Bob Proulx wrote: > If the web server logs said it was 404 then that is an HTTP 404 return > code and not an SMTP 404 return code since it is in the web server > logs not the smtp server logs....
I know that. (Sorry that I accidentally said they were SMTP response codes, I do know better, they were HTTP response codes, mea culpa, it's late at night and I'm dealing with pain from a kidney stone right now.) Again, for clarity, I was asked by Wietse to examine both the web logs and the Postfix logs on my server (both services are running on a single box, I'm not using Docker), in order to find correlations. I wasn't able to find any correlations. I did see various extraneous HTTP GET requests in my web logs, but none of them related to my mail incidents. I singled out the "GET /nette.micro" requests in particular because they stood out as likely instances of attempted reverse tunneling attacks. Also (something I didn't mention before), one of these corresponded in time pretty closely to one of the fake messages I received -- though I am inclined to dismiss this as mere coincidence, since the GET request failed with a 404 HTTP return code. The HTTP 302 responses to "GET /nette.micro" requests appear, as best I can tell, to have all been simple redirections from HTTP to HTTPS. The corresponding HTTPS GET requests were all rejected with 404 codes. Rich Wales ri...@richw.org
