I have a mail server on Ubuntu 20.04. Yesterday I set up UFW firewall which looks like:
root@vmi514622:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp LIMIT IN Anywhere
80/tcp ALLOW IN Anywhere # accept Apache
443/tcp ALLOW IN Anywhere # accept HTTPS connections
1194/udp ALLOW IN Anywhere # OpenVPN server
Anywhere DENY IN 49.88.112.75
465/tcp ALLOW IN Anywhere
587/tcp ALLOW IN Anywhere
22/tcp (v6) LIMIT IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6) # accept Apache
443/tcp (v6) ALLOW IN Anywhere (v6) # accept HTTPS connections
1194/udp (v6) ALLOW IN Anywhere (v6) # OpenVPN server
465/tcp (v6) ALLOW IN Anywhere (v6)
587/tcp (v6) ALLOW IN Anywhere (v6)
Today I get an email with this log which shows hundreds of attempts to log in as root:
################### Logwatch 7.5.2 (07/22/19) ####################
Processing Initiated: Tue Mar 2 06:25:06 2021
Date Range Processed: yesterday
( 2021-Mar-01 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: vmi514622.contaboserver.net
##################################################################
--------------------- Amavisd-new Begin ------------------------
37 Total messages scanned ------------------ 100.00%
307.387K Total bytes scanned 314,764
======== ==================================================
37 Passed ---------------------------------- 100.00%
37 Clean passed 100.00%
======== ==================================================
37 Ham ------------------------------------- 100.00%
37 Clean passed 100.00%
======== ==================================================
---------------------- Amavisd-new End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (49.88.112.112): 76 Time(s)
root (1.119.166.234): 65 Time(s)
root (119.28.140.54): 64 Time(s)
root (107.170.131.23): 63 Time(s)
root (117.211.192.70): 59 Time(s)
root (139.99.105.138): 59 Time(s)
root (167.71.102.201): 59 Time(s)
root (61.244.201.237): 58 Time(s)
root (220.248.95.178): 55 Time(s)
root (106.52.69.167): 54 Time(s)
root (218.93.12.178): 53 Time(s)
root (112.14.59.120): 50 Time(s)
root (190.144.139.235): 50 Time(s)
root (122.176.87.177): 48 Time(s)
root (162.211.226.228): 48 Time(s)
root (203.184.132.191): 48 Time(s)
root (124.105.173.17): 47 Time(s)
root (180.167.225.118): 46 Time(s)
root (222.127.97.91): 46 Time(s)
root (113.28.243.105): 45 Time(s)
root (129.226.157.108): 45 Time(s)
root (81.70.175.232): 45 Time(s)
root (152.136.99.20): 42 Time(s)
root (117.220.201.79): 40 Time(s)
root (124.239.148.87): 40 Time(s)
root (51.77.245.98): 40 Time(s)
root (152.67.165.129): 39 Time(s)
root (153.126.184.65): 39 Time(s)
unknown (163.172.162.15): 39 Time(s)
root (106.13.3.35): 38 Time(s)
root (14.161.45.187): 38 Time(s)
root (14.29.200.186): 38 Time(s)
root (49.235.65.127): 37 Time(s)
root (106.13.89.74): 36 Time(s)
root (221.181.185.148): 36 Time(s)
root (201.111.170.174): 34 Time(s)
root (221.181.185.220): 32 Time(s)
root (221.181.185.198): 28 Time(s)
root (182.254.221.82): 27 Time(s)
root (200.148.108.232): 27 Time(s)
root (150.158.175.66): 25 Time(s)
root (81.68.136.135): 25 Time(s)
root (119.45.194.63): 23 Time(s)
root (106.75.71.82): 22 Time(s)
root (222.249.173.170): 22 Time(s)
root (115.236.89.211): 20 Time(s)
root (106.54.17.221): 19 Time(s)
