Linode Forum :: Whitelist Postfix SMTP Login

Linode Forum https://forum.linode.com/

Whitelist Postfix SMTP Login https://forum.linode.com/viewtopic.php?f=11&t=9344	Page 1 of 1

Author:

iWizardPro [ Mon Sep 03, 2012 2:54 pm ]

Post subject:

Whitelist Postfix SMTP Login

Is there a way I can restrict what IPs can attempt logging into my SMTP server? The only IPs that should be able to login is internally through VPN.

I have been getting a lot of logs recently of IPs attempting to login to the server:

Code:

Sep  3 11:50:14 iwizardpro postfix/smtpd[21363]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21352]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21073]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21044]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21040]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21040]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21043]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21043]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21024]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21024]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21522]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21522]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21252]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21252]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21363]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21363]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21352]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21352]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21073]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21073]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21044]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21044]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21708]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure

Thanks in advance!

Author:	Vance [ Mon Sep 03, 2012 7:50 pm ]
Post subject:	Re: Whitelist Postfix SMTP Login
In main.cf, you can set smtpd_sasl_exceptions_networks to prevent Postfix from offering AUTH support to certain networks. If you wanted to exclude all networks except 10.2.3., for example, you could use: Code:* smtpd_sasl_exceptions_networks = !10.2.3.0/24 If you're using Dovecot, you can specify allowable networks on a per-user basis via allow_nets in the password database (Dovecot 1.x, Dovecot 2.x).

Author:	jmarlin [ Tue Sep 04, 2012 9:55 am ]
Post subject:	Re: Whitelist Postfix SMTP Login
Hey Wizard, I'm having the same issue from the same "whorussia.org" source... how'd you go about resolving it? Did whitelisting the IPs solve the issue?

Author:	iWizardPro [ Tue Sep 04, 2012 4:15 pm ]
Post subject:	Re: Whitelist Postfix SMTP Login
I sent an IP abuse email to the company that ran the server and the logins appeared to have stopped by themselves. I might go ahead and implement Vance's solution though.

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/