Heartbleed via smtpd?

Rick Zeman Sat, 12 Apr 2014 16:40:28 -0700

I'm guessing since I've received a bunch of these over the past few
days that these are Heartbleed scrape attempts, especially since these
IPs belongs to our friends in the former Soviet Union.  Agreed?  (It's
an Apple server so it uses its own "goto fail" TLS library, and only
has an older version of openssl (0.9.8y) on it so I'm safe--from this,
at least.)


Apr 11 22:10:13 miniserv.private postfix/smtpd[90051]: connect from
unknown[37.45.1.153]
Apr 11 22:10:14 miniserv.private postfix/smtpd[90054]: connect from
unknown[93.157.46.40]
Apr 11 22:10:14 miniserv.private postfix/smtpd[90051]: warning:
unknown[37.45.1.153]: SASL LOGIN authentication failed
Apr 11 22:10:14 miniserv.private postfix/smtpd[90051]: lost connection
after AUTH from unknown[37.45.1.153]
Apr 11 22:10:14 miniserv.private postfix/smtpd[90051]: disconnect from
unknown[37.45.1.153]
Apr 11 22:10:15 miniserv.private postfix/smtpd[90054]: SSL_accept
error from unknown[93.157.46.40]: 0
Apr 11 22:10:15 miniserv.private postfix/smtpd[90054]: warning: TLS
library problem: 90054:error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown:/SourceCache/OpenSSL098/OpenSSL098-50/src/ssl/s3_pkt.c:1106:SSL
alert number 46:
Apr 11 22:10:15 miniserv.private postfix/smtpd[90054]: lost connection
after STARTTLS from unknown[93.157.46.40]
Apr 11 22:10:15 miniserv.private postfix/smtpd[90054]: disconnect from
unknown[93.157.46.40]
Apr 11 22:10:16 miniserv.private postfix/smtpd[90056]: warning: TLS
library problem: 90056:error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown:/SourceCache/OpenSSL098/OpenSSL098-50/src/ssl/s3_pkt.c:1106:SSL
alert number 46:
Apr 11 22:10:17 miniserv.private postfix/smtpd[90051]: connect from
unknown[93.153.183.18]
Apr 11 22:10:18 miniserv.private postfix/smtpd[90051]: SSL_accept
error from unknown[93.153.183.18]: 0
Apr 11 22:10:18 miniserv.private postfix/smtpd[90051]: warning: TLS
library problem: 90051:error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown:/SourceCache/OpenSSL098/OpenSSL098-50/src/ssl/s3_pkt.c:1106:SSL
alert number 46:
Apr 11 22:10:18 miniserv.private postfix/smtpd[90051]: lost connection
after STARTTLS from unknown[93.153.183.18]
Apr 11 22:10:18 miniserv.private postfix/smtpd[90051]: disconnect from
unknown[93.153.183.18]

Heartbleed via smtpd?

Reply via email to