root (221.181.185.143): 16 Time(s)
root (221.181.185.19): 16 Time(s)
root (221.181.185.29): 16 Time(s)
root (222.187.238.87): 16 Time(s)
root (111.231.215.244): 15 Time(s)
root (115.207.182.167): 15 Time(s)
root (120.92.34.203): 15 Time(s)
root (123.127.237.41): 15 Time(s)
root (154.73.188.183): 15 Time(s)
root (160.251.9.131): 15 Time(s)
root (191.162.202.25): 15 Time(s)
root (49.232.215.196): 15 Time(s)
root (61.136.184.75): 15 Time(s)
root (117.220.203.144): 14 Time(s)
root (221.181.185.223): 14 Time(s)
root (159.89.199.80): 13 Time(s)
root (111.67.206.20): 12 Time(s)
root (152.136.149.60): 12 Time(s)
root (221.131.165.124): 12 Time(s)
root (221.181.185.135): 12 Time(s)
root (221.181.185.140): 12 Time(s)
root (221.181.185.237): 12 Time(s)
root (222.187.222.55): 12 Time(s)
root (222.187.239.31): 12 Time(s)
root (27.128.173.81): 12 Time(s)
root (68.63.236.82): 12 Time(s)
root (81.69.38.149): 12 Time(s)
root (218.14.208.90): 11 Time(s)
root (101.231.146.34): 10 Time(s)
root (119.29.155.249): 10 Time(s)
root (218.56.160.82): 10 Time(s)
root (42.192.152.72): 10 Time(s)
root (46.146.242.149): 10 Time(s)
root (221.131.165.86): 8 Time(s)
root (49.88.112.73): 8 Time(s)
root (192.144.140.20): 7 Time(s)
root (64.225.53.31): 7 Time(s)
root (129.28.175.24): 6 Time(s)
root (178.128.247.181): 6 Time(s)
mail (163.172.162.15): 5 Time(s)
root (161.97.126.91): 5 Time(s)
root (167.86.90.235): 5 Time(s)
root (186.121.204.10): 5 Time(s)
root (212.64.71.254): 5 Time(s)
root (27.155.193.17): 5 Time(s)
root (49.232.87.218): 5 Time(s)
root (68.183.156.109): 5 Time(s)
root (152.136.209.192): 3 Time(s)
unknown (159.203.29.235): 3 Time(s)
root (103.232.91.46): 2 Time(s)
unknown (141.98.80.29): 2 Time(s)
unknown (141.98.80.90): 2 Time(s)
unknown (141.98.80.93): 2 Time(s)
unknown (165.22.85.95): 2 Time(s)
unknown (195.206.105.217): 2 Time(s)
unknown (91.173.12.250): 2 Time(s)
root (115.159.90.137): 1 Time(s)
root (122.161.194.250): 1 Time(s)
root (141.98.80.89): 1 Time(s)
root (141.98.80.91): 1 Time(s)
root (141.98.80.92): 1 Time(s)
root (150.136.243.33): 1 Time(s)
root (151.106.113.19): 1 Time(s)
root (151.253.125.137): 1 Time(s)
root (152.32.252.163): 1 Time(s)
root (154.120.242.70): 1 Time(s)
root (157.230.90.18): 1 Time(s)
root (157.245.140.49): 1 Time(s)
root (167.172.233.156): 1 Time(s)
root (176.121.235.86): 1 Time(s)
root (178.33.67.12): 1 Time(s)
root (182.61.144.129): 1 Time(s)
root (187.45.103.15): 1 Time(s)
root (217.128.133.129): 1 Time(s)
root (218.103.15.177): 1 Time(s)
root (36.133.163.35): 1 Time(s)
root (45.80.153.199): 1 Time(s)
root (49.232.2.249): 1 Time(s)
root (81.68.253.95): 1 Time(s)
root (86.131.53.144): 1 Time(s)
root (89.71.241.168): 1 Time(s)
root (93.188.164.171): 1 Time(s)
unknown (141.98.80.89): 1 Time(s)
unknown (141.98.80.91): 1 Time(s)
unknown (141.98.80.92): 1 Time(s)
Invalid Users:
Unknown Account: 57 Time(s)
su:
Authentication Failures:
root(1000) -> root: 1 Time(s)
Sessions Opened:
root -> iredadmin: 1 Time(s)
root -> iredapd: 1 Time(s)
root -> netdata: 1 Time(s)
root -> root: 1 Time(s)
root -> vlado: 1 Time(s)
root -> vmail: 1 Time(s)
sudo:
Sessions Opened:
root -> root: 14 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
1 Connections 1
1 Disconnections 1
