This afternoon, over the course of about 4 hours, I’ve logged 741 connections like this.
Mar 8 15:05:46 zeus postfix/smtpd[92324]: connect from unknown[185.130.5.90] Mar 8 15:07:30 zeus postfix/smtpd[92616]: connect from unknown[131.161.138.190] Mar 8 15:07:39 zeus postfix/smtpd[92324]: connect from unknown[113.160.205.81] Mar 8 15:07:45 zeus postfix/smtpd[92616]: connect from unknown[181.142.12.223] Mar 8 15:08:00 zeus postfix/smtpd[92324]: connect from unknown[181.168.4.42] Mar 8 15:08:00 zeus postfix/smtpd[93053]: connect from unknown[116.105.182.54] of course they have all been refused. On checking with awk/grep etc, it comes down to 78 unique IP addresses. I don’t have IPv6 here, so that makes it easier. The mail.log file is continuously scrolling so it is putting some load on the system and the connection. So, is the best way of dealing with this list of numbers, and I can extract - and have extracted - just the ip numbers. I can put them in a postfix blacklist. And possible write a script to update the list on a daily basis as more are added. If they are in such a list, they still “get to the system” though yes? I can put them the system (firewall) blacklist (pf.conf), And possible write a script to update the list on a daily basis as more are added. If they are in that list, they are blocked at the gate as it were. Is it even worth worrying about them - the numbers so far aren’t huge… and each connection is dropped after a few processes. Robert
