Hi Slavko,
I agree with your analysis about what's happening: erroneous
plain-SMTP connect to "immediate SSL" port 465.
> It is not big amount, nothing to worry about, i am just curious, if
> someone know what botnet/malware is behind that, as i cannot
> find any details about that. Please is it something known?
I don't know nothing about any malware trends.
I just know that MUA configuration dialogs are notoriously difficult
to master and easily to get wrong, certainly for "the general end user".
(I remember Outlook's mysterious "secure" checkbox, and Sylpheed
which has SMTP server name, SMTP auth, SSL variant, and TCP port
all distributed across a whopping FOUR different config tabs.)
So I wouldn't be surprised if some new MUA release or some big
provider's newishly misleading config sheets are causing the
recent spike in your observations.
Martin
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
