What's the best approach to filter/block this unregular slow connections? #2172

rossiniscarface · 2025-09-18T10:20:11Z

rossiniscarface
Sep 18, 2025

Hi,

i'm relative new to the mail server game and already learned a lot about all the stuff.
One thing i noticed now in the logs is following:

2025-09-16T00:00:24Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.66, remotePort = 16128, domain = "localhost"
2025-09-16T00:00:37Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.19, remotePort = 59066, domain = "localhost"
2025-09-16T00:02:20Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.67, remotePort = 49412, domain = "localhost"
2025-09-16T00:03:20Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.29, remotePort = 24940, domain = "localhost"
2025-09-16T00:03:25Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.15, remotePort = 41230, domain = "localhost"
2025-09-16T00:04:06Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.88, remotePort = 35534, domain = "localhost"
2025-09-16T00:05:17Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.192, remotePort = 58756, domain = "localhost"
2025-09-16T00:06:13Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.153, remotePort = 26930, domain = "localhost"
2025-09-16T00:06:23Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.189, remotePort = 36144, domain = "localhost"
2025-09-16T00:07:52Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.38, remotePort = 17424, domain = "localhost"
2025-09-16T00:08:07Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.134, remotePort = 6504, domain = "localhost"
2025-09-16T00:10:02Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.118, remotePort = 1166, domain = "localhost"
2025-09-16T00:10:06Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.173, remotePort = 47606, domain = "localhost"
2025-09-16T00:10:32Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.182, remotePort = 33446, domain = "localhost"
2025-09-16T00:11:04Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.146, remotePort = 32988, domain = "localhost"
2025-09-16T00:11:18Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.49, remotePort = 15796, domain = "localhost"
2025-09-16T00:11:57Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.191, remotePort = 65156, domain = "localhost"
2025-09-16T00:15:59Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.168, remotePort = 24266, domain = "localhost"
2025-09-16T00:16:28Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.64, remotePort = 14444, domain = "localhost"
2025-09-16T00:16:28Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.143, remotePort = 57076, domain = "localhost"
2025-09-16T00:20:25Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.70, remotePort = 61032, domain = "localhost"
2025-09-16T00:21:01Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.177, remotePort = 20640, domain = "localhost"
2025-09-16T00:21:18Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.110, remotePort = 47038, domain = "localhost"
2025-09-16T00:22:23Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.42, remotePort = 10686, domain = "localhost"
2025-09-16T00:24:02Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.67, remotePort = 51104, domain = "localhost"
2025-09-16T00:24:17Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.119, remotePort = 34100, domain = "localhost"
2025-09-16T00:24:21Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.29, remotePort = 22704, domain = "localhost"
2025-09-16T00:24:49Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.52, remotePort = 33456, domain = "localhost"
2025-09-16T00:24:56Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.19, remotePort = 20634, domain = "localhost"
2025-09-16T00:24:57Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.66, remotePort = 52724, domain = "localhost"
2025-09-16T00:26:05Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.58, remotePort = 3780, domain = "localhost"
2025-09-16T00:27:07Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.189, remotePort = 33848, domain = "localhost"
2025-09-16T00:27:23Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.153, remotePort = 58192, domain = "localhost"
2025-09-16T00:27:27Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.15, remotePort = 15876, domain = "localhost"
2025-09-16T00:28:55Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.38, remotePort = 24580, domain = "localhost"
2025-09-16T00:29:12Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.88, remotePort = 26058, domain = "localhost"
2025-09-16T00:29:12Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.192, remotePort = 20356, domain = "localhost"
2025-09-16T00:31:21Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.173, remotePort = 58124, domain = "localhost"
2025-09-16T00:32:37Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.134, remotePort = 39516, domain = "localhost"
2025-09-16T00:32:45Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.49, remotePort = 39586, domain = "localhost"
2025-09-16T00:33:12Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.64, remotePort = 65280, domain = "localhost"
2025-09-16T00:34:41Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.182, remotePort = 61040, domain = "localhost"
2025-09-16T00:34:48Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.118, remotePort = 54710, domain = "localhost"
2025-09-16T00:36:06Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.146, remotePort = 17012, domain = "localhost"
2025-09-16T00:36:47Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.191, remotePort = 58016, domain = "localhost"
2025-09-16T00:40:28Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.143, remotePort = 20462, domain = "localhost"
2025-09-16T00:41:21Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.168, remotePort = 3918, domain = "localhost"
2025-09-16T00:41:47Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.70, remotePort = 23296, domain = "localhost"
2025-09-16T00:43:23Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.177, remotePort = 58560, domain = "localhost"
2025-09-16T00:44:56Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.67, remotePort = 63590, domain = "localhost"
2025-09-16T00:46:17Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.110, remotePort = 32218, domain = "localhost"
2025-09-16T00:46:23Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.29, remotePort = 35350, domain = "localhost"
2025-09-16T00:46:56Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.42, remotePort = 59466, domain = "localhost"
2025-09-16T00:48:17Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.189, remotePort = 26736, domain = "localhost"
2025-09-16T00:48:33Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.153, remotePort = 10502, domain = "localhost"
2025-09-16T00:48:52Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.119, remotePort = 57776, domain = "localhost"
2025-09-16T00:49:09Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.19, remotePort = 51790, domain = "localhost"
2025-09-16T00:49:24Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.52, remotePort = 11624, domain = "localhost"
2025-09-16T00:49:34Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.66, remotePort = 36804, domain = "localhost"
2025-09-16T00:49:52Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.38, remotePort = 30200, domain = "localhost"
2025-09-16T00:50:47Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.64, remotePort = 45754, domain = "localhost"
2025-09-16T00:51:55Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.15, remotePort = 6202, domain = "localhost"
2025-09-16T00:53:16Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.192, remotePort = 60294, domain = "localhost"
2025-09-16T00:53:59Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.88, remotePort = 64462, domain = "localhost"
2025-09-16T00:54:16Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.49, remotePort = 3288, domain = "localhost"
2025-09-16T00:57:20Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.134, remotePort = 15770, domain = "localhost"
2025-09-16T00:59:03Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.118, remotePort = 11028, domain = "localhost"
2025-09-16T00:59:08Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.182, remotePort = 47882, domain = "localhost"
2025-09-16T01:00:49Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.146, remotePort = 55384, domain = "localhost"
2025-09-16T01:01:38Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.191, remotePort = 31330, domain = "localhost"
2025-09-16T01:02:43Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.70, remotePort = 36154, domain = "localhost"
2025-09-16T01:04:28Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.143, remotePort = 60330, domain = "localhost"
2025-09-16T01:05:09Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.177, remotePort = 18110, domain = "localhost"
2025-09-16T01:06:19Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.168, remotePort = 49616, domain = "localhost"
2025-09-16T01:06:34Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.67, remotePort = 10702, domain = "localhost"
2025-09-16T01:07:17Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.29, remotePort = 59880, domain = "localhost"
2025-09-16T01:08:09Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.64, remotePort = 64454, domain = "localhost"
2025-09-16T01:09:40Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.189, remotePort = 26856, domain = "localhost"
2025-09-16T01:10:09Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.153, remotePort = 65206, domain = "localhost"
2025-09-16T01:10:54Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.42, remotePort = 17616, domain = "localhost"
2025-09-16T01:10:55Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.110, remotePort = 53132, domain = "localhost"
2025-09-16T01:11:25Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.38, remotePort = 21312, domain = "localhost"
2025-09-16T01:13:24Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.19, remotePort = 29340, domain = "localhost"
2025-09-16T01:13:59Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.52, remotePort = 37454, domain = "localhost"
2025-09-16T01:13:59Z INFO SMTP EHLO command (smtp.ehlo) listenerId = "submissions", localPort = 465, remoteIp = 81.30.107.119, remotePort = 49916, domain = "localhost"

