Dnia 8.03.2025 o godz. 13:44:17 Peter Corlett via mailop pisze: > Botnets will attempt AUTH on port 25 even if AUTH was not advertised in the > EHLO response.
But if you don't have AUTH actually enabled on port 25, the attempt will never succeed. The MTA wouldn't even try it in fact. In case of Postfix, what you see in mail logs in such case is "connect" from a given IP address followed by "disconnect" right away. If I see such pattern in the logs, and it repeats multiple times from the same IP address, it's a pretty good indication of a botnet machine as well. I just firewall such addresses. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
