So I have set up my own mail server 🙃 🙂. What an achievement for me 😆😅 And it was working fine till recently. It becomes really, really slow. And I checked the log and found out this. What could I do and what’s the purpose of this? Is it a brute force attack? All these ips are owned by the same person/group?? Any help or pointers will be deeply appreciated
Yeah that looks a lot like the typical bruteforce attempts from the evil lands of the internet. Fail2ban did the trick for me. Logs are clean now
But the ips used in the attacks are not the same…fail2ban is active in my server but it didn’t ban anything since every ip user only failed once for the password