On Mon, 2021-03-29 at 21:18 -0400, Bill Cole wrote: > On 29 Mar 2021, at 20:56, Gordon Ewasiuk wrote: > > > Hi List, > > > > Can I get a sanity check please? Am seeing 50-60 of these a day: > > > > Out: 220 fortirwin.blackhorselabs.net ESMTP Postfix > > In: AUTH TLS > > Out: 503 5.5.1 Error: send HELO/EHLO first > > > > Is that a mis-config on my part (very possible) or just a random > > scanner? The AUTH TLS lines are coming from a single provider - > > which > > I won't name and shame here. > > That's a *broken* scanner of some sort. There's no rational way for > any > client to try any AUTH command without first sending EHLO and getting > a > response with the available mechanisms. Beyond that, I'm fairly > certain > that the only protocol where "AUTH TLS" is a valid command is in > FTP, > where it is the unfortunately-named analog of the "STARTTLS" command > in > SMTP. There is no SMTP server that should ever respond usefully to > "AUTH > TLS." > > If you were to "name and shame," it would likely only to be of a > malicious or at least extremely stupid actor.
Thanks, Bill, for the sanity check. It seemed odd but given how many options and config bits exist for Postfix (a good thing!), I figured I should check with the pros just in case I missed something. Thanks again! -Gordon
