I have a Zimbra Mail Server setup, and have noticed quite a few connection attempts on port 25 which are rejected because the reverse lookup fails. Here is an example output:
Apr 30 06:04:48 mx1 postfix/postscreen[25405]: CONNECT from [213.221.224.122]:58241 to [MyInternalIP]:25
Apr 30 06:04:48 mx1 postfix/postscreen[25405]: PREGREET 11 after 0.06 from [213.221.224.122]:58241: EHLO User\r\n
Apr 30 06:04:48 mx1 postfix/smtpd[4021]: connect from 213-221-224-122.static.ftth.fcom.ch[213.221.224.122]
Apr 30 06:04:48 mx1 postfix/smtpd[4021]: disconnect from 213-221-224-122.static.ftth.fcom.ch[213.221.224.122] ehlo=1 quit=1 commands=2
Apr 30 06:04:55 mx1 postfix/postscreen[25405]: CONNECT from [85.234.126.92]:59355 to [MyInternalIP]:25
Apr 30 06:04:56 mx1 postfix/postscreen[25405]: PREGREET 11 after 0.15 from [85.234.126.92]:59355: EHLO User\r\n
Apr 30 06:04:56 mx1 postfix/smtpd[4021]: warning: hostname empty.stranzit.ru does not resolve to address 85.234.126.92: Name or service not known
Apr 30 06:04:56 mx1 postfix/smtpd[4021]: connect from unknown[85.234.126.92]
Apr 30 06:04:56 mx1 postfix/smtpd[4021]: disconnect from unknown[85.234.126.92] ehlo=1 quit=1 commands=2
I have looked on the Zimbra Forum, and even posted there, bit no-one seems to know if I should be worried. The posts on this forum reassure me that I should not.
Should I go to the trouble of blocking these IPs either on my router or using the iptables on my firewall, or just ignore them. Sometimes these 'Scans' occur every few seconds or minutes.
