Spyware Warrior :: View topic - mailserver "audit" from Romania

Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances

FAQ :: Search :: Memberlist :: Usergroups :: Register

Profile :: Log in to check your private messages :: Log in

mailserver "audit" from Romania

Spyware Warrior Forum Index -> Spam

View previous topic :: View next topic

Author

Message

olliver
Expert Developer

Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

Posted: Sun Apr 12, 2009 11:31 pm Post subject: mailserver "audit" from Romania

Someone using 94.52.76.47 located in Romania thought it might be worth trying to have a peek at my mailswerver. Not that it imposed any danger, but the clutter in the logs is still nasty and so is the waste of bandwidth.

evidence in logfiles:

Quote:

Apr 13 00:17:08 mail in.qpopper[11784]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:17:09 mail in.qpopper[11784]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:17:09 mail in.qpopper[11784]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:09 mail in.qpopper[11784]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:12 mail in.qpopper[11785]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:17:13 mail sm-mta[11783]: n3CMHDGV011783: rejecting commands from [94.52.76.47] [94.52.76.47] due to pre-greeting traffic
Apr 13 00:17:17 mail sm-mta[11786]: n3CMHHfK011786: rejecting commands from [94.52.76.47] [94.52.76.47] due to pre-greeting traffic
Apr 13 00:17:17 mail in.qpopper[11785]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:17:17 mail in.qpopper[11787]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:17:17 mail in.qpopper[11787]: (null) at 94.52.76.47 (94.52.76.47): -ERR Unknown command: "^V^C^A". [pop_get_command.c:152]
Apr 13 00:17:17 mail in.qpopper[11787]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:17:17 mail in.qpopper[11787]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:17 mail in.qpopper[11787]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:17 mail in.qpopper[11788]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:17:17 mail in.qpopper[11788]: (null) at 94.52.76.47 (94.52.76.47): -ERR Unknown command: "^V^C". [pop_get_command.c:152]
Apr 13 00:17:17 mail in.qpopper[11788]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:17:17 mail in.qpopper[11788]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:17 mail in.qpopper[11788]: I/O error flushing output to client at 94.52.76.47 [94.52.76.47]: Broken pipe (32) [pop_send.c:689]
Apr 13 00:17:17 mail in.qpopper[11789]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:17:17 mail in.qpopper[11789]: (null) at 94.52.76.47 (94.52.76.47): -ERR Unknown command: "get". [pop_get_command.c:152]
Apr 13 00:17:20 mail in.qpopper[11789]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:17:23 mail sm-mta[11790]: n3CMHNct011790: rejecting commands from [94.52.76.47] [94.52.76.47] due to pre-greeting traffic
Apr 13 00:17:28 mail sm-mta[11791]: n3CMHSoh011791: rejecting commands from [94.52.76.47] [94.52.76.47] due to pre-greeting traffic
Apr 13 00:17:33 mail sm-mta[11792]: n3CMHXmJ011792: rejecting commands from [94.52.76.47] [94.52.76.47] due to pre-greeting traffic
Apr 13 00:17:33 mail sm-mta[11792]: n3CMHXmJ011792: [94.52.76.47]: probable open proxy: command=GET / HTTP/1.0\r\n
Apr 13 00:19:26 mail in.qpopper[11793]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11793]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:26 mail in.qpopper[11794]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11795]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11796]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11797]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11798]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11799]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11800]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11801]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11802]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11803]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11804]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11805]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11806]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11807]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11808]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:26 mail in.qpopper[11809]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11810]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11811]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11812]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11813]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11814]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11815]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11816]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11817]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11818]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11819]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11820]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11821]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11822]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11823]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11824]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11825]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11826]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11827]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11828]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11829]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11830]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11831]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11832]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11794]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11796]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11833]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11834]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11835]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11836]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11798]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11837]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11800]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11838]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11839]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11840]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11802]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11841]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11842]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:19:27 mail in.qpopper[11803]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11806]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11809]: admin at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:19:27 mail in.qpopper[11810]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11813]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11815]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11816]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11818]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11820]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11822]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11824]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11827]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11829]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:27 mail in.qpopper[11830]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11832]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11834]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11837]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11838]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11840]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11841]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11795]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11799]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11801]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11805]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11804]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11797]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11807]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11808]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11811]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11812]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11814]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11794]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11796]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11819]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11817]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11798]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11821]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11800]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11802]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11803]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11823]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11825]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11826]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11806]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11809]: admin at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11828]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11831]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11835]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11833]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11842]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11836]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:19:28 mail in.qpopper[11839]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:22:28 mail sm-mta[11843]: n3CMJYhR011843: [94.52.76.47] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Apr 13 00:22:29 mail sm-mta[9991]: deferring connections on daemon MTA-v4: 15 per second
Apr 13 00:22:32 mail sm-mta[9991]: deferring connections on daemon MTA-v4: 15 per second
Apr 13 00:22:33 mail sm-mta[11867]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11868]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11869]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11870]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11871]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11872]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11873]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11874]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11875]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11876]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11877]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11878]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11879]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11880]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11881]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11882]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11883]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11884]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11885]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:34 mail sm-mta[11886]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11887]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11888]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11889]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11891]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11893]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11894]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11895]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11896]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11897]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11890]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11892]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11898]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11899]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11900]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11901]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:35 mail sm-mta[11902]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:36 mail sm-mta[11903]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11904]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11905]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11906]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11907]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11908]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11909]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11910]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11911]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11912]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11913]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11914]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11915]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11916]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11917]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11918]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11919]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:37 mail sm-mta[11920]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11865]: n3CMMXKV011865: [94.52.76.47] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Apr 13 00:22:38 mail sm-mta[11921]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11922]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11923]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11924]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11925]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11926]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11927]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11928]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11929]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11930]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:38 mail sm-mta[11931]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:39 mail sm-mta[11932]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:41 mail sm-mta[11933]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:41 mail sm-mta[11934]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:41 mail sm-mta[11935]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:41 mail sm-mta[11936]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:41 mail sm-mta[11937]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:42 mail sm-mta[11938]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:42 mail sm-mta[11939]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:42 mail sm-mta[11940]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:42 mail sm-mta[11866]: n3CMMXws011866: [94.52.76.47] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Apr 13 00:22:42 mail sm-mta[11864]: n3CMMXPZ011864: [94.52.76.47] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Apr 13 00:22:44 mail sm-mta[11941]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11942]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11943]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11944]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11945]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11946]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11947]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11948]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11949]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11950]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11951]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:22:44 mail sm-mta[11952]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:16 mail sm-mta[11953]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:17 mail sm-mta[11954]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:26 mail sm-mta[11955]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:31 mail sm-mta[11956]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:32 mail sm-mta[11957]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:38 mail sm-mta[11958]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:39 mail in.qpopper[11960]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:23:39 mail in.qpopper[11960]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:23:39 mail in.qpopper[11962]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:23:39 mail in.qpopper[11962]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:23:39 mail in.qpopper[11963]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:23:39 mail in.qpopper[11963]: (null) at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:23:39 mail in.qpopper[11964]: (v4.0.5) Unable to get canonical name of client 94.52.76.47: Name or service not known (-2) [pop_init.c:1196]
Apr 13 00:23:39 mail in.qpopper[11964]: nessus181852336 at 94.52.76.47 (94.52.76.47): -ERR [AUTH] You must use stronger authentication such as APOP to connect to this server [pop_user.c:365]
Apr 13 00:23:39 mail in.qpopper[11964]: nessus181852336 at 94.52.76.47 (94.52.76.47): -ERR POP EOF or I/O Error [popper.c:820]
Apr 13 00:23:43 mail sm-mta[11959]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:44 mail sm-mta[11961]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:45 mail sm-mta[11965]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:50 mail sm-mta[11966]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:53 mail sm-mta[11967]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:54 mail sm-mta[11968]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:54 mail sm-mta[11969]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.
Apr 13 00:23:54 mail sm-mta[11970]: ruleset=check_relay, arg1=[94.52.76.47], arg2=94.52.76.47, relay=[94.52.76.47], reject=421 4.3.2 Connection rate limit exceeded.

