80.94.95.239 keeps trying and it won't get banned. the following is a short excerpt from the log file. somehow the ip 194.169.175.10 is being banned.
2024-11-18T00:09:07.189883+03:00 hostname postfix/smtpd[90003]: lost connection after AUTH from unknown[94.141.120.186]
2024-11-18T00:09:07.193440+03:00 hostname postfix/smtpd[90003]: disconnect from unknown[94.141.120.186] ehlo=1 auth=0/1 commands=1/2
2024-11-18T00:09:53.175656+03:00 hostname postfix/smtpd[90003]: connect from unknown[94.141.120.86]
2024-11-18T00:09:55.350604+03:00 hostname postfix/smtpd[90003]: warning: unknown[94.141.120.86]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=financeiro@domain.com
2024-11-18T00:09:55.383619+03:00 hostname postfix/smtpd[90003]: disconnect from unknown[94.141.120.86] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:11:52.354277+03:00 hostname postfix/smtpd[90036]: connect from unknown[80.94.95.239]
2024-11-18T00:11:54.035232+03:00 hostname postfix/smtpd[90036]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=core@domain.com
2024-11-18T00:11:54.122895+03:00 hostname postfix/smtpd[90036]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:15:14.336421+03:00 hostname postfix/anvil[90005]: statistics: max connection rate 1/60s for (smtp:80.94.95.239) at Nov 18 00:08:02
2024-11-18T00:15:14.339820+03:00 hostname postfix/anvil[90005]: statistics: max connection count 1 for (smtp:80.94.95.239) at Nov 18 00:08:02
2024-11-18T00:15:14.339959+03:00 hostname postfix/anvil[90005]: statistics: max cache size 2 at Nov 18 00:09:05
2024-11-18T00:15:42.951213+03:00 hostname postfix/smtpd[90059]: connect from unknown[80.94.95.239]
2024-11-18T00:15:49.405172+03:00 hostname postfix/smtpd[90059]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=destroy@domain.com
2024-11-18T00:15:49.435245+03:00 hostname postfix/smtpd[90059]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:16:29.026333+03:00 hostname dovecot: pop3-login: Login: user=<cem@domain.com>, method=PLAIN, rip=52.98.180.173, lip=80.211.143.65, mpid=90067, TLS, session=<aPk/UCIn83Y0YrSt>
2024-11-18T00:16:29.205113+03:00 hostname dovecot: pop3(cem@domain.com)<90067><aPk/UCIn83Y0YrSt>: Disconnected: Logged out top=0/0, retr=0/0, del=0/4, size=116513
2024-11-18T00:19:09.650468+03:00 hostname postfix/anvil[90061]: statistics: max connection rate 1/60s for (smtp:80.94.95.239) at Nov 18 00:15:42
2024-11-18T00:19:09.651887+03:00 hostname postfix/anvil[90061]: statistics: max connection count 1 for (smtp:80.94.95.239) at Nov 18 00:15:42
2024-11-18T00:19:09.652072+03:00 hostname postfix/anvil[90061]: statistics: max cache size 1 at Nov 18 00:15:42
2024-11-18T00:19:33.059519+03:00 hostname postfix/smtpd[90094]: connect from unknown[80.94.95.239]
2024-11-18T00:19:39.375501+03:00 hostname postfix/smtpd[90094]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=tres@domain.com
2024-11-18T00:19:39.410907+03:00 hostname postfix/smtpd[90094]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:20:12.027512+03:00 hostname postfix/smtpd[90094]: connect from unknown[94.141.120.186]
2024-11-18T00:20:14.194492+03:00 hostname postfix/smtpd[90094]: warning: unknown[94.141.120.186]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=hr
2024-11-18T00:20:14.236933+03:00 hostname postfix/smtpd[90094]: lost connection after AUTH from unknown[94.141.120.186]
2024-11-18T00:20:14.239986+03:00 hostname postfix/smtpd[90094]: disconnect from unknown[94.141.120.186] ehlo=1 auth=0/1 commands=1/2
2024-11-18T00:23:23.019694+03:00 hostname postfix/smtpd[90121]: connect from unknown[80.94.95.239]
2024-11-18T00:23:28.488341+03:00 hostname postfix/smtpd[90121]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=ccc@domain.com
2024-11-18T00:23:29.038600+03:00 hostname postfix/smtpd[90121]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:24:18.957309+03:00 hostname postfix/smtpd[90121]: connect from unknown[185.196.11.109]
2024-11-18T00:24:21.074214+03:00 hostname postfix/smtpd[90121]: warning: unknown[185.196.11.109]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=anna
