View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Whitelist Postfix SMTP Login
Log in to Ask a Question

Whitelist Postfix SMTP Login

email

Is there a way I can restrict what IPs can attempt logging into my SMTP server? The only IPs that should be able to login is internally through VPN.

I have been getting a lot of logs recently of IPs attempting to login to the server:

Sep  3 11:50:14 iwizardpro postfix/smtpd[21363]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21352]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21073]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21044]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure
Sep  3 11:50:14 iwizardpro postfix/smtpd[21040]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21040]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21043]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21043]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21024]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:14 iwizardpro postfix/smtpd[21024]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21522]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21522]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21252]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21252]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21363]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21363]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21352]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21352]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21073]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21073]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21044]: lost connection after AUTH from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21044]: disconnect from mx-msk.whorussia.org[62.105.144.154]
Sep  3 11:50:15 iwizardpro postfix/smtpd[21708]: warning: mx-msk.whorussia.org[62.105.144.154]: SASL LOGIN authentication failed: authentication failure

Thanks in advance! :D

3 Replies

In main.cf, you can set smtpdsaslexceptions_networks to prevent Postfix from offering AUTH support to certain networks. If you wanted to exclude all networks except 10.2.3.*, for example, you could use:

smtpd_sasl_exceptions_networks = !10.2.3.0/24

If you're using Dovecot, you can specify allowable networks on a per-user basis via allow_nets in the password database (Dovecot 1.x, Dovecot 2.x).

Hey Wizard, I'm having the same issue from the same "whorussia.org" source… how'd you go about resolving it? Did whitelisting the IPs solve the issue?

I sent an IP abuse email to the company that ran the server and the logins appeared to have stopped by themselves. I might go ahead and implement Vance's solution though.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct