iT邦幫忙

0

mail server 的maillog疑問

架好mail server發現我的maillog裡常常都有類似這樣的訊息,架完後寄收信都沒問題就沒特別開server看,偶然有空打開來看到這些,請問這意思是我的server有被其他人連進來嗎,還是只是告訴我有人嘗試連線,如果是被連進來,那我該怎麼防止別人的連進來?

Jan 18 13:11:51 localhost postfix/smtpd[30194]: connect from ogrenciislerim.com[188.166.38.216]
Jan 18 13:11:56 localhost postfix/smtpd[30194]: warning: ogrenciislerim.com[188.166.38.216]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jan 18 13:11:56 localhost postfix/smtpd[30194]: lost connection after AUTH from ogrenciislerim.com[188.166.38.216]
Jan 18 13:11:56 localhost postfix/smtpd[30194]: disconnect from ogrenciislerim.com[188.166.38.216]
Jan 18 13:15:16 localhost postfix/anvil[30196]: statistics: max connection rate 1/60s for (smtp:188.166.38.216) at Jan 18 13:11:51
Jan 18 13:15:16 localhost postfix/anvil[30196]: statistics: max connection count 1 for (smtp:188.166.38.216) at Jan 18 13:11:51
Jan 18 13:15:16 localhost postfix/anvil[30196]: statistics: max cache size 1 at Jan 18 13:11:51
Jan 18 14:47:16 localhost postfix/smtpd[31226]: connect from server.maroli1.nl[178.18.141.187]
Jan 18 14:47:21 localhost postfix/smtpd[31226]: warning: server.maroli1.nl[178.18.141.187]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jan 18 14:47:21 localhost postfix/smtpd[31226]: lost connection after AUTH from server.maroli1.nl[178.18.141.187]
Jan 18 14:47:21 localhost postfix/smtpd[31226]: disconnect from server.maroli1.nl[178.18.141.187]
Jan 18 14:50:41 localhost postfix/anvil[31228]: statistics: max connection rate 1/60s for (smtp:178.18.141.187) at Jan 18 14:47:16
Jan 18 14:50:41 localhost postfix/anvil[31228]: statistics: max connection count 1 for (smtp:178.18.141.187) at Jan 18 14:47:16
Jan 18 14:50:41 localhost postfix/anvil[31228]: statistics: max cache size 1 at Jan 18 14:47:16
vc0528 iT邦新手 5 級 ‧ 2019-01-19 11:29:50 檢舉
https://footmark.info/linux/centos/centos7-fail2ban/
加個fail2ban吧
Internet inbound SMTP server 一定會遇到這種問題.
wayneup4 iT邦新手 5 級 ‧ 2019-01-21 10:22:00 檢舉
謝謝回復,我試試看

1 個回答

0
echochio
iT邦研究生 4 級 ‧ 2019-01-19 21:08:25

開門做生意都這樣的 ...
網路上有很多機器人掃port 看能不能當跳板 ...
方式是裝 fail2ban 或用 iptables
之前回答過

https://ithelp.ithome.com.tw/questions/10191917

wayneup4 iT邦新手 5 級 ‧ 2019-01-21 10:01:46 檢舉

我是用CentOS 7建的server,已經有firewalld,我試試看fail2ban+firewalld好了,感謝

我要發表回答

立即登入回答