Postfix limit connections

Question

I have a question about Postfix. Last night someone tried to access my Postfix server, he/she connected like ~30 times to it. Is there any way to limit simultaneous connections?

Here is a part of the Log-File:

Jun  1 03:31:15 primary postfix/smtpd[11191]: connect from unknown[103.89.90.196]
Jun  1 03:31:20 primary postfix/smtpd[11191]: disconnect from unknown[103.89.90.196] ehlo=1 quit=1 commands=2
Jun  1 03:31:21 primary postfix/smtpd[11191]: connect from unknown[103.89.90.196]
Jun  1 03:31:21 primary postfix/smtpd[11194]: connect from unknown[103.89.90.196]
Jun  1 03:31:22 primary postfix/smtpd[11195]: connect from unknown[103.89.90.196]
Jun  1 03:31:22 primary postfix/smtpd[11196]: connect from unknown[103.89.90.196]
Jun  1 03:31:22 primary postfix/smtpd[11197]: connect from unknown[103.89.90.196]
Jun  1 03:31:22 primary postfix/smtpd[11198]: connect from unknown[103.89.90.196]
Jun  1 03:31:22 primary postfix/smtpd[11199]: connect from unknown[103.89.90.196]
Jun  1 03:31:22 primary postfix/smtpd[11200]: connect from unknown[103.89.90.196]
Jun  1 03:31:22 primary postfix/smtpd[11201]: connect from unknown[103.89.90.196]
Jun  1 03:31:23 primary postfix/smtpd[11202]: connect from unknown[103.89.90.196]
Jun  1 03:31:23 primary postfix/smtpd[11203]: connect from unknown[103.89.90.196]
Jun  1 03:31:23 primary postfix/smtpd[11204]: connect from unknown[103.89.90.196]
Jun  1 03:31:23 primary postfix/smtpd[11205]: connect from unknown[103.89.90.196]
Jun  1 03:31:23 primary postfix/smtpd[11206]: connect from unknown[103.89.90.196]
Jun  1 03:31:23 primary postfix/smtpd[11207]: connect from unknown[103.89.90.196]
Jun  1 03:31:23 primary postfix/smtpd[11208]: connect from unknown[103.89.90.196]
Jun  1 03:31:24 primary postfix/smtpd[11209]: connect from unknown[103.89.90.196]
Jun  1 03:31:26 primary postfix/smtpd[11210]: connect from unknown[103.89.90.196]
Jun  1 03:31:26 primary postfix/smtpd[11211]: connect from unknown[103.89.90.196]
Jun  1 03:31:26 primary postfix/smtpd[11212]: connect from unknown[103.89.90.196]
Jun  1 03:31:26 primary postfix/smtpd[11213]: connect from unknown[103.89.90.196]
Jun  1 03:31:26 primary postfix/smtpd[11214]: connect from unknown[103.89.90.196]
Jun  1 03:31:26 primary postfix/smtpd[11215]: connect from unknown[103.89.90.196]
Jun  1 03:31:27 primary postfix/smtpd[11216]: connect from unknown[103.89.90.196]
Jun  1 03:31:27 primary postfix/smtpd[11217]: connect from unknown[103.89.90.196]
Jun  1 03:31:28 primary postfix/smtpd[11191]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:29 primary postfix/smtpd[11220]: connect from unknown[103.89.90.196]
Jun  1 03:31:29 primary postfix/smtpd[11195]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:29 primary postfix/smtpd[11194]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:30 primary postfix/smtpd[11196]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:30 primary postfix/smtpd[11191]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:30 primary postfix/smtpd[11191]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:30 primary postfix/smtpd[11191]: connect from unknown[103.89.90.196]
Jun  1 03:31:30 primary postfix/smtpd[11224]: connect from unknown[103.89.90.196]
Jun  1 03:31:30 primary postfix/smtpd[11198]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:30 primary postfix/smtpd[11225]: connect from unknown[103.89.90.196]
Jun  1 03:31:30 primary postfix/smtpd[11226]: connect from unknown[103.89.90.196]
Jun  1 03:31:30 primary postfix/smtpd[11227]: connect from unknown[103.89.90.196]
Jun  1 03:31:30 primary postfix/smtpd[11228]: connect from unknown[103.89.90.196]
Jun  1 03:31:31 primary postfix/smtpd[11200]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:31 primary postfix/smtpd[11195]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:31 primary postfix/smtpd[11195]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:31 primary postfix/smtpd[11194]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:31 primary postfix/smtpd[11194]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:31 primary postfix/smtpd[11204]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:31 primary postfix/smtpd[11202]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:31 primary postfix/smtpd[11196]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:31 primary postfix/smtpd[11196]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:31 primary postfix/smtpd[11198]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:31 primary postfix/smtpd[11198]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:32 primary postfix/smtpd[11197]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:32 primary postfix/smtpd[11200]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:32 primary postfix/smtpd[11200]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:32 primary postfix/smtpd[11199]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:32 primary postfix/smtpd[11204]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:32 primary postfix/smtpd[11204]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:32 primary postfix/smtpd[11202]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:32 primary postfix/smtpd[11202]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:33 primary postfix/smtpd[11201]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:33 primary postfix/smtpd[11205]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:33 primary postfix/smtpd[11206]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:33 primary postfix/smtpd[11197]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:33 primary postfix/smtpd[11197]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:33 primary postfix/smtpd[11208]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:34 primary postfix/smtpd[11199]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:34 primary postfix/smtpd[11199]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:34 primary postfix/smtpd[11203]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:34 