32 Postscreen 32
1 TLS connections (server) 1
1 TLS connections (client) 1
**Unmatched Entries**
1 Mar 1 10:29:55 vmi514622 postfix/cleanup[1196156]: 4Dpw2p75TJzPkbt: message-id=<[email protected]>
1 Mar 1 10:36:33 vmi514622 postfix/qmgr[46456]: 4DpwBT5nq3zPkdb: from=<[email protected]>, size=4708, nrcpt=1 (queue active)
1 Mar 1 12:24:23 vmi514622 postfix/cleanup[1200919]: 4DpyZv4FZTzPkdg: message-id=<[email protected]>
1 Mar 1 20:14:18 vmi514622 postfix/qmgr[46456]: 4Dq9152GSBzPkbt: removed
1 Mar 1 22:43:50 vmi514622 postfix/qmgr[46456]: 4DqDKW28dzzPkbt: removed
1 Mar 1 21:34:50 vmi514622 postfix/cleanup[1222763]: 4DqBp26MQdzPkbt: message-id=<[email protected]>
1 Mar 1 15:25:21 vmi514622 postfix/pipe[1207882]: 4Dq2bj19CbzPkdg: to=<[email protected]>, relay=dovecot, delay=0.13, delays=0.01/0.01/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 10:24:26 vmi514622 postfix/pipe[1195937]: 4DpvwT3ynvzPkdB: to=<[email protected]>, relay=dovecot, delay=0.48, delays=0.02/0.04/0/0.42, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 03:30:06 vmi514622 postfix/cleanup[1177579]: 4DpkkQ5bHKzPkdg: message-id=<[email protected]>
1 Mar 1 11:20:47 vmi514622 postfix/pipe[1198348]: 4Dpx9W0njGzPkdg: to=<[email protected]>, relay=dovecot, delay=0.17, delays=0.01/0.02/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 21:25:24 vmi514622 postfix/qmgr[46456]: 4DqBb81DvVzPkdg: removed
1 Mar 1 16:50:19 vmi514622 postfix/cleanup[1211187]: 4Dq4Tl4g7GzPkbt: message-id=<[email protected]>
1 Mar 1 20:55:33 vmi514622 postfix/qmgr[46456]: 4Dq9wj3HY7zPkbt: from=<[email protected]>, size=6266, nrcpt=1 (queue active)
1 Mar 1 06:26:20 vmi514622 postfix/cleanup[1185400]: 4Dppdm1cvrzPkdj: message-id=<[email protected]>
1 Mar 1 12:25:09 vmi514622 postfix/cleanup[1200919]: 4Dpybn49tpzPkdg: message-id=<[email protected]>
1 Mar 1 21:49:08 vmi514622 postfix/qmgr[46456]: 4DqC6V1qxxzPkbt: removed
1 Mar 1 21:34:51 vmi514622 postfix/pipe[1222768]: 4DqBp32pZTzPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0.01/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:26:52 vmi514622 postfix/qmgr[46456]: 4DpxJX12dvzPkbt: removed
1 Mar 1 12:25:09 vmi514622 postfix/cleanup[1200919]: 4Dpybn2NYMzPkbt: message-id=<[email protected]>
1 Mar 1 10:25:03 vmi514622 postfix/qmgr[46456]: 4DpvxC2tj6zPkdH: from=<[email protected]>, size=7438, nrcpt=1 (queue active)
1 Mar 1 21:49:06 vmi514622 postfix/cleanup[1223355]: 4DqC6V1qxxzPkbt: message-id=<[email protected]>
1 Mar 1 22:43:43 vmi514622 postfix/qmgr[46456]: 4DqDKW28dzzPkbt: from=<[email protected]>, size=6124, nrcpt=1 (queue active)
1 Mar 1 10:25:03 vmi514622 postfix/qmgr[46456]: 4DpvxC2tj6zPkdH: removed
1 Mar 1 04:00:08 vmi514622 postfix/cleanup[1178958]: 4DplP44YsczPkdg: message-id=<[email protected]>
1 Mar 1 10:54:17 vmi514622 postfix/cleanup[1197185]: 4DpwZx1CnxzPkbt: message-id=<[email protected]>
1 Mar 1 20:55:34 vmi514622 postfix/qmgr[46456]: 4Dq9wk33zVzPkdg: removed
1 Mar 1 20:45:09 vmi514622 postfix/cleanup[1220774]: 4Dq9hj1vh8zPkbt: message-id=<[email protected]>
1 Mar 1 11:20:47 vmi514622 postfix/qmgr[46456]: 4Dpx9T2Y3BzPkbt: removed
1 Mar 1 20:45:10 vmi514622 postfix/qmgr[46456]: 4Dq9hk16kBzPkdg: removed
1 Mar 1 11:25:09 vmi514622 postfix/cleanup[1198541]: 4DpxGY2lHyzPkbt: message-id=<[email protected]>
