Hi Folks. Good day. I hope you're doing good. I'm seeing my logs flooded with information like this: Code: Jan 21 14:48:22 myserver.domain postfix/smtpd[1176661]: warning: hostname net6-ip229.linkbg.com does not resolve to address 87.246.7.229: Name or service not known Jan 21 14:48:22 myserver.domain postfix/smtpd[1176661]: connect from unknown[87.246.7.229] Jan 21 14:48:23 myserver.domain postfix/smtpd[1176661]: disconnect from unknown[87.246.7.229] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 I've been trying a to tweak fail2ban postfix filter to capture and block these IPs, but I'm not successful so far (partially because I'm not familiar with how the fail2ban structure works. Can anyone shine some light and share what modification should I make in what files to block these type of traffic? Thanks a lot in advance.
Why would you block these IP's? A lot of servers are not properly configured, which results in this message when they connect to your server, but should be able to reach you.
Hi @Th0m Thanks for the reply. My initial analysis is that this seems to be some bots flooding the server with incomplete/incorrect requests, trying to discover vulnerabilities. But, to be honest, I'm not complete sure, I see lots of requests, from different IPs, with the same pattern. Is this something I should be concerned or not?
