And what if someone is on vacation? You can also use dnsbl on your submission, that helps a lot.
Are there publicly available lists of IP ranges by region?
There's no reason for any IP outside of North America to be contacting Postfix on Submission (587) or IMAP, since these are employee only services.
If not for mobile phones, we could really close it off.
On Thu, 2023-11-16 at 08:27 -0500, Paul Kudla wrote:
Good day to all .....
Just adding to the conversation with how I had to deal with this years ago.
Basically hacks to any server are an issue today but it is cat & mouse trying to track all of this.
That being said using the reported ip address below, I patched postfix to log the ip address in one syslog pass (to id the sasl user account + ip etc)
Along with the above dovecot logging is verbose (dovecot already does all access in one line - ie ip address, username (email address) etc)
combining the two I run my own ip address firewall tracking system based on the syslogging in real time.
For Example :
# ipinfo 104.156.155.21
IP Status for : 104.156.155.21
IP Status : IPv4 NS Lookup (Forward) : 104.156.155.21 NS Lookup (Reverse) : None
IP Blacklisted Status : Found 104.156.155. for 104.156.155.21 [D] {Asterisk} Last Program : sshd