Is there a way I can restrict what IPs can attempt logging into my SMTP server? The only IPs that should be able to login is internally through VPN.

I have been getting a lot of logs recently of IPs attempting to login to the server:

Sep  3 11:50:14 iwizardpro postfix/smtpd[21363]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21352]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21073]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21044]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21040]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21040]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21043]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21043]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21024]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21024]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21522]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21522]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21252]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21252]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21363]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21363]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21352]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21352]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21073]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21073]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21044]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21044]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21708]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure

Thanks in advance!

In main.cf, you can set smtpd_sasl_exceptions_networks to prevent Postfix from offering AUTH support to certain networks. If you wanted to exclude all networks except 10.2.3.*, for example, you could use:

smtpd_sasl_exceptions_networks = !10.2.3.0/24

If you're using Dovecot, you can specify allowable networks on a per-user basis via allow_nets in the password database (Dovecot 1.x, Dovecot 2.x).

Hey Wizard, I'm having the same issue from the same "whorussia.org" source... how'd you go about resolving it? Did whitelisting the IPs solve the issue?

I sent an IP abuse email to the company that ran the server and the logins appeared to have stopped by themselves. I might go ahead and implement Vance's solution though.