submit/smptd lost connection

Sun, 02 Jun 2013 14:26:15 -0700 

I'm getting a lot of connections that look like this:

submit/smtpd[62332]: connect from unknown[173.242.119.187]
submit/smtpd[62333]: connect from unknown[173.242.119.187]
submit/smtpd[62332]: setting up TLS connection from unknown[173.242.119.187]
submit/smtpd[62332]: unknown[173.242.119.187]: TLS cipher list 
"aNULL:-aNULL:ALL:+RC4:@STRENGTH"
submit/smtpd[62333]: setting up TLS connection from unknown[173.242.119.187]
submit/smtpd[62333]: unknown[173.242.119.187]: TLS cipher list 
"aNULL:-aNULL:ALL:+RC4:@STRENGTH"
submit/smtpd[62333]: unknown[173.242.119.187]: save session 
C888DE3679232BAD4D6DCD13EFFA936AB7F288EB6BAAA4717055CB899FD64A26&s=submission&l=268435487
 to smtpd cache
submit/smtpd[62333]: Anonymous TLS connection established from 
unknown[173.242.119.187]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
submit/smtpd[62332]: unknown[173.242.119.187]: save session 
5A2D2A28680E97AE12AD95CD22AA6297542B71C4020FCEBC6FA635E1F3F19118&s=submission&l=268435487
 to smtpd cache
submit/smtpd[62332]: Anonymous TLS connection established from 
unknown[173.242.119.187]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
submit/smtpd[62333]: lost connection after RSET from unknown[173.242.119.187]
submit/smtpd[62333]: disconnect from unknown[173.242.119.187]
submit/smtpd[62332]: lost connection after RSET from unknown[173.242.119.187]
submit/smtpd[62332]: disconnect from unknown[173.242.119.187]

and then the whole thing starts over in 5-10 minutes.

They are not all from this IP address, but most of them are, over and over.

a 'good' TLS looks like:

postfix/postscreen[45122]: CONNECT from [209.85.220.60]:59601
postfix/postscreen[45122]: PASS NEW [209.85.220.60]:59601
postfix/smtpd[45128]: connect from mail-pa0-f60.google.com[209.85.220.60]
postfix/smtpd[45128]: setting up TLS connection from 
mail-pa0-f60.google.com[209.85.220.60]
postfix/smtpd[45128]: mail-pa0-f60.google.com[209.85.220.60]: TLS cipher list 
"aNULL:-aNULL:ALL:+RC4:@STRENGTH"
postfix/smtpd[45128]: Anonymous TLS connection established from 
mail-pa0-f60.google.com[209.85.220.60]: TLSv1 with cipher ECDHE-RSA-RC4-SHA 
(128/128 bits)
postfix/smtpd[45128]: E5B3B118B11B: 
client=mail-pa0-f60.google.com[209.85.220.60]
postfix/smtpd[45128]: disconnect from mail-pa0-f60.google.com[209.85.220.60]

Do I just put 173.242.119.187 in the post screen blacklist or … ?

-- 
"An ounce of practice is worth more than tons of preaching." - Mohandas
Gandhi

Reply via email to