Author: web Date: To: exim-users Subject: Re: [exim] SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
HI
Since 8 days, I recive very strange errors in exim_mainlog:
Here are some recent examples:
2012-04-06 02:33:30 TLS error on connection from (localhost) [74.79.177.106]
(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol
2012-04-06 02:34:46 TLS error on connection from (localhost)
[186.182.196.246] (SSL_accept): error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2012-04-06 02:35:32 TLS error on connection from (localhost) [173.21.9.179]
(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol
2012-04-06 02:36:02 TLS error on connection from (localhost)
[119.77.234.116] (SSL_accept): error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Everytime there is (localhost) [IP] connection scheme, and there is error
140760FC with the same message, while IPs in [...] are different.
My server accept TLS connections. I've checked many of IPs from such errors,
and all of them was some sort of dictionary attackers, open relay mail
servers etc. Also non of my users reported that they missed any emails.
I don't know if there is some sort of attack to my server? Is there any way
to know what domain they try to connect? I tried to tcpdump packed while
this error becames, and the only thing I found that they send QUIT very soon
after connection, this is something I catch on 25 port just before error
became:
