How to limit max trying helo or ehlo times to mail server?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

How to limit max trying helo or ehlo times to mail server?

vod vos
Hi guys,

When I reviewed the mail.log, it showed a IP was trying to test if relay was open or not. However, the times were too many.

  • What is the max limited times of postfix defaultly defined?

  • And how to modify it or how to set helo/ehlo restriction?

Thanks.

Here is the log:

Oct 19 22:21:34 mail postfix/smtpd[1796]: connect from unknown[61.145.214.178]


Oct 19 22:21:39 mail postfix/verify[1801]: cache btree:/var/lib/postfix/verify_cache full cleanup: retained=14 dropped=0 entries


Oct 19 22:21:39 mail postfix/cleanup[1802]: 90B463E999: mailage-id=<[hidden email]>


Oct 19 22:21:39 mail postfix/qmgr[1610]: 90B463E999: from=<[hidden email]>, size=266, nrcpt=1 (queue active)


Oct 19 22:21:39 mail postfix/local[1803]: 90B463E999: to=<[hidden email]>, relay=local, delay=0.01, delays=0/0.01/0/0, dsn=5.1.1, status=undeliverable (unknown user: "quae")


Oct 19 22:21:39 mail postfix/qmgr[1610]: 90B463E999: removed


Oct 19 22:21:42 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>


Oct 19 22:21:42 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>


Oct 19 22:21:43 mail postfix/cleanup[1802]: 2D0153E999: mailage-id=<[hidden email]>


Oct 19 22:21:43 mail postfix/qmgr[1610]: 2D0153E999: from=<[hidden email]>, size=266, nrcpt=1 (queue active)


Oct 19 22:21:43 mail postfix/local[1803]: 2D0153E999: to=<[hidden email]>, relay=local, delay=0, delays=0/0/0/0, dsn=5.1.1, status=undeliverable (unknown user: "wbgkp")


Oct 19 22:21:43 mail postfix/qmgr[1610]: 2D0153E999: removed


Oct 19 22:21:46 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>


Oct 19 22:21:46 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>


Oct 19 22:21:54 mail postfix/cleanup[1802]: 8F3E03E999: mailage-id=<[hidden email]>


Oct 19 22:21:54 mail postfix/qmgr[1610]: 8F3E03E999: from=<[hidden email]>, size=266, nrcpt=1 (queue active)


Oct 19 22:21:54 mail postfix/local[1803]: 8F3E03E999: to=<[hidden email]>, relay=local, delay=0, delays=0/0/0/0, dsn=5.1.1, status=undeliverable (unknown user: "gkq")


Oct 19 22:21:54 mail postfix/qmgr[1610]: 8F3E03E999: removed


Oct 19 22:21:57 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>


Oct 19 22:22:04 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>


Oct 19 22:22:05 mail postfix/smtpd[1796]: improper command pipelining after DATA from unknown[61.145.214.178]:


Oct 19 22:22:08 mail postfix/cleanup[1802]: 8E51D3E999: mailage-id=<[hidden email]>


Oct 19 22:22:08 mail postfix/qmgr[1610]: 8E51D3E999: from=<[hidden email]>, size=266, nrcpt=1 (queue active)


Oct 19 22:22:08 mail postfix/local[1803]: 8E51D3E999: to=<[hidden email]>, relay=local, delay=0, delays=0/0/0/0, dsn=5.1.1, status=undeliverable (unknown user: "xgnsa")


Oct 19 22:22:08 mail postfix/qmgr[1610]: 8E51D3E999: removed


Oct 19 22:22:11 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>


Oct 19 22:22:15 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>


Oct 19 22:22:19 mail postfix/cleanup[1802]: 8F8A13E999: mailage-id=<[hidden email]>


Oct 19 22:22:19 mail postfix/qmgr[1610]: 8F8A13E999: from=<[hidden email]>, size=266, nrcpt=1 (queue active)


Oct 19 22:22:19 mail postfix/local[1803]: 8F8A13E999: to=<[hidden email]>, relay=local, delay=0, delays=0/0/0/0, dsn=5.1.1, status=undeliverable (unknown user: "vbfjo")


Oct 19 22:22:19 mail postfix/qmgr[1610]: 8F8A13E999: removed


Oct 19 22:22:22 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>


Oct 19 22:22:26 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>


Oct 19 22:22:29 mail postfix/smtpd[1796]: too many errors after DATA from unknown[61.145.214.178]


Oct 19 22:22:29 mail postfix/smtpd[1796]: disconnect from unknown[61.145.214.178] ehlo=1 mail=10 rcpt=0/10 data=0/10 rset=10 commands=21/41


Oct 19 22:24:11 mail postfix/verify[1801]: close database /var/lib/postfix/verify_cache.db: No such file or directory (possible Berkeley DB bug)


Oct 19 22:25:49 mail postfix/anvil[1799]: statistics: max connection rate 1/60s for (smtp:61.145.214.178) at Oct 19 22:21:34


Oct 19 22:25:49 mail postfix/anvil[1799]: statistics: max connection count 1 for (smtp:61.145.214.178) at Oct 19 22:21:34


Oct 19 22:25:49 mail postfix/anvil[1799]: statistics: max cache size 1 at Oct 19 22:21:34


Reply | Threaded
Open this post in threaded view
|

Re: How to limit max trying helo or ehlo times to mail server?

