Hi,
I often get a spate of lost connections from servers chancing to access
my email via SMTP AUTH (which I do not offer), and I usually ignore
them. I may get a session with up to 1,000+ connections usually from a
whole list of servers and none trying more than a dozen times.
Yesterday, however, I got 10,000+ lost connections from one IP address
(178.150.135.178) in a continuous assault lasting several hours. I limit
connections from the wan on port 25 to 1/s so I can only imagine the
number of attempts I might have got if I did not.
Is this just a mad bot or a DoS attack that failed cos of my connection
limit? Should I report it to my ISP or just ignore it like the others?
Also, I have been looking to set up Postscreen (now that I realise it is
not something that screens emails "after/post" arrival!) I put it off
while I hardened my server - did not want to change postfix at the same
time in case hardening all went wrong - but perhaps it is worth
configuring if only to stop my logs filling with Lost Connection reports?
Thanks in anticipation of any helpful comments,
Robert Sharp
