My Emails work very good, but log is full of this and i noticed higher cpu use from amavis Sep 27 20:18:13 isp postfix/smtpd[14938]: connect from mysite.com[xxx.xxx.xxx.xxx] Sep 27 20:18:16 isp postfix/smtpd[14938]: warning: mysite.com[xxx.xxx.xxx.xxx]]: SASL PLAIN authentication failed: Sep 27 20:18:16 isp postfix/smtpd[14938]: disconnect from mysite.coml[xxx.xxx.xxx.xxx]] and another from anvil Sep 27 06:01:34 isp postfix/anvil[12692]: statistics: max connection rate 1/60s for (smtp:xxx.xxx.xxx.xxx) at Sep 27 05:58:12 Sep 27 06:01:34 isp postfix/anvil[12692]: statistics: max connection count 1 for (smtp:xxx.xxx.xxx.xxx) at Sep 27 05:58:12 Sep 27 06:01:34 isp postfix/anvil[12692]: statistics: max cache size 1 at Sep 27 05:58:12 where mysite.com is my actual site and xxx are my real ip This log is repeated every 5 minuts
They are not useless, they help you when investigating mail account issues. Well, the statistics would be used less than the login info, and you can reduce how often they're reported by increasing anvil_status_update_time (eg. in /etc/postfix/main.cf). Another good use of the login failures is to install fail2ban and block users trying to guess passwords on your server. That goes on continually, and they are successful in guessing accounts at times, which are then used for spamming, so you can save yourself some hassle down the road by setting up fail2ban for that.
Ah, I missed that point, sorry. I doubt that is causing any cpu load in amavis (as there was no message sent), and those few log messages every 5 minutes won't add any significant i/o load to your disks either. I don't know of a way to selectively prohibit logging those from your ip addr, but continue logging them for others, so I wouldn't worry about that. Maybe investigate why your site is failing sasl login and fix that (which I'd guess might simply change the message to one saying sasl succeeded, and you'd have an email sent at that time) or disable whatever function is doing that (so the connections stop).
High processor use was from DNS Amplification Attacks, already handled this. I would like to investigate when it is failing, because log is every 5 min even if no one is logging i wonder where to start checking
Check System > Main Config > Mail > various SMTP related settings. @till said it's the mail system monitoring, so likely it is. I don't see that myself, but I don't have anything set for the SMTP username or password, so no SASL failures.