My question is now: what's the best approach to prevent those kind of "attack". They don't try to send mails, those ip addresses just connect and do nothing. The time between the connections from one specific ip is too long to trigger something.
First thing i tried is to put those on the ip block list manually. But this results in cluttering the logs with "Blocked IP address".
Do i have to put some curated block-lists into the firewall and accept some slip through on an email server?

pepa65 · 2025-09-18T12:16:10Z

pepa65
Sep 18, 2025

You can automatically add them to the kernel's drop list, I use https://github.com/pepa65/fail2drop which is very lightweight.

Edit: Never mind, I cannot see any distinction between actual submissions and idle/bad ones (except when they go over the rate limit).

2 replies

pepa65 Sep 18, 2025

Interesting, I see in my own logs that I also get a lot of 'submissions' from Latvia in the same IP ranges...

rossiniscarface Sep 19, 2025
Author

I put now banip on my openwrt firewall with some blocklists and they are blocked.
I was just curious if there is something in stalwart to mitigate this.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

What's the best approach to filter/block this unregular slow connections? #2172

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 2 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

What's the best approach to filter/block this unregular slow connections? #2172

Uh oh!

rossiniscarface Sep 18, 2025

Replies: 1 comment · 2 replies

Uh oh!

Uh oh!

pepa65 Sep 18, 2025

Uh oh!

pepa65 Sep 18, 2025

Uh oh!

rossiniscarface Sep 19, 2025 Author

rossiniscarface
Sep 18, 2025

Replies: 1 comment 2 replies

pepa65
Sep 18, 2025

rossiniscarface Sep 19, 2025
Author