NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-07

Re: Unknown client connection is almost a spammer?

From: Duane Hill (d.hillyournetplus.com)
Date: Mon Jul 09 2007 - 10:16:42 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 9 Jul 2007 at 14:56 -0000, tinsingcheunghgcbroadband.com confabulated:

> Hi all,
>
> I found there are many unknown connections logged to my system. Should we/Is
> there any method to "reject (or use DUNNO for) these kind of connections at
> once when detected at the time of making connection"? Since these unknown
> connections always create a lot of spam messages and occupied unnecessary
> resources. Up to now, I only knew the rule "reject_unknown_client" could
> prevent these spam messages but it also rejected many normal messages sent
> from our clients who have non-standard DNS configuration :( ,e.g. no reverse
> DNS lookup for their MTA and invalid hostnames etc.
>
> Address not listed for hostname:
> Jun 29 10:46:35 smtp01 postfix/smtpd[25823]: warning: 218.28.65.116: address
> not listed for hostname pc0.zz.ha.cn

The reverse lookup of 218.28.65.116 does not resolve back into the same IP
address.

> Jun 29 10:46:35 smtp01 postfix/smtpd[25823]: connect from unknown
> [218.28.65.116]
> Jun 29 10:46:36 smtp01 postfix/smtpd[25823]: NOQUEUE: reject: RCPT from unknown
> [218.28.65.116]: 450 <chqykblrha.cn>: Sender address rejected: Domain not
> found; from=<chqykblrha.cn> to=<usernamemydomain.com> proto=ESMTP
> helo=<pc0.zz.ha.cn>
> Jun 29 10:46:36 smtp01 postfix/smtpd[25823]: lost connection after RCPT from
> unknown[218.28.65.116]
> Jun 29 10:46:36 smtp01 postfix/smtpd[25823]: disconnect from unknown
> [218.28.65.116]
>
> Verification failed: Name or service not known:
> Jun 29 11:24:30 smtp01 postfix/smtpd[26081]: warning: 59.44.231.161: hostname
> 161.231.44.59.broad.ly.ln.dynamic.163data.com.cn verification failed: Name or
> service not known

The reverse lookup of 59.44.231.161 does not resolve.

> Jun 29 11:24:30 smtp01 postfix/smtpd[26081]: connect from unknown
> [59.44.231.161]
> Jun 29 11:24:31 smtp01 postfix/smtpd[26081]: NOQUEUE: reject: RCPT from unknown
> [59.44.231.161]: 450 <USERNAMEMYDOMAIN.COM>:
> Recipient address rejected: Greylisted, see
> http://isg.ee.ethz.ch/tools/postgrey/help/MYDOMAIN.COM.html;
> from=<fvdhgjh3265yahoo
> .de> to=<USERNAMEMYDOMAIN.COM> proto=ESMTP helo=<so-net.ne.jp>
> Jun 29 11:24:31 smtp01 postfix/smtpd[26081]: lost connection after RCPT from
> unknown[59.44.231.161]
> Jun 29 11:24:31 smtp01 postfix/smtpd[26081]: disconnect from unknown
> [59.44.231.161]
>
> I'm using postfix with version 2.2.8
>
> Thanks,
>
> James

Sounds to me you have reject_unknown_client in your main.cf. That
parameter will:

   Reject the request when 1) the client IP address->name mapping fails, 2)
   the name->address mapping fails, or 3) the name->address mapping does
   not match the client IP address.

See:

http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

-----
_|_
(_| |

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]