Hi Exim users,
This is a snapshot of "tail -f /var/log/exim/exim_main.log | grep '25 lost'
2018-08-30 12:18:12 SMTP connection from (competentartistes.tv)
[185.234.218.213]:64893 I=[192.96.24.1]:25 lost
2018-08-30 12:18:15 SMTP connection from [157.0.116.189]:60563
I=[192.96.24.1]:25 lost
2018-08-30 12:18:23 SMTP connection from (D4DkBydp)
[157.0.116.189]:62004 I=[192.96.24.1]:25 lost
2018-08-30 12:18:26 SMTP connection from (hostby.channelnet.ie)
[5.188.86.5]:8448 I=[192.96.24.1]:25 lost (error: Connection reset by peer)
2018-08-30 12:18:30 SMTP connection from (68MWR6zf)
[157.0.116.189]:55132 I=[192.96.24.1]:25 lost
2018-08-30 12:18:41 SMTP connection from (NeRef0qI)
[157.0.116.189]:53345 I=[192.96.24.1]:25 lost
2018-08-30 12:18:49 SMTP connection from (96v6K9u) [157.0.116.189]:51805
I=[192.96.24.1]:25 lost
2018-08-30 12:19:00 SMTP connection from (e42GVO) [157.0.116.189]:62912
I=[192.96.24.1]:25 lost
2018-08-30 12:19:05 SMTP connection from [189.112.185.186]:58329
I=[192.96.24.1]:25 lost
2018-08-30 12:19:24 SMTP connection from (WoHjRIwT)
[157.0.116.189]:53238 I=[192.96.24.1]:25 lost
What this is telling me is someone at 157.0.116.189 is making
connections to my mail server - presumable to see if they can detect the
accounts of users on my machine?
Anyone have a useful script to detect the above and somehow sink it?
--
Mark James ELKINS - Posix Systems - (South) Africa
mje@??? Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