1 Mar 1 11:25:52 vmi514622 postfix/qmgr[46456]: 4DpxHN45bqzPkdg: removed
1 Mar 1 10:54:17 vmi514622 postfix/qmgr[46456]: 4DpwZx1CnxzPkbt: removed
1 Mar 1 16:50:20 vmi514622 postfix/qmgr[46456]: 4Dq4Tl4g7GzPkbt: removed
1 Mar 1 11:20:47 vmi514622 postfix/qmgr[46456]: 4Dpx9W0njGzPkdg: from=<[email protected]>, size=23083, nrcpt=1 (queue active)
1 Mar 1 04:01:02 vmi514622 postfix/qmgr[46456]: 4DplQ65lDTzPkdg: from=<[email protected]>, size=855, nrcpt=1 (queue active)
1 Mar 1 10:25:02 vmi514622 postfix/qmgr[46456]: 4DpvxB4jmRzPkbt: from=<[email protected]>, size=6055, nrcpt=1 (queue active)
1 Mar 1 12:25:09 vmi514622 postfix/qmgr[46456]: 4Dpybn2NYMzPkbt: from=<[email protected]>, size=1318, nrcpt=1 (queue active)
1 Mar 1 17:37:06 vmi514622 postfix/qmgr[46456]: 4Dq5Wk2KFMzPkdg: from=<[email protected]>, size=96198, nrcpt=1 (queue active)
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ80YwqzPkdc: from=<[email protected]>, size=2223, nrcpt=1 (queue active)
1 Mar 1 17:34:49 vmi514622 postfix/pipe[1213041]: 4Dq5T474YtzPkdg: to=<[email protected]>, relay=dovecot, delay=0.1, delays=0.03/0.02/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 21:49:08 vmi514622 postfix/qmgr[46456]: 4DqC6X1tg2zPkdg: from=<[email protected]>, size=7651, nrcpt=1 (queue active)
1 Mar 1 06:26:20 vmi514622 postfix/local[1185425]: 4Dppdm1TB7zPkdc: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as 4Dppdm1cvrzPkdj)
1 Mar 1 04:01:04 vmi514622 postfix/cleanup[1178958]: 4DplQ80YwqzPkdc: message-id=<[email protected]>
1 Mar 1 20:45:10 vmi514622 postfix/cleanup[1220774]: 4Dq9hk16kBzPkdg: message-id=<[email protected]>
1 Mar 1 11:36:23 vmi514622 postfix/pipe[1198903]: 4DpxWV6dHtzPkdg: to=<[email protected]>, relay=dovecot, delay=0.08, delays=0.01/0.02/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:18:37 vmi514622 postfix/pipe[1198261]: 4Dpx711q91zPkdg: to=<[email protected]>, relay=dovecot, delay=0.16, delays=0.03/0.04/0/0.09, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:20:45 vmi514622 postfix/qmgr[46456]: 4Dpx9T2Y3BzPkbt: from=<[email protected]>, size=21700, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/pipe[1196674]: 4DpwHc5S2xzPkdg: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.01/0.01/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 12:09:26 vmi514622 postfix/pipe[1200352]: 4DpyFf5PhZzPkdg: to=<[email protected]>, relay=dovecot, delay=0.15, delays=0.01/0.02/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 17:34:49 vmi514622 postfix/qmgr[46456]: 4Dq5Sy23z9zPkbt: removed
1 Mar 1 11:35:36 vmi514622 postfix/cleanup[1198898]: 4DpxVc5dHhzPkbt: message-id=<[email protected]>
1 Mar 1 11:36:22 vmi514622 postfix/cleanup[1198898]: 4DpxWV3rTNzPkbt: message-id=<[email protected]>
1 Mar 1 20:45:10 vmi514622 postfix/qmgr[46456]: 4Dq9hj1vh8zPkbt: removed
1 Mar 1 04:00:06 vmi514622 postfix/pickup[1177877]: 4DplP2288zzPkdg: uid=0 from=<root>
1 Mar 1 10:30:29 vmi514622 postfix/cleanup[1196156]: 4Dpw3T3XCYzPkbt: message-id=<[email protected]>
1 Mar 1 10:28:10 vmi514622 postfix/cleanup[1196074]: 4Dpw0p0QkkzPkbt: message-id=<[email protected]>
1 Mar 1 12:20:56 vmi514622 postfix/qmgr[46456]: 4DpyVw3JlSzPkdg: removed
