主题: 邮件服务器受到攻击
大家好,今天早上看邮件的队列,有1W多封邮件排队,都是从test用户发出去的,就意识到被攻击,test用户密码呗破解被用来发垃圾邮件,现在把test用户去除了,队列正常!但是看maillog,还有人在尝试破解密码,如下是日志:
10:48:20 mail postfix/smtpd[30846]: disconnect from 213-205-92-77.static.net.novis.pt[213.205.92.77]
Apr 2 10:48:20 mail postfix/smtpd[30807]: lost connection after AUTH from 213-205-92-77.static.net.novis.pt[213.205.92.77]
Apr 2 10:48:20 mail postfix/smtpd[30807]: disconnect from 213-205-92-77.static.net.novis.pt[213.205.92.77]
Apr 2 10:48:21 mail postfix/smtpd[30845]: lost connection after AUTH from 144-21.126-70.tampabay.res.rr.com[70.126.21.144]
Apr 2 10:48:21 mail postfix/smtpd[30845]: disconnect from 144-21.126-70.tampabay.res.rr.com[70.126.21.144]
Apr 2 10:48:21 mail postfix/smtpd[30786]: lost connection after AUTH from c-98-212-25-28.hsd1.in.comcast.net[98.212.25.28]
Apr 2 10:48:21 mail postfix/smtpd[30786]: disconnect from c-98-212-25-28.hsd1.in.comcast.net[98.212.25.28]
Apr 2 10:48:22 mail postfix/smtpd[30797]: warning: 213-205-92-77.static.net.novis.pt[213.205.92.77]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Apr 2 10:48:22 mail postfix/smtpd[30895]: warning: c-98-236-100-159.hsd1.wv.comcast.net[98.236.100.159]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Apr 2 10:48:22 mail postfix/smtpd[30808]: warning: c-68-62-79-197.hsd1.mi.comcast.net[68.62.79.197]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
请问各位大侠我该怎么办?如何把这个IP添加到黑名单?或者有什么办法可以加强邮件服务器安全?谢谢,在线等。目前这个IP还在攻击。哭...