Topic: connect from unknown[x.x.x.x]
I have a iredmail 0.7.3 Backround Mysql and work Debian Linux.
What does it mean this logs How can I block this IP's I dont want this and I use Fail2Ban
tail -f /var/log/mail.log
Sep 21 21:50:03 mail postfix/smtpd[3807]: connect from unknown[217.118.83.218]
Sep 21 21:50:03 mail postfix/smtpd[3807]: warning: Illegal address syntax from unknown[217.118.83.218] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:50:05 mail postfix/smtpd[3807]: warning: Illegal address syntax from unknown[217.118.83.218] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:50:06 mail postfix/smtpd[3807]: warning: Illegal address syntax from unknown[217.118.83.218] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:50:06 mail postfix/smtpd[3807]: disconnect from unknown[217.118.83.218]
Sep 21 21:53:26 mail postfix/anvil[3809]: statistics: max connection rate 1/60s for (smtp:217.118.83.218) at Sep 21 21:50:03
Sep 21 21:53:26 mail postfix/anvil[3809]: statistics: max connection count 1 for (smtp:217.118.83.218) at Sep 21 21:50:03
Sep 21 21:53:26 mail postfix/anvil[3809]: statistics: max cache size 1 at Sep 21 21:50:03
and
Sep 21 21:20:37 mail postfix/smtpd[3347]: connect from unknown[180.215.106.188]
Sep 21 21:20:38 mail postfix/smtpd[3347]: warning: Illegal address syntax from unknown[180.215.106.188] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:20:39 mail postfix/smtpd[3347]: warning: Illegal address syntax from unknown[180.215.106.188] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:20:41 mail postfix/smtpd[3347]: warning: Illegal address syntax from unknown[180.215.106.188] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:20:42 mail postfix/smtpd[3347]: disconnect from unknown[180.215.106.188]
and
Sep 21 21:02:04 mail postfix/anvil[27131]: statistics: max connection rate 1/60s for (smtp:67.135.235.227) at Sep 21 20:58:43
Sep 21 21:02:04 mail postfix/anvil[27131]: statistics: max connection count 1 for (smtp:67.135.235.227) at Sep 21 20:58:43
Sep 21 21:02:04 mail postfix/anvil[27131]: statistics: max cache size 1 at Sep 21 20:58:43
Sep 21 21:09:39 mail postfix/smtpd[27254]: connect from unknown[95.169.125.154]
Sep 21 21:09:39 mail postfix/smtpd[27254]: warning: Illegal address syntax from unknown[95.169.125.154] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:09:39 mail postfix/smtpd[27254]: warning: Illegal address syntax from unknown[95.169.125.154] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:09:40 mail postfix/smtpd[27254]: warning: Illegal address syntax from unknown[95.169.125.154] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:09:40 mail postfix/smtpd[27254]: disconnect from unknown[95.169.125.154]
Sep 21 21:13:00 mail postfix/anvil[27256]: statistics: max connection rate 1/60s for (smtp:95.169.125.154) at Sep 21 21:09:39
Sep 21 21:13:00 mail postfix/anvil[27256]: statistics: max connection count 1 for (smtp:95.169.125.154) at Sep 21 21:09:39
Sep 21 21:13:00 mail postfix/anvil[27256]: statistics: max cache size 1 at Sep 21 21:09:39
Sep 21 21:15:15 mail postfix/smtpd[27306]: connect from unknown[119.153.10.52]
Sep 21 21:15:16 mail postfix/smtpd[27306]: warning: Illegal address syntax from unknown[119.153.10.52] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:15:16 mail postfix/smtpd[27306]: warning: Illegal address syntax from unknown[119.153.10.52] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:15:17 mail postfix/smtpd[27306]: warning: Illegal address syntax from unknown[119.153.10.52] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:15:17 mail postfix/smtpd[27306]: disconnect from unknown[119.153.10.52]
Sep 21 21:16:22 mail postfix/master[2931]: terminating on signal 15
I added below command in /etc/postfix/main.cf and than restart postfix services
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
I reference this web page
http://www.cyberciti.biz/faq/postfix-li … mail-rate/
Changing Keep-Alive Settings
For testing purposes the best thing to do is to echo a setting the current setting. This will go away on restart. For example, if your connections were not as reliable as you needed, clients complained about dropped connections, then increase your Keep-Alive settings.
web page : http://postfixmail.com/blog/
echo 15 > /proc/sys/net/ipv4/tcp_keepalive_probes
If you were more interested in saving resources on the mail server, then decrease the time for Keep-Alive.
echo 6000 > /proc/sys/net/ipv4/tcp_keepalive_time
thank you for your help
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.