2024-11-18T00:24:21.105661+03:00 hostname postfix/smtpd[90121]: disconnect from unknown[185.196.11.109] ehlo=1 auth=0/1 quit=1 commands=2/3
2024-11-18T00:27:12.978691+03:00 hostname postfix/smtpd[90150]: connect from unknown[80.94.95.239]
2024-11-18T00:27:19.468719+03:00 hostname postfix/smtpd[90150]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=nihal@domain.com
2024-11-18T00:27:19.493892+03:00 hostname postfix/smtpd[90150]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:29:33.642683+03:00 hostname postfix/anvil[90096]: statistics: max connection rate 1/60s for (smtp:80.94.95.239) at Nov 18 00:19:33
2024-11-18T00:29:33.644383+03:00 hostname postfix/anvil[90096]: statistics: max connection count 1 for (smtp:80.94.95.239) at Nov 18 00:19:33
2024-11-18T00:29:33.644472+03:00 hostname postfix/anvil[90096]: statistics: max cache size 2 at Nov 18 00:20:12
2024-11-18T00:31:02.804469+03:00 hostname postfix/smtpd[90175]: connect from unknown[80.94.95.239]
2024-11-18T00:31:09.418189+03:00 hostname postfix/smtpd[90175]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=a12345@domain.com
2024-11-18T00:31:09.845180+03:00 hostname postfix/smtpd[90175]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:31:23.549387+03:00 hostname postfix/smtpd[90175]: connect from unknown[94.141.120.186]
2024-11-18T00:31:25.211317+03:00 hostname postfix/smtpd[90175]: warning: unknown[94.141.120.186]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=asdf
2024-11-18T00:31:25.243303+03:00 hostname postfix/smtpd[90175]: lost connection after AUTH from unknown[94.141.120.186]
2024-11-18T00:31:25.243462+03:00 hostname postfix/smtpd[90175]: disconnect from unknown[94.141.120.186] ehlo=1 auth=0/1 commands=1/2
2024-11-18T00:33:39.747388+03:00 hostname dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol (no auth attempts in 2 secs): user=<>, rip=198.235.24.38, lip=80.211.143.65, TLS handshaking: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol, session=<ZM6vjSInDs3G6xgm>
2024-11-18T00:34:45.446483+03:00 hostname postfix/anvil[90177]: statistics: max connection rate 1/60s for (smtp:80.94.95.239) at Nov 18 00:31:02
2024-11-18T00:34:45.447221+03:00 hostname postfix/anvil[90177]: statistics: max connection count 1 for (smtp:80.94.95.239) at Nov 18 00:31:02
2024-11-18T00:34:45.447372+03:00 hostname postfix/anvil[90177]: statistics: max cache size 2 at Nov 18 00:31:23
2024-11-18T00:34:52.992176+03:00 hostname postfix/smtpd[90200]: connect from unknown[80.94.95.239]
2024-11-18T00:34:59.437544+03:00 hostname postfix/smtpd[90200]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=favorite@domain.com
2024-11-18T00:34:59.958538+03:00 hostname postfix/smtpd[90200]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:36:53.909605+03:00 hostname postfix/smtpd[90669]: connect from unknown[94.141.120.86]
2024-11-18T00:36:56.179201+03:00 hostname postfix/smtpd[90669]: warning: unknown[94.141.120.86]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=user@domain.com
2024-11-18T00:36:56.212967+03:00 hostname postfix/smtpd[90669]: disconnect from unknown[94.141.120.86] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:38:42.995464+03:00 hostname postfix/smtpd[90743]: connect from unknown[80.94.95.239]
2024-11-18T00:38:47.185078+03:00 hostname postfix/smtpd[90743]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=helper@domain.com
2024-11-18T00:38:47.892889+03:00 hostname postfix/smtpd[90743]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:40:34.285478+03:00 hostname dovecot: imap-login: Disconnected: Connection closed (no auth attempts in 1 secs): user=<>, rip=147.185.132.144, lip=80.211.143.65, session=<zCplpiIn0uOTuYSQ>
2024-11-18T00:42:08.108425+03:00 hostname postfix/anvil[90202]: statistics: max connection rate 1/60s for (smtp:80.94.95.239) at Nov 18 00:34:53
2024-11-18T00:42:08.110374+03:00 hostname postfix/anvil[90202]: statistics: max connection count 1 for (smtp:80.94.95.239) at Nov 18 00:34:53
2024-11-18T00:42:08.115038+03:00 hostname postfix/anvil[90202]: statistics: max cache size 1 at Nov 18 00:34:53
2024-11-18T00:42:32.356387+03:00 hostname postfix/smtpd[90771]: connect from unknown[80.94.95.239]
