is this a brute Force

[jamerson]

Hi Guys,
Today i have found those logs on the EFA. those logs keeps showing up.

Mar 27 02:39:31 filter postfix/smtpd[26541]: connect from unknown[91.234.99.215]
Mar 27 02:39:31 filter postfix/smtpd[26541]: warning: unknown[91.234.99.215]: SASL LOGIN authentication failed: authentication failure
Mar 27 02:39:31 filter postfix/smtpd[26541]: lost connection after AUTH from unknown[91.234.99.215]
Mar 27 02:39:31 filter postfix/smtpd[26541]: disconnect from unknown[91.234.99.215] ehlo=1 auth=0/1 commands=1/2
Mar 27 02:39:36 filter postfix/smtpd[26541]: connect from abelohost-23.200.221.185.dedicated-ip.abelons.com[185.221.200.23]
Mar 27 02:39:36 filter postfix/smtpd[26541]: warning: abelohost-23.200.221.185.dedicated-ip.abelons.com[185.221.200.23]: SASL LOGIN authentication failed: authentication failure
Mar 27 02:39:36 filter postfix/smtpd[26541]: disconnect from abelohost-23.200.221.185.dedicated-ip.abelons.com[185.221.200.23] ehlo=1 auth=0/1 quit=1 commands=2/3
Mar 27 02:42:56 filter postfix/anvil[26542]: statistics: max connection rate 1/60s for (smtp:91.234.99.215) at Mar 27 02:39:31
Mar 27 02:42:56 filter postfix/anvil[26542]: statistics: max connection count 1 for (smtp:91.234.99.215) at Mar 27 02:39:31

is somebody trying to brut force the EFA ? most of the IP i've checked them and found out they belong to AbustIPDB.

[pdwalker]

That is a spammer trying to use your efa system to send junk, but efa is not allowing it.

Unfortunately, that's perfectly normal.

If you see the same sending IP coming up a lot, then you might wish to consider using a tool like failtoban to automatically configure the firewall to drop their incoming connections.

[jamerson]

Hi PDwalker,
thank you for your answer.
i would love to know how to configure the fail2ban on the EFA?
i just looked on the forum but can't seem to find something.

thank you

[henk]

viewtopic.php?t=1875

[jamerson]

Thank you ,
we have configured and its up and running.
big thank you for the link.