On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote: > Fred Smith wrote: > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote: > <MVNCH> > > One thing I don't understand is how/why the firewall is DROPping so > > many attempts on port 25 when it in fact has a port forward rule sending > > port 25 on to my mailserver. How does it know, or why does it think that > > some of them can be dropped at the outer barrier? > > > >> you, but thank you for taking a hundred thousand or so for all of us. > > > > Hey, its the least I can do for all the good guys out there! :) > > But that doesn't mean the same dratsabs aren't hitting all the rest > > of you too. > > > I'm sure they are. Are you running fail2ban? > Several years back I switched from sendmail to postfix. Not knowing what I was doing, I think I have it set to say it will forward email following SASL authentication. But as I had no intention of forwarding anything, I did not set up any authentication methods. So anyone who tries fails to authenticate. With fail2ban in place I get 200-500 daily SASL "fail to authenticate" instances. In contrast, several months ago fail2ban either died or did not restart correctly. This went unnoticed for about a week. During that time I got 10000-32000 daily "failed to authenticate". Jon -- Jon H. LaBadie jon at jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)