Greetings. Lately my small amateur server been severely flooded with similar activities: Nov 21 22:54:01 linux postfix/smtp/smtpd[26048]: connect from unknown[200.7.249.218] Nov 21 22:54:02 linux postfix/smtp/smtpd[26048]: disconnect from unknown[200.7.249.218] Nov 21 22:55:01 linux postfix/smtp/smtpd[26048]: connect from unknown[83.70.149.33] Nov 21 22:55:04 linux postfix/smtp/smtpd[26048]: disconnect from unknown[83.70.149.33] Nov 21 22:56:59 linux postfix/smtp/smtpd[26066]: connect from mail.devaney.net[96.91.214.49] Nov 21 22:57:00 linux postfix/smtp/smtpd[26066]: disconnect from mail.devaney.net[96.91.214.49] Nov 21 23:00:11 linux postfix/smtp/smtpd[26161]: connect from unknown[83.70.149.33] Nov 21 23:00:11 linux postfix/smtp/smtpd[26161]: disconnect from unknown[83.70.149.33] Nov 21 23:02:27 linux postfix/smtp/smtpd[26203]: connect from unknown[186.33.182.12] Nov 21 23:02:28 linux postfix/smtp/smtpd[26203]: disconnect from unknown[186.33.182.12] Nov 21 23:02:31 linux postfix/smtp/smtpd[26203]: connect from unknown[unknown] Nov 21 23:02:31 linux postfix/smtp/smtpd[26203]: disconnect from unknown[unknown] Nov 21 23:04:32 linux postfix/smtp/smtpd[26205]: connect from unknown[50.126.82.18] Nov 21 23:04:32 linux postfix/smtp/smtpd[26205]: lost connection after HELO from unknown[50.126.82.18] Nov 21 23:04:32 linux postfix/smtp/smtpd[26205]: disconnect from unknown[50.126.82.18] System logs were building up very fast! Created new entries for fail2ban porogram and got rid of this in a few minutes time! In jail.local file added: [postfix-auth] enabled = true filter = postfix.auth action = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp] logpath = /var/log/mail.log In filter.d folder added new filter postfix.auth.conf with regex: # failregex = ^%(__prefix_line)slost connection after (AUTH|UNKNOWN|EHLO) from (.*)\[<HOST>\].* ^%(__prefix_line)sconnect from unknown\[<HOST>\].* ^%(__prefix_line)swarning: hostname.* ignoreregex = # Best regards. Tom - SP2L