PMG > lots of "connect from unknown" in Tracking Center

[cpulove]

Am I right, that I can reject emails from unknown senders with this setting? My log is full of it, and I guess someone tries to send over the gateway, without permission.
Hope that this does not effect legit mails...

Can anyone tell me, how this actually works? I mean do they try to send without any authentication at all?
Would be nice to understand the procedure, spammers use here!

2025-01-27T10:45:58.266972+01:00 pmg postfix/smtpd[534432]: connect from unknown[102.216.73.60]
2025-01-27T10:46:00.057959+01:00 pmg postfix/smtpd[534432]: NOQUEUE: reject: RCPT from unknown[102.216.73.60]: 554 5.7.1 <oliver666@mannweiler.de>: Recipient address rejected: Rejected by SPF: 102.216.73.60 is not a designated mailserver for info666%40domain.de (context mfrom, on pmg.insite-design.eu); from=<info666@domain.de> to=<info666@domain.de> proto=ESMTP helo=<[102.216.73.60]>
2025-01-27T10:46:00.058001+01:00 pmg postfix/smtpd[534432]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "oliver666@mannweiler.de" from client "unknown[102.216.73.60]"
2025-01-27T10:46:00.933253+01:00 pmg postfix/smtpd[534432]: lost connection after DATA from unknown[102.216.73.60]
2025-01-27T10:46:00.933346+01:00 pmg postfix/smtpd[534432]: disconnect from unknown[102.216.73.60] ehlo=1 mail=1 rcpt=0/1 data=0/1 commands=2/4

 

[Hunduster]

Hi,

the log indicates that a connection was established from the IP 102.216.73.60 to send an e-mail. In this case, “connect from unknown” only means that the IP address does not have a PTR record and cannot be resolved backwards into a DNS name.

The actual email is then rejected by your PMG due to an incorrect SPF check, as the sender is sending from @domain.de, but the IP address above is not stored in the SPF.

The “Reject unknown senders” setting you mentioned would cause emails from non-existent domains to be blocked. I would generally set this setting as long as you are not also using your PMG as an MTA for internal domains such as .local, .homelab, .ads etc.

 

[cpulove]

Hi,

the log indicates that a connection was established from the IP 102.216.73.60 to send an e-mail. In this case, “connect from unknown” only means that the IP address does not have a PTR record and cannot be resolved backwards into a DNS name.

The actual email is then rejected by your PMG due to an incorrect SPF check, as the sender is sending from @domain.de, but the IP address above is not stored in the SPF.

The “Reject unknown senders” setting you mentioned would cause emails from non-existent domains to be blocked. I would generally set this setting as long as you are not also using your PMG as an MTA for internal domains such as .local, .homelab, .ads etc.

Thanks for clarifying, no I do not use the PMG for internal domains.