what can i do about the following, its hitting my both my mail servers repeatedly through each day
May 22 15:30:29 server1 postfix/smtpd: too many errors after AUTH from unknown[126.96.36.199]
May 22 15:30:29 server1 postfix/smtpd: disconnect from unknown[188.8.131.52] ehlo=1 auth=0/1 rset=1 commands=2/3
the last number in ipaddress regularly changes ie 7, 13,14,15 etc
fail2ban is catching it but is there another way to prevent it even hitting my server?
what is the easiest way to block this?
I blocked that one a long time ago. They obviously have a bot farm that hits web hosts if you’re seeing rubbish from them, too.
Add something like this to your firewall config.
/sbin/iptables -A INPUT -s 184.108.40.206/24 -j DROP
thanks for that…a quick clarification, I use virtualmins built in firewalld.
what/where do I add in virtualmin to drop this ipaddress?
I am assuming that I do it in virtualmin>network> firewalld.
do I need to select the “drop” zone or do I just add a rule in “public”?
how do I add the rule exactly?
Ah, sorry, I don’t use firewalld. The basic idea is to block the subnet (220.127.116.11/24). A firewalld user may be able to help with the steps.
If you’re so inclined, doing a whois on the ip address often reveals an email address to which you can report abuse. I find it less stressful to simply block them and move on, but I don’t run my hosting for profit and don’t agonise about whether a tiny fraction of the internet can reach my sites.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.