>> On Dec 25, 2017, at 8:57 PM, li...@sbt.net.au wrote: >> >> anything to worry about ? > > Generally no. There are some SMTP clients that both TLS, > they'll either retry in the clear, or they are likely shoddy > spamware. > Other log messages will show the IP address of the client. If you weren't > expecting any email from that client, just ignore this.
Viktor, thanks, both were from same no hostname IP address # host 125.212.217.214 Host 214.217.212.125.in-addr.arpa. not found: 3(NXDOMAIN) log shows: # grep "Dec 25 08:39" /var/log/maillog Dec 25 08:39:12 geko postfix/smtpd[9700]: connect from unknown[125.212.217.214] Dec 25 08:39:17 geko postfix/smtpd[9700]: Anonymous TLS connection established from unknown[125.212.217.214]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Dec 25 08:39:18 geko postfix/smtpd[9701]: connect from unknown[125.212.217.214] Dec 25 08:39:19 geko postfix/smtpd[9701]: Anonymous TLS connection established from unknown[125.212.217.214]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Dec 25 08:39:19 geko postfix/smtpd[9701]: lost connection after STARTTLS from unknown[125.212.217.214] Dec 25 08:39:19 geko postfix/smtpd[9701]: disconnect from unknown[125.212.217.214] ehlo=1 starttls=1 commands=2 Dec 25 08:39:20 geko postfix/smtpd[9701]: connect from unknown[125.212.217.214] Dec 25 08:39:21 geko postfix/smtpd[9701]: SSL_accept error from unknown[125.212.217.214]: -1 Dec 25 08:39:21 geko postfix/smtpd[9701]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640: Dec 25 08:39:21 geko postfix/smtpd[9701]: lost connection after STARTTLS from unknown[125.212.217.214] Dec 25 08:39:21 geko postfix/smtpd[9701]: disconnect from unknown[125.212.217.214] ehlo=1 starttls=0/1 commands=1/2 Dec 25 08:39:23 geko postfix/smtpd[9701]: connect from unknown[125.212.217.214] Dec 25 08:39:23 geko postfix/smtpd[9700]: lost connection after STARTTLS from unknown[125.212.217.214] Dec 25 08:39:23 geko postfix/smtpd[9700]: disconnect from unknown[125.212.217.214] ehlo=1 starttls=1 commands=2 Dec 25 08:39:24 geko postfix/smtpd[9701]: SSL_accept error from unknown[125.212.217.214]: -1 Dec 25 08:39:24 geko postfix/smtpd[9701]: warning: TLS library problem: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:977: Dec 25 08:39:24 geko postfix/smtpd[9701]: lost connection after STARTTLS from unknown[125.212.217.214] Dec 25 08:39:24 geko postfix/smtpd[9701]: disconnect from unknown[125.212.217.214] ehlo=1 starttls=0/1 commands=1/2 Dec 25 08:39:25 geko postfix/smtpd[9700]: connect from unknown[125.212.217.214] Dec 25 08:39:26 geko postfix/smtpd[9700]: Anonymous TLS connection established from unknown[125.212.217.214]: TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Dec 25 08:39:27 geko postfix/smtpd[9700]: lost connection after STARTTLS from unknown[125.212.217.214] Dec 25 08:39:27 geko postfix/smtpd[9700]: disconnect from unknown[125.212.217.214] ehlo=1 starttls=1 commands=2 Dec 25 08:39:28 geko postfix/smtpd[9701]: connect from unknown[125.212.217.214] Dec 25 08:39:29 geko postfix/smtpd[9701]: Anonymous TLS connection established from unknown[125.212.217.214]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Dec 25 08:39:29 geko postfix/smtpd[9701]: lost connection after STARTTLS from unknown[125.212.217.214] Dec 25 08:39:29 geko postfix/smtpd[9701]: disconnect from unknown[125.212.217.214] ehlo=1 starttls=1 commands=2 Dec 25 08:39:29 geko postfix/smtpd[9700]: connect from unknown[125.212.217.214] Dec 25 08:39:30 geko postfix/smtpd[9700]: lost connection after UNKNOWN from unknown[125.212.217.214] Dec 25 08:39:30 geko postfix/smtpd[9700]: disconnect from unknown[125.212.217.214] unknown=0/1 commands=0/1 Dec 25 08:39:30 geko postfix/smtpd[9701]: connect from unknown[125.212.217.214] Dec 25 08:39:32 geko postfix/smtpd[9701]: Anonymous TLS connection established from unknown[125.212.217.214]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Dec 25 08:39:32 geko postfix/smtpd[9701]: lost connection after STARTTLS from unknown[125.212.217.214] Dec 25 08:39:32 geko postfix/smtpd[9701]: disconnect from unknown[125.212.217.214] ehlo=1 starttls=1 commands=2 Dec 25 08:39:36 geko postfix/smtpd[9700]: connect from unknown[125.212.217.214] Dec 25 08:39:36 geko postfix/smtpd[9700]: lost connection after CONNECT from unknown[125.212.217.214] Dec 25 08:39:36 geko postfix/smtpd[9700]: disconnect from unknown[125.212.217.214] commands=0/0 Dec 25 08:39:39 geko postfix/smtpd[9701]: connect from unknown[125.212.217.214] Dec 25 08:39:41 geko postfix/smtpd[9700]: connect from unknown[125.212.217.214] Dec 25 08:39:41 geko postfix/smtpd[9700]: lost connection after UNKNOWN from unknown[125.212.217.214] Dec 25 08:39:41 geko postfix/smtpd[9700]: disconnect from unknown[125.212.217.214] unknown=0/2 commands=0/2 Dec 25 08:39:45 geko postfix/smtpd[9701]: lost connection after CONNECT from unknown[125.212.217.214] Dec 25 08:39:45 geko postfix/smtpd[9701]: disconnect from unknown[125.212.217.214] commands=0/0 Dec 25 08:47:41 geko postfix/anvil[5707]: statistics: max connection rate 11/1800s for (submission:125.212.217.214) at Dec 25 08:39:41 Dec 25 08:47:41 geko postfix/anvil[5707]: statistics: max connection count 2 for (submission:125.212.217.214) at Dec 25 08:39:18
