我设置了 Zimbra 邮件服务器,并注意到端口 25 上的许多连接尝试由于反向查找失败而被拒绝。以下是示例输出:
Apr 30 06:04:48 mx1 postfix/postscreen[25405]: CONNECT from [213.221.224.122]:58241 to [MyInternalIP]:25
Apr 30 06:04:48 mx1 postfix/postscreen[25405]: PREGREET 11 after 0.06 from [213.221.224.122]:58241: EHLO User\r\n
Apr 30 06:04:48 mx1 postfix/smtpd[4021]: connect from 213-221-224-122.static.ftth.fcom.ch[213.221.224.122]
Apr 30 06:04:48 mx1 postfix/smtpd[4021]: disconnect from 213-221-224-122.static.ftth.fcom.ch[213.221.224.122] ehlo=1 quit=1 commands=2
Apr 30 06:04:55 mx1 postfix/postscreen[25405]: CONNECT from [85.234.126.92]:59355 to [MyInternalIP]:25
Apr 30 06:04:56 mx1 postfix/postscreen[25405]: PREGREET 11 after 0.15 from [85.234.126.92]:59355: EHLO User\r\n
Apr 30 06:04:56 mx1 postfix/smtpd[4021]: warning: hostname empty.stranzit.ru does not resolve to address 85.234.126.92: Name or service not known
Apr 30 06:04:56 mx1 postfix/smtpd[4021]: connect from unknown[85.234.126.92]
Apr 30 06:04:56 mx1 postfix/smtpd[4021]: disconnect from unknown[85.234.126.92] ehlo=1 quit=1 commands=2
我查看了 Zimbra 论坛,甚至在那里发过帖子,但似乎没人知道我是否应该担心。这个论坛上的帖子让我放心,我不需要担心。
我是否应该费力地在路由器上或使用防火墙上的 iptables 阻止这些 IP,还是干脆忽略它们。有时这些“扫描”每隔几秒或几分钟就会发生一次。