Postfix security flood my mail log files

[Sity]

Hey there!

Several days ago I tried to look up why is my log directory bigger at every day by more than 50 MBytes..

I found this: mail.err

Code:

Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142

mail.info:

Code:

...
Feb 25 13:26:10 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:14 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:14 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:19 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:19 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:24 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:24 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:26 vps60 postfix/smtpd[11826]: too many errors after AUTH from c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]
Feb 25 13:26:26 vps60 postfix/smtpd[11826]: disconnect from c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]
Feb 25 13:26:27 vps60 postfix/smtpd[11826]: connect from c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]
Feb 25 13:26:28 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:28 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:29 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
...

Several rows every each second.. Similar results in mail.info, mail.log and mail.warn also.

Is there a way to denny this?

[mydebians]

HI ban it with iptables

[Sity]

That's not a point.. Server allows several attempts for one IP... Then the robot change IP and start attempting again

[mydebians]

Ok, then install fail2ban !