Zitat von Andreas Kasenides <andr...@cymail.eu>:
One of my mail servers (postfix 2.6) has been target of what seems
to me to be an attack.
The attacker tried to deliver messages to a non-existent user names
formed as a long hex
string. It only happened once from one particular client and kept
going for some time.
SMTP sessions were coming in one every second with three delivery
attampts each.
Here is a fragment of one single session:
Out: 220 prot.xxxx.eu ESMTP Postfix
In: EHLO xxxxxxxxxx
Out: 250-prot.xxxx.eu
Out: 250-PIPELINING
Out: 250-SIZE 10240000
Out: 250-VRFY
Out: 250-ETRN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: MAIL FROM:<x...@xx.xxx.xx> SIZE=2881 BODY=7BIT
Out: 250 2.1.0 Ok
In: RCPT TO:<35150aa4c74ba30f04ede17ca25f1...@xxxx.yy
Out: 451 4.3.0 <35150aa4c74ba30f04ede17ca25f1...@xxxx.yy>: Temporary lookup
failure
In: RCPT TO:<357f21a54e272af6a629ff7657eae...@xxxx.yy>
Out: 451 4.3.0 <357f21a54e272af6a629ff7657eae...@xxxx.yy>: Temporary lookup
failure
In: RSET
Out: 250 2.0.0 Ok
In: MAIL FROM:<xx...@xx.xxx.xx> SIZE=2881 BODY=7BIT
Out: 250 2.1.0 Ok
In: RCPT TO:<947a7c9627f3977247586a4fca58b...@xxxx.yy>
Out: 451 4.3.0 <947a7c9627f3977247586a4fca58b...@xxxxx.yy>: Temporary lookup
failure
In: QUIT
Out: 221 2.0.0 Bye
Is this an attack of some sort?
The address harvester of the spammers sometimes collect everything which has a "@" in it and therefore even use message-ids in their spamlist.
Nothing to worry about Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
