Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

mailserver "audit" from Romania

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam
View previous topic :: View next topic  
Author Message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Sun Apr 12, 2009 11:31 pm    Post subject: mailserver "audit" from Romania Reply with quote

Someone using 94.52.76.47 located in Romania thought it might be worth trying to have a peek at my mailswerver. Not that it imposed any danger, but the clutter in the logs is still nasty and so is the waste of bandwidth.

evidence in logfiles:

Quote:
Apr 13 00:17:08 mail in.qpopper[11784]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:17:09 mail in.qpopper[11784]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:17:09 mail in.qpopper[11784]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:09 mail in.qpopper[11784]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:12 mail in.qpopper[11785]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:17:13 mail sm-mta[11783]: n3CMHDGV011783: rejecting commands from [94.52.76.47] [94.52.76.47] due to pre-greeting traffic
Apr 13 00:17:17 mail sm-mta[11786]: n3CMHHfK011786: rejecting commands from [94.52.76.47] [94.52.76.47] due to pre-greeting traffic
Apr 13 00:17:17 mail in.qpopper[11785]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:17:17 mail in.qpopper[11787]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:17:17 mail in.qpopper[11787]: (null) at 94.52.76.47 (94.52.76.47): -ERR Unknown command: "^V^C^A". [pop_get_command.c:152]
Apr 13 00:17:17 mail in.qpopper[11787]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:17:17 mail in.qpopper[11787]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:17 mail in.qpopper[11787]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:17 mail in.qpopper[11788]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:17:17 mail in.qpopper[11788]: (null) at 94.52.76.47 (94.52.76.47): -ERR Unknown command: "^V^C". [pop_get_command.c:152]
Apr 13 00:17:17 mail in.qpopper[11788]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:17:17 mail in.qpopper[11788]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:17 mail in.qpopper[11788]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:17 mail in.qpopper[11789]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:17:17 mail in.qpopper[11789]: (null) at 94.52.76.47 (94.52.76.47): -ERR Unknown command: "get". [pop_get_command.c:152]
Apr 13 00:17:20 mail in.qpopper[11789]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:17:23 mail sm-mta[11790]: n3CMHNct011790: rejecting commands from [94.52.76.47] [94.52.76.47] due to pre-greeting traffic
Apr 13 00:17:28 mail sm-mta[11791]: n3CMHSoh011791: rejecting commands from [94.52.76.47] [94.52.76.47] due to pre-greeting traffic
Apr 13 00:17:33 mail sm-mta[11792]: n3CMHXmJ011792: rejecting commands from [94.52.76.47] [94.52.76.47] due to pre-greeting traffic
Apr 13 00:17:33 mail sm-mta[11792]: n3CMHXmJ011792: [94.52.76.47]: probable open proxy: command=GET / HTTP/1.0\r\n
Apr 13 00:19:26 mail in.qpopper[11793]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11793]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:26 mail in.qpopper[11794]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11795]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11796]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11797]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11798]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11799]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11800]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11801]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11802]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11803]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11804]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11805]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11806]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11807]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11808]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11809]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11810]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11811]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11812]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11813]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11814]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11815]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11816]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11817]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11818]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11819]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11820]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11821]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11822]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11823]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11824]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11825]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11826]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11827]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11828]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11829]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11830]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11831]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11832]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11794]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11796]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11833]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11834]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11835]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11836]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11798]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11837]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11800]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11838]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11839]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11840]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11802]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11841]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11842]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11803]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11806]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11809]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11810]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11813]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11815]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11816]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11818]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11820]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11822]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11824]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11827]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11829]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11830]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11832]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11834]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11837]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11838]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11840]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11841]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11795]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11799]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11801]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11805]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11804]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11797]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11807]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11808]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11811]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11812]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11814]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11794]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11796]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11819]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11817]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11798]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11821]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11800]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11802]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11803]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11823]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11825]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11826]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11806]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11809]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11828]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11831]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11835]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11833]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11842]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11836]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11839]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:22:28 mail sm-mta[11843]: n3CMJYhR011843: [94.52.76.47] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Apr 13 00:22:29 mail sm-mta[9991]: deferring connections on daemon MTA-v4: 15 per second
Apr 13 00:22:32 mail sm-mta[9991]: deferring connections on daemon MTA-v4: 15 per second
Apr 13 00:22:33 mail sm-mta[11867]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11868]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11869]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11870]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11871]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11872]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11873]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11874]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11875]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11876]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11877]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11878]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11879]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11880]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11881]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11882]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11883]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11884]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11885]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11886]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11887]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11888]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11889]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11891]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11893]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11894]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11895]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11896]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11897]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11890]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11892]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11898]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11899]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11900]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11901]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11902]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:36 mail sm-mta[11903]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11904]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11905]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11906]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11907]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11908]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11909]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11910]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11911]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11912]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11913]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11914]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11915]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11916]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11917]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11918]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11919]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11920]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11865]: n3CMMXKV011865: [94.52.76.47] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Apr 13 00:22:38 mail sm-mta[11921]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11922]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11923]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11924]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11925]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11926]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11927]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11928]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11929]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11930]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11931]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:39 mail sm-mta[11932]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:41 mail sm-mta[11933]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:41 mail sm-mta[11934]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:41 mail sm-mta[11935]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:41 mail sm-mta[11936]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:41 mail sm-mta[11937]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:42 mail sm-mta[11938]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:42 mail sm-mta[11939]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:42 mail sm-mta[11940]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:42 mail sm-mta[11866]: n3CMMXws011866: [94.52.76.47] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Apr 13 00:22:42 mail sm-mta[11864]: n3CMMXPZ011864: [94.52.76.47] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Apr 13 00:22:44 mail sm-mta[11941]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11942]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11943]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11944]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11945]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11946]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11947]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11948]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11949]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11950]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11951]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11952]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:16 mail sm-mta[11953]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:17 mail sm-mta[11954]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:26 mail sm-mta[11955]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:31 mail sm-mta[11956]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:32 mail sm-mta[11957]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:38 mail sm-mta[11958]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:39 mail in.qpopper[11960]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:23:39 mail in.qpopper[11960]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:23:39 mail in.qpopper[11962]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:23:39 mail in.qpopper[11962]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:23:39 mail in.qpopper[11963]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:23:39 mail in.qpopper[11963]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:23:39 mail in.qpopper[11964]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:23:39 mail in.qpopper[11964]: nessus181852336 at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:23:39 mail in.qpopper[11964]: nessus181852336 at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:23:43 mail sm-mta[11959]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:44 mail sm-mta[11961]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:45 mail sm-mta[11965]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:50 mail sm-mta[11966]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:53 mail sm-mta[11967]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:54 mail sm-mta[11968]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:54 mail sm-mta[11969]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:54 mail sm-mta[11970]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.


