postfix- are these connects in the log anything to worry about?

Lock asked:

I am noticing the following in my maillog.

Lots of these:

Sep 10 10:29:56 westc01-01-01 postfix/smtpd[26788]: connect from unknown[85.111.7.182]

And these:

Sep 10 10:34:58 westc01-01-01 postfix/smtpd[26768]: disconnect from unknown[85.111.7.182]
Sep 10 10:34:58 westc01-01-01 postfix/smtpd[26758]: timeout after AUTH from unknown[85.111.7.182]

And these:

Sep 10 10:29:56 westc01-01-01 postfix/smtpd[26737]: warning: unknown[85.111.7.182]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

Are these anything to worry about?

My answer:


Looks like just another random connection attempt from part of a botnet. Assuming your mail server is properly secured, you can ignore it. Of course, this is a good time to check and ensure that your mail server is properly secured.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.