Last few days I have been getting some form of DoS attack on my server.
These lock the mail server and prevent us sending mail.
Any thoughts on how to cut this down would be appreciated !
/var/log/sqpsmtpd
2018-10-17 15:04:15.415534500 14589 Accepted connection 9/10 from 138.197.162.236 / Unknown
2018-10-17 15:04:15.416239500 14589 Connection from Unknown [138.197.162.236]
2018-10-17 15:04:15.542398500 Missing GeoIP City data! <<<< This is just log noise from GeoIP2
2018-10-17 15:04:15.542400500 Missing GeoIP ASN data! <<<< This is just log noise from GeoIP2
2018-10-17 15:04:16.408251500 2314 Too many connections: 10 >= 10. Waiting one second.
2018-10-17 15:04:17.408505500 2314 Too many connections: 10 >= 10. Waiting one second.
2018-10-17 15:04:18.408682500 2314 Too many connections: 10 >= 10. Waiting one second.
................ loads more lines the same.....
2018-10-17 15:09:41.244603500 14589 (connect) tls: fail, unable to establish SSL
2018-10-17 15:09:41.246184500 14589 (deny) logging::logterse: ` 138.197.162.236 Unknown tls 903 Cannot establish SSL session msg denied before queued
2018-10-17 15:09:41.246186500 14589 Lost connection to client, cannot send response.
2018-10-17 15:09:41.246187500 14589 click, disconnecting
2018-10-17 15:09:41.478783500 2314 cleaning up after 14589
2018-10-17 15:09:41.478784500 2314 Too many connections: 10 >= 10. Waiting one second.
2018-10-17 15:09:41.505464500 16818 Accepted connection 9/10 from 185.222.202.113 / Unknown
2018-10-17 15:09:41.506288500 16818 Connection from Unknown [185.222.202.113]
2018-10-17 15:09:41.659520500 Missing GeoIP City data!
2018-10-17 15:09:41.661718500 Missing GeoIP ASN data!
2018-10-17 15:09:41.852729500 16818 (connect) tls: fail, unable to establish SSL
2018-10-17 15:09:41.852869500 16818 (deny) logging::logterse: ` 185.222.202.113 Unknown tls 903 Cannot establish SSL session msg denied before queued
2018-10-17 15:09:41.853024500 16818 550 Cannot establish SSL session
2018-10-17 15:09:41.853092500 16818 click, disconnecting
2018-10-17 15:09:42.479020500 2314 cleaning up after 16818
2018-10-17 15:10:54.844354500 2314 Too many connections: 10 >= 10. Waiting one second.
2018-10-17 15:10:54.852716500 17350 Accepted connection 9/10 from 93.174.93.228 / hosted-by.rainbownetworks.net
2018-10-17 15:10:54.870157500 17350 Connection from hosted-by.rainbownetworks.net [93.174.93.228]
2018-10-17 15:10:54.989002500 Missing GeoIP City data!
2018-10-17 15:10:54.989004500 Missing GeoIP ASN data!
2018-10-17 15:10:55.151380500 17350 (connect) tls: pass, connect via SMTPS
2018-10-17 15:10:55.844649500 2314 Too many connections: 10 >= 10. Waiting one second.
2018-10-17 15:10:56.152163500 17350 (connect) earlytalker: pass, not spontaneous
2018-10-17 15:10:56.154334500 17350 (connect) relay: skip, no match
2018-10-17 15:10:56.154643500 17350 (connect) ident::geoip: NL
2018-10-17 15:10:56.164513500 17350 (connect) dnsbl: karma -1 (-1)
2018-10-17 15:10:56.171124500 17350 (connect) dnsbl: fail, NAUGHTY, zen.spamhaus.org
2018-10-17 15:10:56.171125500 17350 220 esmith.impamark.co.uk ESMTP
2018-10-17 15:10:56.177927500 17350 dispatching EHLO User
2018-10-17 15:10:56.178550500 17350 (ehlo) helo: karma -1 (-2)
2018-10-17 15:10:56.178566500 17350 (ehlo) helo: fail, NAUGHTY, not FQDN
2018-10-17 15:10:56.179043500 17350 250-impamark.co.uk Hi hosted-by.rainbownetworks.net [93.174.93.228]
2018-10-17 15:10:56.179044500 17350 250-PIPELINING
2018-10-17 15:10:56.179058500 17350 250-8BITMIME
2018-10-17 15:10:56.179068500 17350 250-SIZE 20000000
2018-10-17 15:10:56.179078500 17350 250 AUTH PLAIN LOGIN
2018-10-17 15:10:56.191533500 17350 dispatching RSET
2018-10-17 15:10:56.192219500 17350 250 OK
2018-10-17 15:10:56.204675500 17350 dispatching AUTH LOGIN
2018-10-17 15:10:56.204975500 17350 334 VXNlcm5hbWU6
2018-10-17 15:10:56.217252500 17350 334 UGFzc3dvcmQ6
2018-10-17 15:10:56.229844500 17350 (auth-login) auth::auth_cvm_unix_local: fail: authentication failure for: guest@impamark.co.uk
2018-10-17 15:10:56.230044500 17350 (deny) logging::logterse: ` 93.174.93.228 hosted-by.rainbownetworks.net User auth::auth_cvm_unix_local 901 auth failure (100) msg denied before queued
2018-10-17 15:10:56.230131500 17350 535 LOGIN authentication failed for guest@impamark.co.uk - auth failure (100)
2018-10-17 15:10:56.242743500 17350 dispatching QUIT
2018-10-17 15:10:56.270632500 17350 221 impamark.co.uk closing connection. Have a wonderful day.
2018-10-17 15:10:56.270633500 17350 click, disconnecting
2018-10-17 15:10:56.844841500 2314 cleaning up after 17350
2018-10-17 15:20:50.715503500 2314 Too many connections: 10 >= 10. Waiting one second.