Wietse Venema
vod vos:
> Hi guys,
>
> When I reviewed the mail.log, it showed a IP was trying to test
> if relay was open or not. However, the times were too many.
>
> What is the max limited times of postfix defaultly defined?

$ postconf | grep '^smtpd_client.*limit'

        WEietse
Reply | Threaded
Open this post in threaded view
|

Re: How to limit max trying helo or ehlo times to mail server?

Noel Jones-2
In reply to this post by vod vos
On 10/21/2016 1:13 PM, vod vos wrote:
> Hi guys,
>
> When I reviewed the mail.log, it showed a IP was trying to test if
> relay was open or not. However, the times were too many.
>
>   *
>     What is the max limited times of postfix defaultly defined?
>

See the STRESS_README document.
http://www.postfix.org/STRESS_README.html


>
>   *
>     And how to modify it or how to set helo/ehlo restriction?
>
>
> Thanks.
>
> Here is the log:

Many unrelated entries snipped.



>
> Oct 19 22:21:34 mail postfix/smtpd[1796]: connect from
> unknown[61.145.214.178]

client connects.


> Oct 19 22:21:42 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from
> unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>:
> Relay access denied; from=<[hidden email]>
> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>

Client attempts unauthorized relay, postfix rejects it.

>
>
> Oct 19 22:21:42 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from
> unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>:
> Relay access denied; from=<[hidden email]>
> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>

(other Relay attempts snipped)

>
> Oct 19 22:22:05 mail postfix/smtpd[1796]: improper command
> pipelining after DATA from unknown[61.145.214.178]:

client talks out of turn, then tries some more unauthorized relays.
...

> Oct 19 22:22:29 mail postfix/smtpd[1796]: too many errors after DATA from unknown[61.145.214.178]

postfix hangs up on the bad client.

>
>
> Oct 19 22:22:29 mail postfix/smtpd[1796]: disconnect from unknown[61.145.214.178] ehlo=1 mail=10 rcpt=0/10 data=0/10 rset=10 commands=21/41

Client tried 10 recipients, 0 were accepted;  all were unauthorized
relay attempts.  After the 10th attempt, postfix disconnected.


Looks as if postfix is working just fine.  Nothing more to do here.



  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: How to limit max trying helo or ehlo times to mail server?

vod vos

The default value is 50.

So it seems no need to modify anything after reading Noel Jones's analyzation.

Thanks.


---- On 星期五, 21 十月 2016 11:51:50 -0700Noel Jones <[hidden email]> wrote ----

On 10/21/2016 1:13 PM, vod vos wrote:
> Hi guys,
>
> When I reviewed the mail.log, it showed a IP was trying to test if
> relay was open or not. However, the times were too many.
>
> *
> What is the max limited times of postfix defaultly defined?
>

See the STRESS_README document.


>
> *
> And how to modify it or how to set helo/ehlo restriction?
>
>
> Thanks.
>
> Here is the log:

Many unrelated entries snipped.



>
> Oct 19 22:21:34 mail postfix/smtpd[1796]: connect from
> unknown[61.145.214.178]

client connects.


> Oct 19 22:21:42 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from
> unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>:
> Relay access denied; from=<[hidden email]>
> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>

Client attempts unauthorized relay, postfix rejects it.

>
>
> Oct 19 22:21:42 mail postfix/smtpd[1796]: NOQUEUE: reject: RCPT from
> unknown[61.145.214.178]: 554 5.7.1 <[hidden email]>:
> Relay access denied; from=<[hidden email]>
> to=<[hidden email]> proto=ESMTP helo=<XL-20160621FCVQ>

(other Relay attempts snipped)

>
> Oct 19 22:22:05 mail postfix/smtpd[1796]: improper command
> pipelining after DATA from unknown[61.145.214.178]:

client talks out of turn, then tries some more unauthorized relays.
...

> Oct 19 22:22:29 mail postfix/smtpd[1796]: too many errors after DATA from unknown[61.145.214.178]

postfix hangs up on the bad client.

>
>
> Oct 19 22:22:29 mail postfix/smtpd[1796]: disconnect from unknown[61.145.214.178] ehlo=1 mail=10 rcpt=0/10 data=0/10 rset=10 commands=21/41

Client tried 10 recipients, 0 were accepted; all were unauthorized
relay attempts. After the 10th attempt, postfix disconnected.


Looks as if postfix is working just fine. Nothing more to do here.



-- Noel Jones