Hi everybody I use ISPConfig as my panel but have a lot of line as follow in my syslog file: postfix/smtpd warning: hostname swim.diverseenvironment.com does not resolve to address 185.211.245.198 postfix/smtpd: connect from unknown[185.211.245.198] postfix/smtpd: lost connection after EHLO from unknown[185.211.245.198] postfix/smtpd: disconnect from unknown[185.211.245.198] ehlo=1 commands=1 also when I check IPs , all of them known as "Attack Source". also I block some of them with UFW or iptable but the problem still remain. my emails work correct and send/receive done without problem. I'll really appreciate any help Thanks in advance
You can not do anything agains occasional connection attempts. If it is the same IP trying to connect many times, you can block them automatically by the use of fail2ban. Anyway, they cause no harm as long as they are being blocked by postfix. You can decrease the loglevel, so you don't see them in your logs, but that will do nothing to the problem.
When I try to ban IPs that trying to connect many times, my postfix fall into problem (I can't send or receive any mail)
You should only block the ones that fail to connect, not the legitimate ones ;-) Anyway, as I said it makes almost no difference if the firewall drops the connection or postfix. (the firewall needs less ressources, but on a small server that should not become visible)
