• Featured Articles
  • Tech How to Guides
  • Tech News
  • Forums
  • Homepage
  1. You are here:  
  2. Tech How to Guides
  3. Linux
linux penguin logo
Robots attacking a fence

Use Fail2ban and Postscreen to Fight Botnet Connections to Postfix

Written by: Andrew Wellington
Category: Linux
Published: 11 November 2023
Last Updated: 16 April 2025
Hits: 12978
  • email
  • postfix
  • security

I noticed multiple unsuccessful connection attempts in my postfix server from various IPs. The EHLO response varies but many of them respond as "User\r\n". See the following log entries from my /var/log/postfix.log file...

Nov 10 19:20:58 mail postfix/postscreen[18652]: COMMAND PIPELINING from [162.142.125.10]:57044 after ??????: 6\2
Nov 10 19:20:57 mail postfix/postscreen[18652]: COMMAND PIPELINING from [162.142.125.10]:46298 after ??????: W\
Nov  6 05:57:36 mail postfix/postscreen[15159]: PREGREET 11 after 0.12 from [147.78.103.88]:56690: EHLO User\r\n
Oct 30 04:05:40 mail postfix/postscreen[8417]: PREGREET 11 after 0.13 from [87.120.84.90]:58426: EHLO User\r\n
Oct 30 04:54:26 mail postfix/postscreen[9258]: PREGREET 11 after 0.13 from [87.120.84.90]:51143: EHLO User\r\n

As you can see, these connection attempts are coming from many different IP addresses. The best way to handle these attempts is with a custom Fail2ban rule that can match against the EHLO response. Fail2ban is log monitoring software that is able to take action when it matches a rule. These actions can vary but the default is to "ban" the IP and/or port by creating a rule in iptables. I will walk through the setup of this custom Fail2ban rule and the subsequent testing and verifying of the rule.

Read more …

6 comments on “Use Fail2ban and Postscreen to Fight Botnet Connections to Postfix”
mouse with mail falling out of its bag

Setup Postfix as a Send-Only External SMTP Relay

Written by: Andrew Wellington
Category: Linux
Published: 07 November 2023
Last Updated: 28 July 2024
Hits: 3638
  • email
  • postfix

Self-hosting a mail server can be a great learning experience. I recently set up an email server using Docker Mail-Server and I ran into an issue with outgoing mail where my public IP was on a policy blocklist. This caused almost all of my outgoing emails to be blocked. If you are faced with this problem, there are two directions you can go. You can sign up for an SMTP service, some are even free up to a certain number of emails, or you can run a postfix relay in a VPS. I like to have control of the underlying infrastructure, so I went with the latter. This guide will walk you through how to configure the Postfix relay server on the VPS so that it only accepts mail from your mail server's IP or from a server with a certificate that matches your mail server's hostname.

Read more …

No comments on “Setup Postfix as a Send-Only External SMTP Relay”

Guide Categories

  • Synology (3)
  • Azure (0)
  • Linux (2)
  • Powershell (3)

Most Popular Tags

email 4 web development 3 scripting 3 postfix 2 security 2
Copyright © 2025 TicTacTech.net. All Rights Reserved.
Joomla! is Free Software released under the GNU General Public License.

  • Contact Us
  • Sitewide Search
  • Site Contributors
  • Sitemap