On 09/03/2018 10:03 PM, Phil Pennock via Exim-users wrote:
> On 2018-08-30 at 12:27 +0200, Mark Elkins via Exim-dev wrote:
>> What this is telling me is someone at 157.0.116.189 is making
>> connections to my mail server - presumable to see if they can detect the
>> accounts of users on my machine?
Interesting variables to log from a notquit-acl include
$smtp_notquit_reason
$smtp_command_history
In particular, one pattern for the latter that earns IPs an immediate
firewall entry on my systems is "^EHLO,(RSET,)?AUTH". I don't advertise
AUTH on an in-clear EHLO, but it doesn't stop them trying...
--
Cheers,
Jeremy
