Postfix client=unknown [192.168.0.78]

shawnbishop · 04-06-2006, 10:51 AM

Good Day

I am running a postfix server,using a DHCP server to assign addresses.
I have searched all over the web for this info but cant find anything.
In my /var/log/maillog I get the following "errors",does anybody know what it means and whether I should be concerned.

/var/log/maillog

17:26:44 mailserver postfix/qmgr[13406]: 37ECF1A8001: from=<khulani@dubaisa.com>, size=2210, nrcpt=1 (queue active)
Apr 6 17:26:46 mailserver postfix/smtpd[20848]: disconnect from unknown[192.168.0.152]
Apr 6 17:26:51 mailserver postfix/qmgr[13406]: 70B841A8003: from=<Jacquesb.dsa@emaar.ae>, size=6098252, nrcpt=1 (queue active)
Apr 6 17:26:51 mailserver postfix/smtpd[20790]: disconnect from relay.dubaisa.com[196.31.48.202]
Apr 6 17:26:51 mailserver postfix/virtual[20793]: 70B841A8003: to=<tim@dubaisa.com>, relay=virtual, delay=17, status=sent (delivered to maildir)
Apr 6 17:26:51 mailserver postfix/qmgr[13406]: 70B841A8003: removed
Apr 6 17:27:04 mailserver postfix/smtp[20391]: 37ECF1A8001: to=<athij@bentel.net>, relay=mail.bentel.net[196.25.227.131], delay=20, status=sent (250 2.0.0 k36FQkEs014316 Message accepted for delivery)
Apr 6 17:27:04 mailserver postfix/qmgr[13406]: 37ECF1A8001: removed
Apr 6 17:28:52 mailserver postfix/smtpd[20875]: connect from unknown[192.168.0.164]

Kind Regards

Shawn

lucktsm · 04-06-2006, 11:43 AM

Shawn,

This is typically a spammer trying to find out if you are an open relay or trying to get the mail recipients of your system. There is a few postfix configurations that will disallow this. You can use this to stop or cut back on the spammers. Put this in your /etc/postfix/main.cf file at the bottom.

### ANTI SPAM MEASURES
#
# The commented lines kills a tad too much
# (kept for educaitonal use)
#
# smtpd_helo_required = yes
smtpd_sender_restrictions = reject_unknown_address
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org
# reject_non_fqdn_recipient,
smtpd_timeout = 90s
smtpd_recipient_limit = 15
smtpd_soft_error_limit = 5

shawnbishop · 04-06-2006, 02:34 PM

Hi Luck

Thanks for the reply,but is this not from within my network as it is a local IP address? (192.168.0.X) is my internal network address.

Thanks

Shawn