On 19/06/2013 14:37, lst_ho...@kwsoft.de wrote:
Zitat von Andreas Kasenides <andr...@cymail.eu>:One of my mail servers (postfix 2.6) has been target of what seems to me to be an attack. The attacker tried to deliver messages to a non-existent user names formed as a long hex string. It only happened once from one particular client and kept going for some time. SMTP sessions were coming in one every second with three delivery attampts each. Here is a fragment of one single session: Out: 220 prot.xxxx.eu ESMTP Postfix In: EHLO xxxxxxxxxx Out: 250-prot.xxxx.eu Out: 250-PIPELINING Out: 250-SIZE 10240000 Out: 250-VRFY Out: 250-ETRN Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: MAIL FROM:<x...@xx.xxx.xx> SIZE=2881 BODY=7BIT Out: 250 2.1.0 Ok In: RCPT TO:<35150aa4c74ba30f04ede17ca25f1...@xxxx.yy Out: 451 4.3.0 <35150aa4c74ba30f04ede17ca25f1...@xxxx.yy>: Temporary lookup failure In: RCPT TO:<357f21a54e272af6a629ff7657eae...@xxxx.yy> Out: 451 4.3.0 <357f21a54e272af6a629ff7657eae...@xxxx.yy>: Temporary lookup failure In: RSET Out: 250 2.0.0 Ok In: MAIL FROM:<xx...@xx.xxx.xx> SIZE=2881 BODY=7BIT Out: 250 2.1.0 Ok In: RCPT TO:<947a7c9627f3977247586a4fca58b...@xxxx.yy> Out: 451 4.3.0 <947a7c9627f3977247586a4fca58b...@xxxxx.yy>: Temporary lookup failure In: QUIT Out: 221 2.0.0 Bye Is this an attack of some sort?The address harvester of the spammers sometimes collect everything which has a "@" in it and therefore even use message-ids in their spamlist. Nothing to worry about
All of this should be rejected by 5xx, am I wrong? And I think this temporary lookup failure is not ok.... Show some log... Levi
smime.p7s
Description: S/MIME Cryptographic Signature
