Re: Postfix/smtp/smtpd

Sun, 01 Apr 2018 12:06:28 -0700 

Den1:
> Here is an extract from the log. Thank you.
> 
> Mar 30 05:25:27  postfix/smtps/smtpd[4797]: connect from
> scan-7.security.ipip.net[106.186.113.132]
> Mar 30 05:25:27  postfix/smtps/smtpd[4797]: connect from
> scan-7.security.ipip.net[106.186.113.132]
> Mar 30 05:25:27  postfix/smtps/smtpd[4797]: connect from
> scan-7.security.ipip.net[106.186.113.132]

Postfix does not support three concurrent connections to the same
SMTP server process, so that looks like a logging infrastrucure
that logs the same event three times to the same file.

> Mar 30 05:25:29  postfix/smtps/smtpd[4797]: Anonymous TLS connection
> established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with
> cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
> Mar 30 05:25:29  postfix/smtps/smtpd[4797]: Anonymous TLS connection
> established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with
> cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
> Mar 30 05:25:29  postfix/smtps/smtpd[4797]: Anonymous TLS connection
> established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with
> cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)

More logfile duplication.

> Mar 30 05:25:32  postfix/smtps/smtpd[4797]: lost connection after CONNECT
> from scan-7.security.ipip.net[106.186.113.132]
> Mar 30 05:25:32  postfix/smtps/smtpd[4797]: disconnect from
> scan-7.security.ipip.net[106.186.113.132]
> Mar 30 05:25:32  postfix/smtps/smtpd[4797]: lost connection after CONNECT
> from scan-7.security.ipip.net[106.186.113.132]
> Mar 30 05:25:32  postfix/smtps/smtpd[4797]: disconnect from
> scan-7.security.ipip.net[106.186.113.132]
> Mar 30 05:25:32  postfix/smtps/smtpd[4797]: lost connection after CONNECT
> from scan-7.security.ipip.net[106.186.113.132]
> Mar 30 05:25:32  postfix/smtps/smtpd[4797]: disconnect from
> scan-7.security.ipip.net[106.186.113.132]

More duplication.

Someone is scanning mail servers, for good or evil purposes.

> here is another one:
> 
> Mar 28 22:12:25  postfix/smtps/smtpd[5713]: warning: hostname
> vps147579.trouble-free.net does not resolve to address 174.138.189.116: Name
> or service not known
> Mar 28 22:12:25  postfix/smtps/smtpd[5713]: connect from
> unknown[174.138.189.116]
> Mar 28 22:12:25  postfix/smtps/smtpd[5713]: SSL_accept error from
> unknown[174.138.189.116]: lost connection
> Mar 28 22:12:25  postfix/smtps/smtpd[5713]: lost connection after CONNECT
> from unknown[174.138.189.116]
> Mar 28 22:12:25  postfix/smtps/smtpd[5713]: disconnect from
> unknown[174.138.189.116]

Welcome to the Internet. If you have not looked at Postfix logs
before, then you may be surprised at the amount of noise.

        Wietse

Reply via email to