1 Mar 1 17:37:05 vmi514622 postfix/cleanup[1213164]: 4Dq5Wj33ZnzPkbt: message-id=<CACBSb5ZvgNzda5Bwz_UKqsvBpDvreak4g+UgwCTfQrVSnLrW=g@mail.gmail.com>
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ80YwqzPkdc: removed
1 Mar 1 04:00:08 vmi514622 postfix/qmgr[46456]: 4DplP2288zzPkdg: removed
1 Mar 1 06:26:16 vmi514622 postfix/cleanup[1185400]: 4Dppdh3zd9zPkdg: message-id=<[email protected]>
1 Mar 1 12:20:56 vmi514622 postfix/qmgr[46456]: 4DpyVp4G02zPkbt: removed
1 Mar 1 20:55:34 vmi514622 postfix/qmgr[46456]: 4Dq9wk33zVzPkdg: from=<[email protected]>, size=7649, nrcpt=1 (queue active)
1 Mar 1 12:24:23 vmi514622 postfix/qmgr[46456]: 4DpyZv4FZTzPkdg: from=<[email protected]>, size=6965, nrcpt=1 (queue active)
1 Mar 1 22:43:43 vmi514622 postfix/cleanup[1225466]: 4DqDKW28dzzPkbt: message-id=<[email protected]>
1 Mar 1 04:00:06 vmi514622 postfix/cleanup[1178958]: 4DplP2288zzPkdg: message-id=<[email protected]>
1 Mar 1 03:30:03 vmi514622 postfix/cleanup[1177579]: 4DpkkM0BsnzPkdc: message-id=<[email protected]>
1 Mar 1 11:20:47 vmi514622 postfix/qmgr[46456]: 4Dpx9W0njGzPkdg: removed
1 Mar 1 10:28:10 vmi514622 postfix/qmgr[46456]: 4Dpw0p0QkkzPkbt: removed
1 Mar 1 11:18:35 vmi514622 postfix/cleanup[1198256]: 4Dpx6z6dVszPkbt: message-id=<[email protected]>
1 Mar 1 04:01:02 vmi514622 postfix/cleanup[1178958]: 4DplQ65lDTzPkdg: message-id=<[email protected]>
1 Mar 1 03:30:06 vmi514622 postfix/cleanup[1177579]: 4DpkkQ5nLqzPkdj: message-id=<[email protected]>
1 Mar 1 11:36:23 vmi514622 postfix/qmgr[46456]: 4DpxWV6dHtzPkdg: removed
1 Mar 1 10:28:10 vmi514622 postfix/cleanup[1196074]: 4Dpw0p6CRPzPkdM: message-id=<[email protected]>
1 Mar 1 17:37:06 vmi514622 postfix/pipe[1213175]: 4Dq5Wk2KFMzPkdg: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.01/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:25:52 vmi514622 postfix/cleanup[1198541]: 4DpxHN1Y3nzPkbt: message-id=<[email protected]>
1 Mar 1 10:24:25 vmi514622 postfix/qmgr[46456]: 4DpvwS4Jv6zPkbt: removed
1 Mar 1 15:25:10 vmi514622 postfix/qmgr[46456]: 4Dq2bV1DXMzPkbt: from=<[email protected]>, size=6101, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/qmgr[46456]: 4DpwHc24GqzPkbt: removed
1 Mar 1 20:45:10 vmi514622 postfix/smtp[1220779]: 4Dq9hk16kBzPkdg: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[108.177.126.27]:25, delay=0.57, delays=0.01/0.02/0.13/0.41, dsn=2.0.0, status=sent (250 2.0.0 OK 1614627910 i12si11266553ejr.344 - gsmtp)
1 Mar 1 09:04:18 vmi514622 postfix/pipe[1192514]: 4Dpt8227gKzPkcx: to=<[email protected]>, relay=dovecot, delay=0.1, delays=0.01/0.01/0/0.08, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ65lDTzPkdg: removed
1 Mar 1 03:30:03 vmi514622 postfix/qmgr[46456]: 4DpkkM0BsnzPkdc: from=<[email protected]>, size=1299, nrcpt=1 (queue active)
1 Mar 1 11:25:09 vmi514622 postfix/pipe[1198546]: 4DpxGY5ZdtzPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0.01/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 10:36:33 vmi514622 postfix/pipe[1196443]: 4DpwBT5nq3zPkdb: to=<[email protected]>, relay=dovecot, delay=0.14, delays=0.02/0.02/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:20:45 vmi514622 postfix/cleanup[1198341]: 4Dpx9T2Y3BzPkbt: message-id=<[email protected]>
