[CentOS] [OT] odd network question

Fri Aug 2 18:43:30 UTC 2019
Fred Smith <fredex at fcshome.stoneham.ma.us>

On Fri, Aug 02, 2019 at 02:38:05PM -0400, Jon LaBadie wrote:
> On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
> > Fred Smith wrote:
> > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
> > <MVNCH>
> > > One thing I don't understand is how/why the firewall is DROPping so
> > > many attempts on port 25 when it in fact has a port forward rule sending
> > > port 25 on to my mailserver. How does it know, or why does it think that
> > > some of them can be dropped at the outer barrier?
> > >
> > >> you, but thank you for taking a hundred thousand or so for all of us.
> > >
> > > Hey, its the least I can do for all the good guys out there! :)
> > > But that doesn't mean the same dratsabs aren't hitting all the rest
> > > of you too.
> > >
> > I'm sure they are. Are you running fail2ban?
> > 
> Several years back I switched from sendmail to postfix.
> Not knowing what I was doing, I think I have it set to
> say it will forward email following SASL authentication.
> But as I had no intention of forwarding anything, I did
> not set up any authentication methods.  So anyone who
> tries fails to authenticate.
> 
> With fail2ban in place I get 200-500 daily SASL "fail to
> authenticate" instances.  In contrast, several months ago
> fail2ban either died or did not restart correctly.  This
> went unnoticed for about a week.  During that time I got
> 10000-32000 daily "failed to authenticate".

I'm not using fail2ban, and am using sendmail (why? because
I've spent years slowly accumulating options in my .mc file that
kill off unwanted connections and other hate-the-spammer options.).
I'm not getting such emails but most of the entries in /var/log/mail
are due to such events. every now and then a legitimate email can
be seen passing through.

Oh, I also am now using (as of 2-3 years ago) milter-greylist, which
made an enormous contribution to preventing spam emails.

Fred

-- 
---- Fred Smith -- fredex at fcshome.stoneham.ma.us -----------------------------
   "For the word of God is living and active. Sharper than any double-edged 
   sword, it penetrates even to dividing soul and spirit, joints and marrow; 
              it judges the thoughts and attitudes of the heart."  
---------------------------- Hebrews 4:12 (niv) ------------------------------