So many errors in postfix

SYSTEM INFORMATION
OS type and version rhel9
Webmin version 2.011
Virtualmin version 7.5
Related packages SUGGESTED

Postfix mail

Jan 21 14:08:14 projectok postfix/smtpd[44442]: connect from unknown[103.174.126.2]
Jan 21 14:08:17 projectok postfix/smtpd[38815]: connect from unknown[46.148.40.136]
Jan 21 14:08:21 projectok postfix/smtpd[44732]: connect from unknown[46.148.40.149]
Jan 21 14:08:23 projectok postfix/smtpd[38815]: warning: unknown[46.148.40.136]: SASL LOGIN authentication failed: authentication failure
Jan 21 14:08:23 projectok postfix/smtpd[38815]: lost connection after AUTH from unknown[46.148.40.136]
Jan 21 14:08:23 projectok postfix/smtpd[38815]: disconnect from unknown[46.148.40.136] ehlo=1 auth=0/1 rset=1 commands=2/3
Jan 21 14:08:26 projectok postfix/smtpd[40400]: connect from unknown[137.59.195.242]
Jan 21 14:08:26 projectok postfix/smtpd[40400]: SSL_accept error from unknown[137.59.195.242]: -1
Jan 21 14:08:26 projectok postfix/smtpd[40400]: warning: TLS library problem: error:0A000102:SSL routines::unsupported protocol:ssl/statem/statem_srvr.c:1657:
Jan 21 14:08:26 projectok postfix/smtpd[40400]: lost connection after CONNECT from unknown[137.59.195.242]
Jan 21 14:08:26 projectok postfix/smtpd[40400]: disconnect from unknown[137.59.195.242] commands=0/0
Jan 21 14:08:26 projectok postfix/smtpd[40400]: connect from unknown[137.59.195.242]
Jan 21 14:08:27 projectok postfix/smtpd[40400]: SSL_accept error from unknown[137.59.195.242]: -1
Jan 21 14:08:27 projectok postfix/smtpd[40400]: warning: TLS library problem: error:0A000102:SSL routines::unsupported protocol:ssl/statem/statem_srvr.c:1657:
Jan 21 14:08:27 projectok postfix/smtpd[40400]: lost connection after CONNECT from unknown[137.59.195.242]
Jan 21 14:08:27 projectok postfix/smtpd[40400]: disconnect from unknown[137.59.195.242] commands=0/0
Jan 21 14:08:27 projectok postfix/smtpd[38815]: warning: hostname fiber-190-55.online.com.kh does not resolve to address 124.248.190.55: Name or service not known
Jan 21 14:08:27 projectok postfix/smtpd[38815]: connect from unknown[124.248.190.55]
Jan 21 14:08:34 projectok postfix/smtpd[44732]: warning: unknown[46.148.40.149]: SASL LOGIN authentication failed: authentication failure
Jan 21 14:08:34 projectok postfix/smtpd[44732]: lost connection after AUTH from unknown[46.148.40.149]
Jan 21 14:08:34 projectok postfix/smtpd[44732]: disconnect from unknown[46.148.40.149] ehlo=1 auth=0/1 rset=1 commands=2/3

How to solve all these?

It is a clean install. Mails are working fine. dkim, postgrey spf, and all options in dns options are enable by me

You are under attack by kiddy amatuers. Not a lot you can do as the attacks will come from multiple IPs and repeats from the same IP won’t come often enough to trigger eg Fail2ban.

I am new to Postfix so can’t help, but on my Sendmail mail servers I use aggressive Real Time block lists to suppress this stuff as much as I can.

How do you know i am under attack? For knowledge.

My last ubuntu server compromised by cryptominig malware.

Things like “connect from unknown” means that the IP has no reverse lookup.
IPs from the same network eg 46.148.40.136 and 46.148.40.149.
Red flag - “warning: hostname fiber-190-55.online.com.kh does not resolve to address 124.248.190.55: Name or service not known”
All connections were unsuccessful so they might have been trying random login details.
All those failed attempts happened over only 20 seconds.

So yeah, an attack.

its pretty normal, I did a test build yesterday. Within 5 minutes I had SSH connections trying to connect with all sorts of usernames. I’m testing ConfigServer Security & Firewall and its beening running 24 hours.


160 bans so far, pretty impressed with it.

Steve

Welcome to the internet.

Abuse is rampant.

Fail2ban can block some of it.

Some of it is legitimate, however, and people just haven’t correctly configured their mail servers or DNS, so you probably wouldn’t want to block it all.

But, you’re never going to get rid of all of the noise. I recommend you learn a bit more about what it all means, so you’ll know what to ignore (until you need to track down a problem) and what is indicating a problem.