Re: How to read maillog

Wed, 30 Jul 2008 00:30:40 -0700 


On Jul 29, 2008, at 10:56 PM, MrC wrote:


Velvet Pixel wrote:


I think I understand what anvil is now.

So to be clear, all listings in postfix/anvil are clients trying to
connect to use my system to send and has nothing to do with messages
received (such as spam) by my system or is it both?



Right, clients connecting to your system.  See log lines such as:

... postfix/smtpd[26704]: connect from example.com[10.0.0.1]




Whoa that's a lot of unauthorized people trying to connect!
Is it normal to have tons of unauthorized connect attempts in this wonderful world of spammers looking for a hole? I have hundreds of groupings like this which add up to thousands of attempts per day:
Jul 29 10:42:05 vps postfix/smtpd[28365]: warning: 91.196.61.254: hostname vpn-91.196.61.254.uch.net verification failed: Name or service not known Jul 29 10:42:05 vps postfix/smtpd[28365]: connect from unknown[91.196.61.254] Jul 29 10:42:07 vps postfix/smtpd[28365]: 011185A087AC: client=unknown[91.196.61.254] Jul 29 10:42:09 vps postfix/smtpd[28365]: disconnect from unknown[91.196.61.254] Jul 29 10:42:12 vps postfix/smtpd[28365]: warning: 189.7.164.159: hostname bd07a49f.virtua.com.br verification failed: Name or service not known Jul 29 10:42:12 vps postfix/smtpd[28365]: connect from unknown[189.7.164.159] Jul 29 10:42:13 vps postfix/smtpd[28365]: 4B7D75A0866F: client=unknown[189.7.164.159] Jul 29 10:42:14 vps postfix/smtpd[28365]: disconnect from unknown[189.7.164.159] Jul 29 10:42:44 vps postfix/smtpd[28365]: connect from unknown[222.212.103.114] Jul 29 10:42:44 vps postfix/smtpd[28365]: lost connection after CONNECT from unknown[222.212.103.114] Jul 29 10:42:44 vps postfix/smtpd[28365]: disconnect from unknown[222.212.103.114] Jul 29 10:43:34 vps postfix/smtpd[28365]: connect from unknown[81.222.204.179] Jul 29 10:43:34 vps postfix/smtpd[28365]: 8CB5A5A0866F: client=unknown[81.222.204.179] Jul 29 10:43:36 vps postfix/smtpd[28365]: disconnect from unknown[81.222.204.179] Jul 29 10:43:49 vps postfix/smtpd[28365]: connect from 82.213.191.32.dyn.user.ono.com[82.213.191.32] Jul 29 10:43:58 vps postfix/smtpd[28365]: 726805A0866F: client=82.213.191.32.dyn.user.ono.com[82.213.191.32] Jul 29 10:44:01 vps postfix/smtpd[28365]: disconnect from 82.213.191.32.dyn.user.ono.com[82.213.191.32] Jul 29 10:44:53 vps postfix/smtpd[28365]: connect from 82.213.191.32.dyn.user.ono.com[82.213.191.32] Jul 29 10:44:55 vps postfix/smtpd[28365]: E78495A0866F: client=82.213.191.32.dyn.user.ono.com[82.213.191.32] 

Should I just ignore these or is there something I can do to block them?

Cameron

Reply via email to