架好mail server發現我的maillog裡常常都有類似這樣的訊息,架完後寄收信都沒問題就沒特別開server看,偶然有空打開來看到這些,請問這意思是我的server有被其他人連進來嗎,還是只是告訴我有人嘗試連線,如果是被連進來,那我該怎麼防止別人的連進來?
Jan 18 13:11:51 localhost postfix/smtpd[30194]: connect from ogrenciislerim.com[188.166.38.216]
Jan 18 13:11:56 localhost postfix/smtpd[30194]: warning: ogrenciislerim.com[188.166.38.216]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jan 18 13:11:56 localhost postfix/smtpd[30194]: lost connection after AUTH from ogrenciislerim.com[188.166.38.216]
Jan 18 13:11:56 localhost postfix/smtpd[30194]: disconnect from ogrenciislerim.com[188.166.38.216]
Jan 18 13:15:16 localhost postfix/anvil[30196]: statistics: max connection rate 1/60s for (smtp:188.166.38.216) at Jan 18 13:11:51
Jan 18 13:15:16 localhost postfix/anvil[30196]: statistics: max connection count 1 for (smtp:188.166.38.216) at Jan 18 13:11:51
Jan 18 13:15:16 localhost postfix/anvil[30196]: statistics: max cache size 1 at Jan 18 13:11:51
Jan 18 14:47:16 localhost postfix/smtpd[31226]: connect from server.maroli1.nl[178.18.141.187]
Jan 18 14:47:21 localhost postfix/smtpd[31226]: warning: server.maroli1.nl[178.18.141.187]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jan 18 14:47:21 localhost postfix/smtpd[31226]: lost connection after AUTH from server.maroli1.nl[178.18.141.187]
Jan 18 14:47:21 localhost postfix/smtpd[31226]: disconnect from server.maroli1.nl[178.18.141.187]
Jan 18 14:50:41 localhost postfix/anvil[31228]: statistics: max connection rate 1/60s for (smtp:178.18.141.187) at Jan 18 14:47:16
Jan 18 14:50:41 localhost postfix/anvil[31228]: statistics: max connection count 1 for (smtp:178.18.141.187) at Jan 18 14:47:16
Jan 18 14:50:41 localhost postfix/anvil[31228]: statistics: max cache size 1 at Jan 18 14:47:16
已邀請的邦友 {{ invite_list.length }}/5
開門做生意都這樣的 ...
網路上有很多機器人掃port 看能不能當跳板 ...
方式是裝 fail2ban 或用 iptables
之前回答過
iThome鐵人賽
看影片追技術