocking their attempts by:
smtpd_client_restrictions = permit_sasl_authenticated,
permit_mynetworks, warn_if_reject
I'm also trying to limit the number of smtp connections by:
smtpd_client_connection_count_limit = 30
smtpd_client_connection_count_limit = 5
where anvil_time is set to 60 seconds.
However, netstat shows that I still get ~500 simultaneous smtp connections because they connect from *loads* of different machines at the same time.
A small snippet of the REJECTS from mail.log is listed below. As can be seen, lots of different IP addresses, albeit that they are all from dynamic.hinet.net.
Is there any way I can configure postfix to somehow block all connection requests from "*.dynamic.hinet.net"? Or any other suggestion that blocks these spammer dudes more efficiently, earlier on in the email processing chain?
My setup is a Linux server running postfix behind an adsl router, where smtp is forwarded from the router to the Linux server. I only have a handful of machines on the internet side of the router who need smtp access. Should I configure them (+router) to use a different port, say 8025? Or do email spammer scan all ports these days?
Any suggestions are appreciated!
Best,
Peter
********* mail.log ******
Jan 2 17:55:33 XXX postfix/smtpd[6579]: NOQUEUE: reject: RCPT from 114-45-61-81.dynamic.hinet.net[114.45.61.81]: 554 5.7.1 <csssss@yahoo.com.tw>: Relay access denied; from=<zaxzi@yahoo.com.hk> to=<csssss@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:33 XXX postfix/smtpd[6640]: NOQUEUE: reject: RCPT from 114-45-56-28.dynamic.hinet.net[114.45.56.28]: 554 5.7.1 <ajoe_911@yahoo.com.tw>: Relay access denied; from=<qxlsommoywv@pcome.com.tw> to=<ajoe_911@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:33 XXX postfix/smtpd[6557]: NOQUEUE: reject: RCPT from 114-45-60-222.dynamic.hinet.net[114.45.60.222]: 554 5.7.1 <yourk1218@yahoo.com.tw>: Relay access denied; from=<mvtxyonnq@yahoo.ca> to=<yourk1218@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6641]: NOQUEUE: reject: RCPT from 118-168-98-172.dynamic.hinet.net[118.168.98.172]: 554 5.7.1 <leaannc@yahoo.com.tw>: Relay access denied; from=<tibshzftgwnn@yahoo.no> to=<leaannc@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6595]: NOQUEUE: reject: RCPT from 118-168-98-172.dynamic.hinet.net[118.168.98.172]: 554 5.7.1 <panwe1226@yahoo.com.tw>: Relay access denied; from=<exoabzrzvxbicy@gmail.com> to=<panwe1226@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6619]: NOQUEUE: reject: RCPT from 114-45-61-186.dynamic.hinet.net[114.45.61.186]: 554 5.7.1 <chihuangg@yahoo.com.tw>: Relay access denied; from=<arnukzpmvahtd@yahoo.se> to=<chihuangg@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6594]: NOQUEUE: reject: RCPT from 118-168-97-196.dynamic.hinet.net[118.168.97.196]: 554 5.7.1 <fan.s.0909@yahoo.com.tw>: Relay access denied; from=<jpjhp@yahoo.de> to=<fan.s.0909@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6639]: NOQUEUE: reject: RCPT from 118-168-103-172.dynamic.hinet.net[118.168.103.172]: 554 5.7.1 <bork@yahoo.com.tw>: Relay access denied; from=<wloycfjlzzqttl@yahoo.dk> to=<bork@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>
Jan 2 17:55:34 XXX postfix/smtpd[6579]: NOQUEUE: reject: RCPT from 114-45-61-81.dynamic.hinet.net[114.45.61.81]: 554 5.7.1 <jackey419@yahoo.com.tw>: Relay access denied; from=<zaxzi@yahoo.com.hk> to=<jackey419@yahoo.com.tw> proto=SMTP helo=<94.0.91.117>