Re: connect then disconnect; backscatter?

Sat, 17 Apr 2021 05:41:56 -0700

Is it possible to identify which password smtp is trying to use? if so I would like to know how 

El 17/04/2021 a las 14:13, Wietse Venema escribió:

li...@lazygranch.com:

I am getting a lot of these:

Apr 17 07:27:10 mydomain postfix/smtpd[21897]: connect from 
mone183.secundiarourous.com[141.98.10.183]
Apr 17 07:27:11 mydomain postfix/smtpd[21897]: disconnect from 
mone183.secundiarourous.com[141.98.10.183] ehlo=1 auth=0/1 quit=1 commands=2/3

They send quit after sending EHLO and AUTH (which failed). I use
the regexp "auth=./" to identify password-guessing bots.

        Wietse

Attachment: smime.p7s
Description: Firma criptográfica S/MIME

Reply via email to