Hello
Thanks for reply yes, i have put now this, I have peace now 😊
#cat postfix-addon.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix/smtpd
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.2\.1 .*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.6\.1 : Helo command rejected: Host not found; to=<> from=<> bcc=<> Yproto=ESMTP helo= *$
^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.4\.1 .*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.2 :*$
reject: RCPT from (.*)\[<HOST>\]: 550 5.2.1
reject: RCPT from (.*)\[<HOST>\]: 450 4.6.1
reject: RCPT from (.*)\[<HOST>\]: 554 5.4.1
reject: RCPT from unknown\[<HOST>\]: 454 4.7.2
connect from unknown\[<HOST>\]
ignoreregex =
--
you cannot fail unless you quit!
-----Ursprüngliche Nachricht-----
Von: Charles Curley <***@charlescurley.com>
Gesendet: Freitag, 17. Mai 2024 18:45
An: Debian Users <debian-***@lists.debian.org>
Betreff: Re: Knocking on the door
On Fri, 17 May 2024 15:49:52 +0200
Hello
Please i know that this arn't the Dovecot forum, but let me try, on
the log's i have always knocking "unknown user" attempts.
May 15 22:39:31 Dovecot/auth-worker(2602036): Info: conn
I only see one record here. fail2ban requires multiple attempts within a certain period before it will ban the source address.
yes i try with fail2ban, but i didn't see or found the right regex, so
that this will be blocked please has any from you solve this knocking
task?
Are you sure you want to worry about it? dovecot seems to be doing its job by refusing access to unknown users.
If you see repeated attempts from the same source, you might want to craft a firewall rule to ban that source (or than network).
Show us the files you have modified so we can see what you are doing.
thanks
--
Does anybody read signatures any more?
https://charlescurley.com
https://charlescurley.com/blog/