On 2022-11-02 at 13:39:44 UTC-0400 (Thu, 3 Nov 2022 06:39:44 +1300)
DL Neil <Postfix@Rangi.Cloud>
is rumored to have said:
The daily pflogsumm report shows that (in recent days) 60~93% of
attempts to connect are rejected, and bounce-off Postfix's settings,
eg
450 4.7.1 <00nyBxbT>: Helo command rejected: Host not found;
proto=SMTP helo=<00nyBxbT> (total: 1)
1 115.213.249.159 (<>)
The EHLO string changes with each attempt, but the IP address may be
the same for dozens, hundreds, or thousands of these.
The server moves along quite calmly, without stressing either RAM or
CPU.
Maybe: if it ain't broke, don't fix it?
Generally, yes.
That said, is Postfix the best tool for this job, or should something
else (maybe like Fail2Ban) act as Bouncer, by pre-processing such
connections? Will welcome rationale(s)...
If you don't have postscreen configured, that would be the best first
step. Don't enable any of the "AFTER 220 GREETING TESTS" unless you
fully understand the cost of doing. Most bots that behave as you
describe also send the EHLO without waiting for the greeting, which
postscreen catches.
If those connections are already satisfying postscreen and you can't
bear the log noise, Fail2Ban would be the tool to use, but if they
aren't causing resource problems, why bother?
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
