Hi guys
I am having two email spoofing problems that I will discuss in separate post. The first one is my server has in the last few days started to receive thousands of email spoofs like the ones below. I having fail2ban installed and the IP addresses are being banned for a period of time however every time one is banned another takes its place. I would normally see 0 to 15 bans a day and at the present time I am seeing several thousand.
Can anyone suggest any additional measures I could take to stop/reduce the amount of this type of hacking?
May 31 10:34:26 myserver postfix/smtpd[25959]: connect from unknown[213.174.104.41]
May 31 10:34:27 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[213.174.104.41]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=<[213.174.104.41]>
May 31 10:34:27 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[213.174.104.41]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=<[213.174.104.41]>
May 31 10:34:27 myserver postfix/smtpd[25959]: disconnect from unknown[213.174.104.41]
May 31 10:35:24 myserver postfix/smtpd[25959]: warning: hostname Dynamic-IP-186146250207.cable.net.co does not resolve to address 186.146.250.207: Name or service not known
May 31 10:35:24 myserver postfix/smtpd[25959]: connect from unknown[186.146.250.207]
May 31 10:35:25 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[186.146.250.207]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:35:25 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[186.146.250.207]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:35:26 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[186.146.250.207]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:35:27 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[186.146.250.207]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:35:27 myserver postfix/smtpd[25959]: disconnect from unknown[186.146.250.207]
May 31 10:36:21 myserver postfix/smtpd[25540]: timeout after RSET from unknown[190.14.32.33]
May 31 10:36:21 myserver postfix/smtpd[25540]: disconnect from unknown[190.14.32.33]
May 31 10:36:27 myserver postfix/smtpd[25959]: warning: hostname adsl-201-190-117-19.une.net.co does not resolve to address 201.190.117.19: Name or service not known
May 31 10:36:27 myserver postfix/smtpd[25959]: connect from unknown[201.190.117.19]
May 31 10:36:28 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[201.190.117.19]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=<201-190-117-19.une.net.co>
May 31 10:36:28 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[201.190.117.19]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=<201-190-117-19.une.net.co>
May 31 10:36:28 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[201.190.117.19]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=<201-190-117-19.une.net.co>
May 31 10:36:28 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[201.190.117.19]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=<201-190-117-19.une.net.co>
May 31 10:36:28 myserver postfix/smtpd[25959]: NOQUEUE: reject: RCPT from unknown[201.190.117.19]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=<201-190-117-19.une.net.co>
May 31 10:36:29 myserver postfix/smtpd[25959]: disconnect from unknown[201.190.117.19]
May 31 10:42:49 myserver postfix/smtpd[26196]: connect from pc-96-16-47-190.cm.vtr.net[190.47.16.96]
May 31 10:42:49 myserver postfix/smtpd[26196]: NOQUEUE: reject: RCPT from pc-96-16-47-190.cm.vtr.net[190.47.16.96]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:42:49 myserver postfix/smtpd[26196]: NOQUEUE: reject: RCPT from pc-96-16-47-190.cm.vtr.net[190.47.16.96]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:42:49 myserver postfix/smtpd[26196]: NOQUEUE: reject: RCPT from pc-96-16-47-190.cm.vtr.net[190.47.16.96]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:42:49 myserver postfix/smtpd[26196]: NOQUEUE: reject: RCPT from pc-96-16-47-190.cm.vtr.net[190.47.16.96]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:42:49 myserver postfix/smtpd[26196]: NOQUEUE: reject: RCPT from pc-96-16-47-190.cm.vtr.net[190.47.16.96]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:42:50 myserver postfix/smtpd[26196]: disconnect from pc-96-16-47-190.cm.vtr.net[190.47.16.96]
May 31 10:43:54 myserver postfix/smtpd[26196]: connect from pc-71-99-164-190.cm.vtr.net[190.164.99.71]
May 31 10:43:55 myserver postfix/smtpd[26196]: NOQUEUE: reject: RCPT from pc-71-99-164-190.cm.vtr.net[190.164.99.71]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:43:55 myserver postfix/smtpd[26196]: NOQUEUE: reject: RCPT from pc-71-99-164-190.cm.vtr.net[190.164.99.71]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:43:55 myserver postfix/smtpd[26196]: NOQUEUE: reject: RCPT from pc-71-99-164-190.cm.vtr.net[190.164.99.71]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo=
May 31 10:43:55 myserver postfix/smtpd[26196]: disconnect from pc-71-99-164-190.cm.vtr.net[190.164.99.71]