1 Topic by insanadair (edited by insanadair 2011-09-22 14:53:05)

  • insanadair
  • Member
  • Offline
  • Registered: 2010-07-29
  • Posts: 37

Topic: connect from unknown[x.x.x.x]

I have a iredmail 0.7.3 Backround Mysql  and work Debian Linux. 

What does it mean this logs How can I block this IP's I dont want this and I use Fail2Ban

tail -f /var/log/mail.log

Sep 21 21:50:03 mail postfix/smtpd[3807]: connect from unknown[217.118.83.218]
Sep 21 21:50:03 mail postfix/smtpd[3807]: warning: Illegal address syntax from unknown[217.118.83.218] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:50:05 mail postfix/smtpd[3807]: warning: Illegal address syntax from unknown[217.118.83.218] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:50:06 mail postfix/smtpd[3807]: warning: Illegal address syntax from unknown[217.118.83.218] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:50:06 mail postfix/smtpd[3807]: disconnect from unknown[217.118.83.218]
Sep 21 21:53:26 mail postfix/anvil[3809]: statistics: max connection rate 1/60s for (smtp:217.118.83.218) at Sep 21 21:50:03
Sep 21 21:53:26 mail postfix/anvil[3809]: statistics: max connection count 1 for (smtp:217.118.83.218) at Sep 21 21:50:03
Sep 21 21:53:26 mail postfix/anvil[3809]: statistics: max cache size 1 at Sep 21 21:50:03

and 

Sep 21 21:20:37 mail postfix/smtpd[3347]: connect from unknown[180.215.106.188]
Sep 21 21:20:38 mail postfix/smtpd[3347]: warning: Illegal address syntax from unknown[180.215.106.188] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:20:39 mail postfix/smtpd[3347]: warning: Illegal address syntax from unknown[180.215.106.188] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:20:41 mail postfix/smtpd[3347]: warning: Illegal address syntax from unknown[180.215.106.188] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:20:42 mail postfix/smtpd[3347]: disconnect from unknown[180.215.106.188]

and 

Sep 21 21:02:04 mail postfix/anvil[27131]: statistics: max connection rate 1/60s for (smtp:67.135.235.227) at Sep 21 20:58:43
Sep 21 21:02:04 mail postfix/anvil[27131]: statistics: max connection count 1 for (smtp:67.135.235.227) at Sep 21 20:58:43
Sep 21 21:02:04 mail postfix/anvil[27131]: statistics: max cache size 1 at Sep 21 20:58:43
Sep 21 21:09:39 mail postfix/smtpd[27254]: connect from unknown[95.169.125.154]
Sep 21 21:09:39 mail postfix/smtpd[27254]: warning: Illegal address syntax from unknown[95.169.125.154] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:09:39 mail postfix/smtpd[27254]: warning: Illegal address syntax from unknown[95.169.125.154] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:09:40 mail postfix/smtpd[27254]: warning: Illegal address syntax from unknown[95.169.125.154] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:09:40 mail postfix/smtpd[27254]: disconnect from unknown[95.169.125.154]
Sep 21 21:13:00 mail postfix/anvil[27256]: statistics: max connection rate 1/60s for (smtp:95.169.125.154) at Sep 21 21:09:39
Sep 21 21:13:00 mail postfix/anvil[27256]: statistics: max connection count 1 for (smtp:95.169.125.154) at Sep 21 21:09:39
Sep 21 21:13:00 mail postfix/anvil[27256]: statistics: max cache size 1 at Sep 21 21:09:39
Sep 21 21:15:15 mail postfix/smtpd[27306]: connect from unknown[119.153.10.52]
Sep 21 21:15:16 mail postfix/smtpd[27306]: warning: Illegal address syntax from unknown[119.153.10.52] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:15:16 mail postfix/smtpd[27306]: warning: Illegal address syntax from unknown[119.153.10.52] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:15:17 mail postfix/smtpd[27306]: warning: Illegal address syntax from unknown[119.153.10.52] in MAIL command: <australian business.registry@abr.gov.au>
Sep 21 21:15:17 mail postfix/smtpd[27306]: disconnect from unknown[119.153.10.52]
Sep 21 21:16:22 mail postfix/master[2931]: terminating on signal 15

I added below command in /etc/postfix/main.cf and than restart postfix services

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

I reference this web page
http://www.cyberciti.biz/faq/postfix-li … mail-rate/

Changing Keep-Alive Settings
For testing purposes the best thing to do is to echo a setting the current setting.  This will go away on restart.  For example, if your connections were not as reliable as you needed, clients complained about dropped connections, then increase your Keep-Alive settings.
web page : http://postfixmail.com/blog/

echo 15 > /proc/sys/net/ipv4/tcp_keepalive_probes

If you were more interested in saving resources on the mail server, then decrease the time for Keep-Alive.

echo 6000 > /proc/sys/net/ipv4/tcp_keepalive_time

thank you for your help

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: connect from unknown[x.x.x.x]

insanadiar wrote:

Sep 21 21:20:39 mail postfix/smtpd[3347]: warning: Illegal address syntax from unknown[180.215.106.188] in MAIL command: <australian business.registry@abr.gov.au>

Postfix can correctly handle this issue, you don't need to change any setting.