Perhaps I need to implement a trigger for the connection rate via iptables, so that twits like this get promptly firewalled. 94.52.76.47 does not resolve to anything meaningful and neither does whois contribute to any clarification whether this is server or enduser space.

Quote:
inetnum: 94.52.0.0 - 94.52.255.255
netname: RO-NEWCOM
descr: New Com Telecomunicatii SA
country: RO
admin-c: NWCT-RIPE
tech-c: NWCT-RIPE
status: ASSIGNED PA
mnt-by: NEWCOM-MNT
mnt-domains: NEWCOM-MNT
source: RIPE # Filtered

role: NewCom NOC
address: Bd. Natiunile Unite nr 1, bl. 108A, Gemenii Sitraco Center
address: Bucharest / ROMANIA
e-mail: noc curly thing newcom.ro
phone: +40 21 569 00 99
admin-c: FI517-RIPE
tech-c: CV1352-RIPE
tech-c: DS5153-RIPE
nic-hdl: NWCT-RIPE
remarks: +--------------------------------------------------------------
remarks: | ABUSE CONTACT: abuse curly thing newcom.ro IN CASE OF attacks,spam, etc|
remarks: | NOC CONTACT: noc curly thing newcom.ro |
remarks: +--------------------------------------------------------------
mnt-by: NEWCOM-MNT
source: RIPE # Filtered

% Information related to '94.52.64.0/18AS35002'

route: 94.52.64.0/18
descr: New Com Telecomunicatii SA - SE
origin: AS35002
mnt-by: NEWCOM-MNT
source: RIPE # Filtered


The domain "newcom.ro" redirects to injoy.ro:
http://www.injoy.ro/en/

Does not look like any servers are hosted here, so mailservers probably do not expect direct communication from these ranges - unless one of your authentificated users happens to use these fellows as provider. So handle with care when blocking their ranges Wink

Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.


Last edited by olliver on Mon Apr 20, 2009 4:06 am; edited 1 time in total
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Mon Apr 13, 2009 9:51 am    Post subject: Reply with quote

Quote:
Perhaps I need to implement a trigger for the connection rate via iptables...


I've found this script to save many headaches; DDoS Deflate http://deflate.medialayer.com/

I found out first hand that it can mitigate tens of thousands of sources without overload (even on lightweight appliances). It's extremely easy to use and install. We use it now for all our services in addition to our FWs. It's a real KISS implementation. Smile

HTH
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Mon Apr 13, 2009 10:04 am    Post subject: Reply with quote

BTW If you want to use something a bit more sophisticated, you might try SSHBlack; http://www.pettingers.org/code/sshblack.html

Very effective for mitigating dictionary attacks and such like in your log.
Back to top
View user's profile Send private message Visit poster's website
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Tue Apr 14, 2009 1:34 am    Post subject: Reply with quote

mikey wrote:
Quote:
Perhaps I need to implement a trigger for the connection rate via iptables...


I've found this script to save many headaches; DDoS Deflate http://deflate.medialayer.com/

I found out first hand that it can mitigate tens of thousands of sources without overload (even on lightweight appliances). It's extremely easy to use and install. We use it now for all our services in addition to our FWs.


Thanks for the recommendation, Mikey. I looked at the sources (which wasn't easy because you cannot just download the entire package) and it seems it principally does what you needed to do with iptables anyway. So long as it does not interfere with other iptables scripts I wrote (like one that loads the ruleset from a file whenever the server is rebooted) this may be an option.

Quote:
BTW If you want to use something a bit more sophisticated, you might try SSHBlack; http://www.pettingers.org/code/sshblack.html

Very effective for mitigating dictionary attacks and such like in your log.


Thanks, but SSH is not much of a headache to me. I configured it to run on a non standard port and verified it won't show up with an Nmap standard scan. Additionally, root login via SSH is disabled and cryptic passwords are enforced for the chosen few that do have ssh access.

But as its description says, it could be used for monitoring any kind of service, I may have a look at it too, after having gone through the code to see what exactly it does.

Cheers,
Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Tue Apr 14, 2009 8:17 am    Post subject: Reply with quote

Quote:
But as its description says, it could be used for monitoring any kind of service...


Exactly.

You know, I hardly ever write my own scripts anymore. Today, there are scripts published for just about anything you could possibly think of. All that is ever needed now, is to cfg or possibly modify to fit my needs. While I may be a little bit lazy, it's actually more of a time management thing for me. Smile
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group