primary postfix/smtpd[11201]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:34 primary postfix/smtpd[11201]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:35 primary postfix/smtpd[11207]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:35 primary postfix/smtpd[11206]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:35 primary postfix/smtpd[11206]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:35 primary postfix/smtpd[11208]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:35 primary postfix/smtpd[11208]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:35 primary postfix/smtpd[11205]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:35 primary postfix/smtpd[11205]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:35 primary postfix/smtpd[11209]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:35 primary postfix/smtpd[11212]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:35 primary postfix/smtpd[11213]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:35 primary postfix/smtpd[11203]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:35 primary postfix/smtpd[11203]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:36 primary postfix/smtpd[11215]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:36 primary postfix/smtpd[11216]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:36 primary postfix/smtpd[11207]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:36 primary postfix/smtpd[11207]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:36 primary postfix/smtpd[11212]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:36 primary postfix/smtpd[11212]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:36 primary postfix/smtpd[11213]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:36 primary postfix/smtpd[11213]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:36 primary postfix/smtpd[11209]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:36 primary postfix/smtpd[11209]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:36 primary postfix/smtpd[11214]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:37 primary postfix/smtpd[11217]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:37 primary postfix/smtpd[11210]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:37 primary postfix/smtpd[11211]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:37 primary postfix/smtpd[11215]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:37 primary postfix/smtpd[11215]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:37 primary postfix/smtpd[11216]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:37 primary postfix/smtpd[11216]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:38 primary postfix/smtpd[11220]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:38 primary postfix/smtpd[11214]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:38 primary postfix/smtpd[11214]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:38 primary postfix/smtpd[11217]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:38 primary postfix/smtpd[11217]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:38 primary postfix/smtpd[11210]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:38 primary postfix/smtpd[11210]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:38 primary postfix/smtpd[11211]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:38 primary postfix/smtpd[11211]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:39 primary postfix/smtpd[11224]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:39 primary postfix/smtpd[11191]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:39 primary postfix/smtpd[11225]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:39 primary postfix/smtpd[11227]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:39 primary postfix/smtpd[11220]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:39 primary postfix/smtpd[11220]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:39 primary postfix/smtpd[11226]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:40 primary postfix/smtpd[11224]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:40 primary postfix/smtpd[11224]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:40 primary postfix/smtpd[11191]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:40 primary postfix/smtpd[11191]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:40 primary postfix/smtpd[11225]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:40 primary postfix/smtpd[11225]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:40 primary postfix/smtpd[11227]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:40 primary postfix/smtpd[11227]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:40 primary postfix/smtpd[11228]: warning: unknown[103.89.90.196]: SASL LOGIN authentication failed: authentication failure
Jun  1 03:31:41 primary postfix/smtpd[11226]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:41 primary postfix/smtpd[11226]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:31:42 primary postfix/smtpd[11228]: lost connection after AUTH from unknown[103.89.90.196]
Jun  1 03:31:42 primary postfix/smtpd[11228]: disconnect from unknown[103.89.90.196] ehlo=1 auth=0/1 commands=1/2
Jun  1 03:37:10 primary postfix/anvil[11193]: statistics: max connection rate 33/60s for (smtp:103.89.90.196) at Jun  1 03:31:30
Jun  1 03:37:10 primary postfix/anvil[11193]: statistics: max connection count 31 for (smtp:103.89.90.196) at Jun  1 03:31:30

score 1 · Answer 1 · answered Jun 01 '20 at 18:32

1

you should use firewalld limit... like this:

-A INPUT -m tcp -p tcp --dport 25 -m limit --limit 5/s -j ACCEPT

this will limit all connects to you smtp to 5 per sec. and there is postfix configuration limits: Limit concurrent connections to Postfix server

answered Jun 01 '20 at 18:32

Рамиль Матрасов

301
1
4

Also look at fail2ban - that can help with brute force attacks on authentication – davidgo Jun 01 '20 at 19:55

Postfix limit connections

1 Answers1