Re: [exim] [exim-dev] "25 lost" is giving me useful clues

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Jeremy Harris
Fecha:  
A: exim-users
Asunto: Re: [exim] [exim-dev] "25 lost" is giving me useful clues
On 09/03/2018 10:03 PM, Phil Pennock via Exim-users wrote:
> On 2018-08-30 at 12:27 +0200, Mark Elkins via Exim-dev wrote:
>> What this is telling me is someone at 157.0.116.189 is making
>> connections to my mail server - presumable to see if they can detect the
>> accounts of users on my machine?



Interesting variables to log from a notquit-acl include

    $smtp_notquit_reason
    $smtp_command_history


In particular, one pattern for the latter that earns IPs an immediate
firewall entry on my systems is "^EHLO,(RSET,)?AUTH". I don't advertise
AUTH on an in-clear EHLO, but it doesn't stop them trying...

--
Cheers,
Jeremy