1 Mar 1 23:12:41 vmi514622 postfix/qmgr[46456]: 4DqDyq4pnFzPkbt: removed
1 Mar 1 23:12:35 vmi514622 postfix/qmgr[46456]: 4DqDyq4pnFzPkbt: from=<[email protected]>, size=6163, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/qmgr[46456]: 4DpwHc24GqzPkbt: from=<[email protected]>, size=3324, nrcpt=1 (queue active)
1 Mar 1 12:20:56 vmi514622 postfix/cleanup[1200775]: 4DpyVw3JlSzPkdg: message-id=<[email protected]>
1 Mar 1 20:45:10 vmi514622 postfix/qmgr[46456]: 4Dq9hk16kBzPkdg: from=<[email protected]>, size=1968, nrcpt=1 (queue active)
1 Mar 1 10:25:03 vmi514622 postfix/pipe[1195937]: 4DpvxC2tj6zPkdH: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0/0.02/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 12:20:50 vmi514622 postfix/cleanup[1200775]: 4DpyVp4G02zPkbt: message-id=<[email protected]>
1 Mar 1 12:09:14 vmi514622 postfix/qmgr[46456]: 4DpyFQ6K9pzPkbt: from=<[email protected]>, size=3324, nrcpt=1 (queue active)
1 Mar 1 10:30:30 vmi514622 postfix/qmgr[46456]: 4Dpw3V0k5lzPkdW: removed
1 Mar 1 11:26:52 vmi514622 postfix/cleanup[1198541]: 4DpxJX3v27zPkdg: message-id=<[email protected]>
1 Mar 1 20:55:34 vmi514622 postfix/pipe[1221178]: 4Dq9wk33zVzPkdg: to=<[email protected]>, relay=dovecot, delay=0.13, delays=0.01/0.02/0/0.1, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 15:25:21 vmi514622 postfix/qmgr[46456]: 4Dq2bj19CbzPkdg: from=<[email protected]>, size=7458, nrcpt=1 (queue active)
1 Mar 1 12:09:26 vmi514622 postfix/cleanup[1200333]: 4DpyFf5PhZzPkdg: message-id=<[email protected]>
1 Mar 1 23:12:41 vmi514622 postfix/qmgr[46456]: 4DqDyx2nnczPkdg: removed
1 Mar 1 11:26:52 vmi514622 postfix/pipe[1198546]: 4DpxJX3v27zPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0/0.02/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 09:04:18 vmi514622 postfix/qmgr[46456]: 4Dpt813WSdzPkbt: removed
1 Mar 1 04:00:08 vmi514622 postfix/qmgr[46456]: 4DplP43wYCzPkdc: from=<[email protected]>, size=2769, nrcpt=1 (queue active)
1 Mar 1 12:24:23 vmi514622 postfix/pipe[1200924]: 4DpyZv4FZTzPkdg: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.01/0.02/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 06:26:20 vmi514622 postfix/qmgr[46456]: 4Dppdm1TB7zPkdc: from=<[email protected]>, size=32737, nrcpt=1 (queue active)
1 Mar 1 21:20:25 vmi514622 postfix/qmgr[46456]: 4DqBTN6l1SzPkdg: removed
1 Mar 1 11:35:37 vmi514622 postfix/qmgr[46456]: 4DpxVc5dHhzPkbt: removed
1 Mar 1 16:50:20 vmi514622 postfix/cleanup[1211187]: 4Dq4Tm5kDYzPkdg: message-id=<[email protected]>
1 Mar 1 10:29:55 vmi514622 postfix/qmgr[46456]: 4Dpw2p75TJzPkbt: removed
1 Mar 1 03:30:06 vmi514622 postfix/qmgr[46456]: 4DpkkM0BsnzPkdc: removed
1 Mar 1 12:24:23 vmi514622 postfix/cleanup[1200919]: 4DpyZv01YCzPkbt: message-id=<[email protected]>
1 Mar 1 10:30:30 vmi514622 postfix/qmgr[46456]: 4Dpw3V0k5lzPkdW: from=<[email protected]>, size=6965, nrcpt=1 (queue active)
1 Mar 1 22:43:50 vmi514622 postfix/cleanup[1225466]: 4DqDKf3H3CzPkdg: message-id=<[email protected]>
1 Mar 1 10:36:33 vmi514622 postfix/qmgr[46456]: 4DpwBT0K56zPkbt: from=<[email protected]>, size=3325, nrcpt=1 (queue active)
1 Mar 1 20:14:17 vmi514622 postfix/qmgr[46456]: 4Dq9152GSBzPkbt: from=<[email protected]>, size=6271, nrcpt=1 (queue active)