2024-11-18T00:42:33.235203+03:00 hostname postfix/smtpd[90775]: connect from unknown[94.141.120.186]
2024-11-18T00:42:35.404247+03:00 hostname postfix/smtpd[90775]: warning: unknown[94.141.120.186]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=asm
2024-11-18T00:42:35.439630+03:00 hostname postfix/smtpd[90775]: lost connection after AUTH from unknown[94.141.120.186]
2024-11-18T00:42:35.440623+03:00 hostname postfix/smtpd[90775]: disconnect from unknown[94.141.120.186] ehlo=1 auth=0/1 commands=1/2
2024-11-18T00:42:39.137553+03:00 hostname postfix/smtpd[90771]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=hy@domain.com
2024-11-18T00:42:40.229342+03:00 hostname postfix/smtpd[90771]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:46:00.662420+03:00 hostname postfix/anvil[90773]: statistics: max connection rate 1/60s for (smtp:80.94.95.239) at Nov 18 00:42:32
2024-11-18T00:46:00.665983+03:00 hostname postfix/anvil[90773]: statistics: max connection count 1 for (smtp:80.94.95.239) at Nov 18 00:42:32
2024-11-18T00:46:00.667944+03:00 hostname postfix/anvil[90773]: statistics: max cache size 2 at Nov 18 00:42:33
2024-11-18T00:46:22.273416+03:00 hostname postfix/smtpd[90800]: connect from unknown[80.94.95.239]
2024-11-18T00:46:28.236268+03:00 hostname postfix/smtpd[90800]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=ariela@domain.com
2024-11-18T00:46:28.265999+03:00 hostname postfix/smtpd[90800]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:46:51.616686+03:00 hostname dovecot: pop3-login: Login: user=<cem@domain.com>, method=PLAIN, rip=52.98.180.173, lip=80.211.143.65, mpid=90806, TLS, session=<hHPivCIn7FI0YrSt>
2024-11-18T00:46:51.793890+03:00 hostname dovecot: pop3(cem@domain.com)<90806><hHPivCIn7FI0YrSt>: Disconnected: Logged out top=0/0, retr=0/0, del=0/4, size=116513
2024-11-18T00:49:25.922593+03:00 hostname postfix/smtpd[90828]: connect from unknown[94.141.120.86]
2024-11-18T00:49:28.142345+03:00 hostname postfix/smtpd[90828]: warning: unknown[94.141.120.86]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=user@domain.com
2024-11-18T00:49:28.176892+03:00 hostname postfix/smtpd[90828]: disconnect from unknown[94.141.120.86] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:50:12.164432+03:00 hostname postfix/smtpd[90828]: connect from unknown[80.94.95.239]
2024-11-18T00:50:14.318102+03:00 hostname postfix/smtpd[90828]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=meta@domain.com
2024-11-18T00:50:14.347130+03:00 hostname postfix/smtpd[90828]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:53:34.557466+03:00 hostname postfix/anvil[90802]: statistics: max connection rate 1/60s for (smtp:80.94.95.239) at Nov 18 00:46:22
2024-11-18T00:53:34.561219+03:00 hostname postfix/anvil[90802]: statistics: max connection count 1 for (smtp:80.94.95.239) at Nov 18 00:46:22
2024-11-18T00:53:34.561337+03:00 hostname postfix/anvil[90802]: statistics: max cache size 2 at Nov 18 00:50:12
2024-11-18T00:53:43.145470+03:00 hostname postfix/smtpd[90856]: connect from unknown[94.141.120.186]
2024-11-18T00:53:45.319307+03:00 hostname postfix/smtpd[90856]: warning: unknown[94.141.120.186]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=audit
2024-11-18T00:53:45.347889+03:00 hostname postfix/smtpd[90856]: lost connection after AUTH from unknown[94.141.120.186]
2024-11-18T00:53:45.348991+03:00 hostname postfix/smtpd[90856]: disconnect from unknown[94.141.120.186] ehlo=1 auth=0/1 commands=1/2
2024-11-18T00:54:02.672757+03:00 hostname postfix/smtpd[90856]: connect from unknown[80.94.95.239]
2024-11-18T00:54:09.113593+03:00 hostname postfix/smtpd[90856]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=ric@domain.com
2024-11-18T00:54:09.152691+03:00 hostname postfix/smtpd[90856]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:57:29.362438+03:00 hostname postfix/anvil[90858]: statistics: max connection rate 1/60s for (smtp:94.141.120.186) at Nov 18 00:53:43
2024-11-18T00:57:29.364046+03:00 hostname postfix/anvil[90858]: statistics: max connection count 1 for (smtp:94.141.120.186) at Nov 18 00:53:43
