efa-project.org

Hi All,

Using the version EFA-3.0.2.6. Getting following in postfix logs. How do I fix this?

Feb 10 07:41:18 mailfw postfix/smtpd[17475]: connect from unknown[91.200.12.219]
Feb 10 07:41:19 mailfw postfix/smtpd[17475]: warning: unknown[91.200.12.219]: SASL LOGIN authentication failed: authentication failure
Feb 10 07:41:19 mailfw postfix/smtpd[17475]: lost connection after AUTH from unknown[91.200.12.219]
Feb 10 07:41:19 mailfw postfix/smtpd[17475]: disconnect from unknown[91.200.12.219] ehlo=1 auth=0/1 commands=1/2
Feb 10 07:41:21 mailfw postfix/smtpd[18664]: connect from mail-co1nam03lp0020.outbound.protection.outlook.com[216.32.181.20]
Feb 10 07:41:21 mailfw postfix/smtpd[18664]: Anonymous TLS connection established from mail-co1nam03lp0020.outbound.protection.outlook.com[216.32.181.20]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Feb 10 07:41:21 mailfw postfix/smtpd[18664]: disconnect from mail-co1nam03lp0020.outbound.protection.outlook.com[216.32.181.20] ehlo=1 starttls=1 quit=1 commands=3

regards,
yashodhan

There's two distinct things here...

One is some random person trying to connect using SASL LOGIN and failing. Probably a bot or hacker poking around the net. Generally normal when SASL is being offered via postfix and open to the world, unless you block and/or filter in some fashion.

The other is an anonymous TLS session from outlook.com. If nothing is happening it is likely because you have a self-signed certificate for postfix, and outlook.com doesn't trust it and isn't willing to try sending without TLS.

Thanks Shawn. I have blocked the bot now and for some strange reason the Outlook.com errors have disappeared.

Thanks for a great mail firewall.