On Sun, Aug 11, 2024 at 08:12:19PM -0400, Scott Q. wrote:
> In my case the connections were hanging forever. That's why we
> had to get our IDS to kill them after ~5 seconds or they would take up
> a lot of connection slots.
When idle connections don't hang up unilaterally, Postfix times them out
In my case the connections were hanging forever. That's why we
had to get our IDS to kill them after ~5 seconds or they would take up
a lot of connection slots.
Scott
On Sunday, 11/08/2024 at 19:46 Viktor Dukhovni via mailop wrote:
On Sun, Aug 11, 2024 at 05:25:19PM +, Slavko via mailop wr
On Sun, Aug 11, 2024 at 05:25:19PM +, Slavko via mailop wrote:
> Dňa 11. augusta 2024 15:20:50 UTC používateľ "Scott Q. via mailop"
> napísal:
> >I've noticed this maybe 3-4 years ago. Could not tie it to any
> >legitimate customer or application.
>
> Yes, not real users, IPs are mostly fro
It appears that Michael Orlitzky via mailop said:
>On 2024-08-09 15:11:45, Brotman, Alex via mailop wrote:
>> Yes, it should be updated.
>>
>> It might also be worth trying to get a bug filed against opendkim to update
>> docs or comments in the sample configuration file that is provided in the
By suggesting to file a bug, that was against the Debian package, not upstream.
--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast
> -Original Message-
> From: mailop On Behalf Of Michael Orlitzky
> via mailop
> Sent: Saturday, August 10, 2024 10:04 AM
> To: mailop@ma
Hi,
Dňa 11. augusta 2024 15:20:50 UTC používateľ "Scott Q. via mailop"
napísal:
>I've noticed this maybe 3-4 years ago. Could not tie it to any
>legitimate customer or application.
Yes, not real users, IPs are mostly from US (hi COMCAST), but othervise
from ~60 countries, 219 ASNs... I am more
I've noticed this maybe 3-4 years ago. Could not tie it to any
legitimate customer or application.
We created rules in our IDS to drop these connections after 5 seconds
of inactivity and ban the IP for a week.
Didn't hurt any legitimate users.
Didn't spend much time analyzing it, but I think it
On Sun, 11 Aug 2024 13:44:16 +, Slavko via mailop
wrote:
>It is not big amount, nothing to worry about, i am just curious, if
>someone know what botnet/malware is behind that, as i cannot
>find any details about that. Please is it something known?
There is a wide variety of botnet activity,
Hi Slavko,
I agree with your analysis about what's happening: erroneous
plain-SMTP connect to "immediate SSL" port 465.
> It is not big amount, nothing to worry about, i am just curious, if
> someone know what botnet/malware is behind that, as i cannot
> find any details about that. Please is it
Hi all,
in recent months i see multiple "idle" connection attempts to
465 port. When i did tcpdump on it, i see that client does success
TCP handshake, then nothing is sent over it and finally connection
is cleanly closed by client (FIN after ~10 sec).
I guess that it is plain SMTP connection to
Michael Orlitzky via mailop skrev den 2024-08-10 16:03:
(the other, simpler sample config files don't mention the body length
option at all).
same problem here
https://certitude.consulting/blog/en/o365-anti-phishing-measures/
include another origin content into users browser, then all conte
11 matches
Mail list logo