Postfix

grob115 · 06-05-2012, 11:22 AM

Hi, am seeing this type of messages logged in my /var/log/maillog. Any idea what it means?

Code:

Jun  x xx:xx:xx www postfix/smtpd[10317]: connect from unknown[171.229.54.253]
Jun  x xx:xx:xx www postfix/smtpd[10317]: lost connection after CONNECT from unknown[171.229.54.253]
Jun  x xx:xx:xx www postfix/smtpd[10317]: disconnect from unknown[171.229.54.253]
Jun  x xx:xx:xx www postfix/smtpd[23135]: warning: 201.155.77.34: hostname dsl-201-155-77-34-sta.prod-empresarial.com.mx verification failed: Name or service not known
Jun  x xx:xx:xx www postfix/smtpd[23135]: connect from unknown[201.155.77.34]
Jun  x xx:xx:xx www postfix/smtpd[23135]: disconnect from unknown[201.155.77.34]

Noway2 · 06-05-2012, 12:52 PM

As part of the anti-spam package, Postfix can perform sender address verification, through declarations like " reject_unknown_sender_domain". What you are seeing in your logs is spam-activity, most likely from a compromised PC that is acting as a spam zombie, such as the conficker worm which is famous for sending out this crap.

The first example shows in your logs, a conenction from 171.229.54.253 In your logs, it shows a connection was made and then dropped possibly because your system didn't respond in the (vulnerable ?) manner it was looking for. If we do a lookup on this address, we see that it is an unnamed host in a range belonging to the Viettel Corporation in Vietnam.

In the case of the second one, we see that a connection was made from 201.155.77.34. A reverse lookup shows this to be a DSL connection from sta. Googling this name shows that it is a blacklisted domain, possibly in Mexico, but trying to perform a lookup of this domain failed, which is an indication of a possible SPAM host.

grob115 · 06-06-2012, 10:14 AM

That's great. Thanks.

javcove · 06-11-2014, 12:54 AM

Hello I´m having faiil2ban blocking some of my email users. I only found this on Postfix logs but not sure why this errors. Please help me. I don´t know what is happening.

Jun 4 09:18:34 sat4 postfix/smtpd[32687]: warning: 189.191.145.179: hostname dsl-189-191-145-171-dyn.prod-infinitum.com.mx verification failed: Name or service not known
Jun 4 09:18:34 sat4 postfix/smtpd[32687]: connect from unknown[189.191.145.179]
Jun 4 09:18:34 sat4 postfix/smtpd[32687]: warning: unknown[189.191.145.179]: SASL LOGIN authentication failed: authentication failure
Jun 4 09:18:34 sat4 postfix/smtpd[32687]: lost connection after AUTH from unknown[189.191.145.179]
Jun 4 09:18:34 sat4 postfix/smtpd[32687]: disconnect from unknown[189.191.145.179]
Jun 4 09:18:37 sat4 postfix/smtpd[20808]: warning: 189.191.145.179: hostname dsl-189-191-145-179-dyn.prod-infinitum.com.mx verification failed: Name or service not known

Thanks!