On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
Fred Smith wrote:
On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
<MVNCH> > One thing I don't understand is how/why the firewall is DROPping so > many attempts on port 25 when it in fact has a port forward rule sending > port 25 on to my mailserver. How does it know, or why does it think that > some of them can be dropped at the outer barrier? > >> you, but thank you for taking a hundred thousand or so for all of us. > > Hey, its the least I can do for all the good guys out there! :) > But that doesn't mean the same dratsabs aren't hitting all the rest > of you too. > I'm sure they are. Are you running fail2ban?
Several years back I switched from sendmail to postfix. Not knowing what I was doing, I think I have it set to say it will forward email following SASL authentication. But as I had no intention of forwarding anything, I did not set up any authentication methods. So anyone who tries fails to authenticate.
With fail2ban in place I get 200-500 daily SASL "fail to authenticate" instances. In contrast, several months ago fail2ban either died or did not restart correctly. This went unnoticed for about a week. During that time I got 10000-32000 daily "failed to authenticate".
Jon