Im viewing my logs monitoring any traffic and have found a lot of this: Code: May 28 14:45:28 tux postfix/smtpd[5294]: connect from unknown[198.169.113.164] May 28 14:45:28 tux postfix/smtpd[5294]: setting up TLS connection from unknown[198.169.113.164] May 28 14:45:28 tux postfix/smtpd[5294]: TLS connection established from unknown[198.169.113.164]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) May 28 14:45:29 tux postfix/smtpd[5294]: disconnect from unknown[198.169.113.164] May 28 14:46:11 tux postfix/smtpd[5294]: connect from unknown[198.169.113.164] May 28 14:46:12 tux postfix/smtpd[5294]: setting up TLS connection from unknown[198.169.113.164] May 28 14:46:15 tux postfix/smtpd[5294]: TLS connection established from unknown[198.169.113.164]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) May 28 14:46:16 tux postfix/smtpd[5294]: disconnect from unknown[198.169.113.164] What does it take to block all traffic into postfix for this IP address. On a second note. I also see a lot of this: (addresses changed for security) Code: May 28 14:51:59 tux postfix/local[5493]: 42222E8043: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=8, status=sent (delivered to command: /usr/bin/procmail -f-) May 28 14:51:59 tux postfix/qmgr[3756]: 42222E8043: removed Should I worry about any of this?
You can block IP addresses from connecting to your server like this: Code: route add -host 1.2.3.4 reject where 1.2.3.4 is the IP address you want to block. That's ok.