On 29 Mar 2021, at 20:56, Gordon Ewasiuk wrote:
Hi List,
Can I get a sanity check please? Am seeing 50-60 of these a day:
Out: 220 fortirwin.blackhorselabs.net ESMTP Postfix
In: AUTH TLS
Out: 503 5.5.1 Error: send HELO/EHLO first
Is that a mis-config on my part (very possible) or just a random
scanner? The AUTH TLS lines are coming from a single provider - which
I won't name and shame here.
That's a *broken* scanner of some sort. There's no rational way for any
client to try any AUTH command without first sending EHLO and getting a
response with the available mechanisms. Beyond that, I'm fairly certain
that the only protocol where "AUTH TLS" is a valid command is in FTP,
where it is the unfortunately-named analog of the "STARTTLS" command in
SMTP. There is no SMTP server that should ever respond usefully to "AUTH
TLS."
If you were to "name and shame," it would likely only to be of a
malicious or at least extremely stupid actor.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
