1 darren发表 最后由 darren (2019-07-04 19:56:30) 编辑

  • 注册日期: 2019-07-01
  • 文章数: 2

主题: 求助:未知请求链接邮件服务器(似乎无法使用fail2ban阻止)不断请求然后又断开

使用中遇到个难题
此类请求的频率很高,且看起来似乎无法写规则阻止(可能会影响正常邮件往来)mail日志里面全是以下这种记录,每个时段请求的IP还不尽相同。请问哪位有高招可能解决这个问题吗?



Jul  4 12:44:40 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:44:40 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] quit=1 commands=1
Jul  4 12:44:40 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:44:41 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:45:23 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:45:27 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:46:08 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:46:13 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:46:50 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:46:54 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:47:34 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:47:38 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:48:19 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:48:23 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:49:01 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:49:03 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:49:44 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:49:48 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:50:28 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:50:32 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:51:11 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:51:15 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:51:26 mailsend postfix/anvil[32397]: statistics: max connection rate 3/60s for (smtp:103.231.139.130) at Jul  4 12:45:23
Jul  4 12:51:26 mailsend postfix/anvil[32397]: statistics: max connection count 1 for (smtp:103.231.139.130) at Jul  4 12:41:45
Jul  4 12:51:26 mailsend postfix/anvil[32397]: statistics: max cache size 3 at Jul  4 12:42:00
Jul  4 12:51:54 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:51:59 mailsend postfix/smtpd[28339]: disconnect from unknown[103.231.139.130] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jul  4 12:52:38 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]
Jul  4 12:53:21 mailsend postfix/smtpd[28339]: connect from unknown[103.231.139.130]

  • 注册日期: 2009-12-18
  • 文章数: 2,864

回复: 求助:未知请求链接邮件服务器(似乎无法使用fail2ban阻止)不断请求然后又断开

没有明确的错误 log,Fail2ban 抓不到它。可以考虑手工 ban 掉或者看看其它 log 文件里是否有相关错误。