Probably random botnets trying to deliver spam. I see a bunch of
connections from that IP, but they're all getting dropped as soon as
they connect because they're listed by Abusix Mail Intelligence as
'exploit'. You will see a lot of that when managing a mail server.
Per Abusix:
This list is generated by monitoring the behavior of hosts that connect
to our traps and our partner's mail services. It includes any IP address
that exhibits behavior specific to compromised hosts, botnet/virus
infections, proxies, VPNs, TOR exit nodes, or IPs that are NAT'ing for
these hosts. These behaviors are not expected from a genuine SMTP client.
On 6/30/24 12:24 AM, Jeff Pang via mailop wrote:
I have two different mailservers.
both them continue to get the requests from a sender as the following.
Jun 30 06:20:51 mx postfix/smtpd[1081379]: NOQUEUE: reject: RCPT from
unknown[193.37.41.106]: 550 5.7.25 Client host rejected: cannot find
your hostname, [193.37.41.106]; from=<t...@sxyprn.com>
to=<im...@praviatrust.com> proto=ESMTP helo=<[193.37.41.106]>
do you know what is the sender "t...@sxyprn.com" and what's the purpose
of him?
Thanks.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
