repeated relay attempts

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

repeated relay attempts

lists@lazygranch.com
Just checking if I have things set up correctly. I'm returning a 554
code (rejected relay) yet the attempts keep coming.

Postfix avil is throttling the user, so I assume this isn't a problem.

As an FYI, checking MXTOOL blacklist on the offending IP, only
blocklist.de has them flagged at the moment.

A snippet of postfix log with my domain altered to stay off google:
------------------
Mar 17 23:00:32 centos-1gb-sfo1-01 postfix/smtpd[26199]: connect from hwsrv-230330.hostwindsdns.com[104.168.137.238]
Mar 17 23:00:32 centos-1gb-sfo1-01 postfix/smtpd[26199]: NOQUEUE: reject: RCPT from hwsrv-230330.hostwindsdns.com[104.168.137.238]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<hwsrv-230330.hostwindsdns.com>
Mar 17 23:00:32 centos-1gb-sfo1-01 postfix/smtpd[26199]: lost connection after RCPT from hwsrv-230330.hostwindsdns.com[104.168.137.238]
Mar 17 23:00:32 centos-1gb-sfo1-01 postfix/smtpd[26199]: disconnect from hwsrv-230330.hostwindsdns.com[104.168.137.238] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Mar 17 23:00:32 centos-1gb-sfo1-01 postfix/smtpd[26188]: connect from hwsrv-230330.hostwindsdns.com[104.168.137.238]
Mar 17 23:00:32 centos-1gb-sfo1-01 postfix/smtpd[26188]: NOQUEUE: reject: RCPT from hwsrv-230330.hostwindsdns.com[104.168.137.238]: 554 5.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<hwsrv-230330.hostwindsdns.com>
Mar 17 23:00:32 centos-1gb-sfo1-01 postfix/smtpd[26188]: lost connection after RCPT from hwsrv-230330.hostwindsdns.com[104.168.137.238]
Mar 17 23:00:32 centos-1gb-sfo1-01 postfix/smtpd[26188]: disconnect from hwsrv-230330.hostwindsdns.com[104.168.137.238] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Mar 17 23:00:32 centos-1gb-sfo1-01 postfix/smtpd[26199]: connect from hwsrv-230330.hostwindsdns.com[104.168.137.238]
Mar 17 23:00:32 centos-1gb-sfo1-01 postfix/smtpd[26199]: warning: Connection rate limit exceeded: 4 from hwsrv-230330.hostwindsdns.com[104.168.137.238] for service smtp
Reply | Threaded
Open this post in threaded view
|

Re: repeated relay attempts

biggsy
Hello Lists,

Sunday, March 18, 2018, 11:43:50 AM, you wrote:

> Just checking if I have things set up correctly. I'm returning a 554
> code (rejected relay) yet the attempts keep coming.

> Postfix avil is throttling the user, so I assume this isn't a problem.

> As an FYI, checking MXTOOL blacklist on the offending IP, only
> blocklist.de has them flagged at the moment.


554 or not, that bot doesn't care.
I've seen ~500 hits like this in under three minutes from *.hostwindsdns.  
Same source IP but with TO:[hidden email].

Never figured out how to report a spammer's test email address to Google.      
Hostwinds doesn't seem to care either. I guess it's all money in the bank.

Anyway, for me, this was the driver to work out how to feed the IP address
of offenders back to my firewall for long-term blocking at the front door:
 postfix > fail2ban > openbgpd > pfsense

Phil