2024-11-18T00:57:29.367400+03:00 hostname postfix/anvil[90858]: statistics: max cache size 2 at Nov 18 00:54:02
2024-11-18T00:57:32.967782+03:00 hostname postfix/smtps/smtpd[90880]: connect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T00:57:32.975849+03:00 hostname postfix/smtps/smtpd[90880]: SSL_accept error from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]: -1
2024-11-18T00:57:32.975987+03:00 hostname postfix/smtps/smtpd[90880]: warning: TLS library problem: error:0A00010B:SSL routines::wrong version number:../ssl/record/ssl3_record.c:354:
2024-11-18T00:57:32.998725+03:00 hostname postfix/smtps/smtpd[90880]: lost connection after CONNECT from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T00:57:33.000508+03:00 hostname postfix/smtps/smtpd[90880]: disconnect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11] commands=0/0
2024-11-18T00:57:52.679457+03:00 hostname postfix/smtpd[90887]: connect from unknown[80.94.95.239]
2024-11-18T00:57:54.369456+03:00 hostname postfix/smtpd[90887]: warning: unknown[80.94.95.239]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=anti@domain.com
2024-11-18T00:57:54.393496+03:00 hostname postfix/smtpd[90887]: disconnect from unknown[80.94.95.239] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2024-11-18T00:58:03.537341+03:00 hostname postfix/smtps/smtpd[90880]: connect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T00:58:07.561478+03:00 hostname postfix/smtps/smtpd[90880]: lost connection after CONNECT from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T00:58:07.563013+03:00 hostname postfix/smtps/smtpd[90880]: disconnect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11] commands=0/0
2024-11-18T00:58:26.692297+03:00 hostname dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 1 secs): user=<>, rip=199.45.154.127, lip=80.211.143.65, TLS: Connection closed, session=<xdFQ5iIn8rjHLZp/>
2024-11-18T00:58:49.338370+03:00 hostname postfix/smtps/smtpd[90880]: connect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T00:58:51.273289+03:00 hostname postfix/smtps/smtpd[90880]: lost connection after CONNECT from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T00:58:51.274875+03:00 hostname postfix/smtps/smtpd[90880]: disconnect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11] commands=0/0
2024-11-18T00:59:13.158181+03:00 hostname postfix/smtps/smtpd[90880]: connect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T00:59:13.312014+03:00 hostname postfix/smtps/smtpd[90880]: SSL_accept error from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]: -1
2024-11-18T00:59:13.312360+03:00 hostname postfix/smtps/smtpd[90880]: warning: TLS library problem: error:0A00009C:SSL routines::http request:../ssl/record/ssl3_record.c:345:
2024-11-18T00:59:13.312473+03:00 hostname postfix/smtps/smtpd[90880]: lost connection after CONNECT from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T00:59:13.312568+03:00 hostname postfix/smtps/smtpd[90880]: disconnect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11] commands=0/0
2024-11-18T00:59:40.210306+03:00 hostname postfix/smtps/smtpd[90880]: connect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T00:59:42.768377+03:00 hostname postfix/smtps/smtpd[90880]: lost connection after CONNECT from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T00:59:42.770362+03:00 hostname postfix/smtps/smtpd[90880]: disconnect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11] commands=0/0
2024-11-18T01:00:05.628329+03:00 hostname postfix/smtps/smtpd[90880]: connect from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
2024-11-18T01:00:06.045405+03:00 hostname postfix/smtps/smtpd[90880]: SSL_accept error from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]: -1
2024-11-18T01:00:06.048868+03:00 hostname postfix/smtps/smtpd[90880]: warning: TLS library problem: error:0A00009C:SSL routines::http request:../ssl/record/ssl3_record.c:345:
2024-11-18T01:00:06.051012+03:00 hostname postfix/smtps/smtpd[90880]: lost connection after CONNECT from ec2-18-171-207-11.eu-west-2.compute.amazonaws.com[18.171.207.11]
