ukrainische hidehost Farmen
Christoph Kukulies
kuku at kukulies.org
Do Feb 23 15:32:10 CET 2017
Am 23.02.2017 um 15:01 schrieb Peer Heinlein:
> On 23.02.2017 14:47, Christoph Kukulies wrote:
> kann man aus dem folgenden Log schließen?
>> Feb 23 14:13:19 mydomain postfix/smtpd[26438]: warning: hostname
>> vps863.hidehost.net does not resolve to address 91.200.12.142
>> Feb 23 14:13:19 mydomain postfix/smtpd[26438]: connect from
>> unknown[91.200.12.142]
>> Feb 23 14:13:20 mydomain postfix/smtpd[26438]: lost connection after
>> AUTH from unknown[91.200.12.142]
>> Feb 23 14:13:20 mydomain postfix/smtpd[26438]: disconnect from
>> unknown[91.200.12.142] ehlo=1 auth=0/1 commands=1/2
>>
>> Versuchen die eine Autentifizierung hinzukriegen? Oder fliegen die
>> vorher raus?
> debug_peer_list = 91.200.0.0/16
>
> Peer
>
>
>
>
Dies ist nun der output, den ich bekomme:
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: warning: hostname
vps863.hidehost.net does not resolve to address 91.200.12.142
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: connect from
unknown[91.200.12.142]
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: smtp_stream_setup:
maxtime=300 enable_deadline=0
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostname:
smtpd_client_event_limit_exceptions: unknown ~? 127.0.0.0/8
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostaddr:
smtpd_client_event_limit_exceptions: 91.200.12.142 ~? 127.0.0.0/8
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostname:
smtpd_client_event_limit_exceptions: unknown ~? [::ffff:127.0.0.0]/104
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostaddr:
smtpd_client_event_limit_exceptions: 91.200.12.142 ~? [::ffff:127.0.0.0]/104
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostname:
smtpd_client_event_limit_exceptions: unknown ~? [::1]/128
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostaddr:
smtpd_client_event_limit_exceptions: 91.200.12.142 ~? [::1]/128
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_list_match:
unknown: no match
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_list_match:
91.200.12.142: no match
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: send attr request = connect
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: send attr ident =
smtp:91.200.12.142
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: private/anvil: wanted
attribute: status
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: input attribute name: status
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: input attribute value: 0
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: private/anvil: wanted
attribute: count
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: input attribute name: count
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: input attribute value: 1
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: private/anvil: wanted
attribute: rate
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: input attribute name: rate
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: input attribute value: 1
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: private/anvil: wanted
attribute: (list terminator)
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: input attribute name: (end)
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
220 mail.halfmoon.org ESMTP Postfix (Ubuntu)
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: watchdog_pat: 0x819604c8
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: < unknown[91.200.12.142]:
EHLO User
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_list_match:
unknown: no match
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_list_match:
91.200.12.142: no match
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
250-mail.halfmoon.org
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
250-PIPELINING
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
250-SIZE 51200000
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
250-ETRN
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
250-STARTTLS
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
250-ENHANCEDSTATUSCODES
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
250-8BITMIME
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
250-DSN
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
250 SMTPUTF8
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: watchdog_pat: 0x819604c8
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: < unknown[91.200.12.142]:
AUTH LOGIN
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: > unknown[91.200.12.142]:
503 5.5.1 Error: authentication not enabled
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: watchdog_pat: 0x819604c8
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: smtp_get: EOF
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostname:
smtpd_client_event_limit_exceptions: unknown ~? 127.0.0.0/8
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostaddr:
smtpd_client_event_limit_exceptions: 91.200.12.142 ~? 127.0.0.0/8
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostname:
smtpd_client_event_limit_exceptions: unknown ~? [::ffff:127.0.0.0]/104
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostaddr:
smtpd_client_event_limit_exceptions: 91.200.12.142 ~? [::ffff:127.0.0.0]/104
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostname:
smtpd_client_event_limit_exceptions: unknown ~? [::1]/128
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_hostaddr:
smtpd_client_event_limit_exceptions: 91.200.12.142 ~? [::1]/128
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_list_match:
unknown: no match
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: match_list_match:
91.200.12.142: no match
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: send attr request =
disconnect
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: send attr ident =
smtp:91.200.12.142
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: private/anvil: wanted
attribute: status
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: input attribute name: status
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: input attribute value: 0
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: private/anvil: wanted
attribute: (list terminator)
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: input attribute name: (end)
Feb 23 15:17:34 halfmoon postfix/smtpd[27336]: lost connection after
AUTH from unknown[91.200.12.142]
Feb 24 15:17:34 halfmoon postfix/smtpd[27336]: disconnect from
unknown[91.200.12.142] ehlo=1 auth=0/1 commands=1/2
Grüße
Christoph
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20170223/14cccdfd/attachment.html>
Mehr Informationen über die Mailingliste Postfixbuch-users