1 Mar 1 10:24:24 vmi514622 postfix/qmgr[46456]: 4DpvwS4Jv6zPkbt: from=<[email protected]>, size=6054, nrcpt=1 (queue active)
1 Mar 1 06:26:20 vmi514622 postfix/pipe[1185426]: 4Dppdm1cvrzPkdj: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.14, delays=0/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 23:12:41 vmi514622 postfix/pipe[1226661]: 4DqDyx2nnczPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 06:26:16 vmi514622 postfix/qmgr[46456]: 4Dppdh3zd9zPkdg: from=<[email protected]>, size=31358, nrcpt=1 (queue active)
1 Mar 1 10:30:30 vmi514622 postfix/qmgr[46456]: 4Dpw3T3XCYzPkbt: removed
1 Mar 1 21:20:24 vmi514622 postfix/qmgr[46456]: 4DqBTN6l1SzPkdg: from=<[email protected]>, size=7484, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/qmgr[46456]: 4DpwHc5S2xzPkdg: removed
1 Mar 1 04:00:06 vmi514622 postfix/qmgr[46456]: 4DplP2288zzPkdg: from=<[email protected]>, size=1389, nrcpt=1 (queue active)
1 Mar 1 21:34:51 vmi514622 postfix/qmgr[46456]: 4DqBp32pZTzPkdg: from=<[email protected]>, size=7647, nrcpt=1 (queue active)
1 Mar 1 17:34:49 vmi514622 postfix/cleanup[1213036]: 4Dq5T474YtzPkdg: message-id=<[email protected]>
1 Mar 1 06:26:16 vmi514622 postfix/pickup[1182116]: 4Dppdh3zd9zPkdg: uid=0 from=<root>
1 Mar 1 03:30:06 vmi514622 postfix/local[1177589]: 4DpkkQ5bHKzPkdg: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as 4DpkkQ5nLqzPkdj)
1 Mar 1 03:30:07 vmi514622 postfix/pipe[1177591]: 4DpkkQ5nLqzPkdj: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.19, delays=0/0.01/0/0.18, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ80f1PzPkdj: from=<[email protected]>, size=2383, nrcpt=1 (queue active)
1 Mar 1 10:28:10 vmi514622 postfix/qmgr[46456]: 4Dpw0p6CRPzPkdM: from=
---------------------- Postfix End -------------------------
--------------------- rsyslogd Begin ------------------------
Rsyslogd actions suspended:
action-6-builtin:omfile (builtin:omfile): 15531 Times
Rsyslogd actions resumed
action-6-builtin:omfile (builtin:omfile): 14120 Times
**** Unmatched entries ****
file '/var/log/fail2ban.log': open error: Permission denied [v8.2001.0 try https://www.rsyslog.com/e/2433 ] : 1 Times
---------------------- rsyslogd End -------------------------
I am not sure but I read somewhere that UFW is able to block number of failed logins from one IP within 30 seconds window. I dont know but in the log there are really hundreds of attempts. Or is it the log from the time when the firewall was not set yet? I set it about 12 hours ago. Is my firewall right? Thanks a lot for help.
That is just normal noise of the
www. If you use strong passwords, it is nothing to worry about.However there are some measures you should take to lower the noise and make your server more secure:
rootlogin, rather login as normal user and usesudo.passwordlogin and usepubkey-authentication onlysshport to some higher port number (make sure to allow it in your firewall).fail2banto at least delay these attempts.See also for more information.
ufw limitandfail2banare nice to have, but attackers know about these limits and make just as many attempts that they won't get blocked. Usually these random attacks are done via some botnet of random servers taken over, so the effect of limiting attempts per IP is limited.