Perhaps I need to implement a trigger for the connection rate via iptables, so that twits like this get promptly firewalled. 94.52.76.47 does not resolve to anything meaningful and neither does whois contribute to any clarification whether this is server or enduser space.

Quote:

inetnum: 94.52.0.0 - 94.52.255.255
netname: RO-NEWCOM
descr: New Com Telecomunicatii SA
country: RO
admin-c: NWCT-RIPE
tech-c: NWCT-RIPE
status: ASSIGNED PA
mnt-by: NEWCOM-MNT
mnt-domains: NEWCOM-MNT
source: RIPE # Filtered

role: NewCom NOC
address: Bd. Natiunile Unite nr 1, bl. 108A, Gemenii Sitraco Center
address: Bucharest / ROMANIA
e-mail: noc curly thing newcom.ro
phone: +40 21 569 00 99
admin-c: FI517-RIPE
tech-c: CV1352-RIPE
tech-c: DS5153-RIPE
nic-hdl: NWCT-RIPE
remarks: +--------------------------------------------------------------
remarks: | ABUSE CONTACT: abuse curly thing newcom.ro IN CASE OF attacks,spam, etc|
remarks: | NOC CONTACT: noc curly thing newcom.ro |
remarks: +--------------------------------------------------------------
mnt-by: NEWCOM-MNT
source: RIPE # Filtered

% Information related to '94.52.64.0/18AS35002'

route: 94.52.64.0/18
descr: New Com Telecomunicatii SA - SE
origin: AS35002
mnt-by: NEWCOM-MNT
source: RIPE # Filtered

The domain "newcom.ro" redirects to injoy.ro:
http://www.injoy.ro/en/

Does not look like any servers are hosted here, so mailservers probably do not expect direct communication from these ranges - unless one of your authentificated users happens to use these fellows as provider. So handle with care when blocking their ranges Wink

Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.

Last edited by olliver on Mon Apr 20, 2009 4:06 am; edited 1 time in total

mikey
Malware Expert

Joined: 12 Feb 2004
Last Visit: 03 Sep 2012
Posts: 1061
Location: CenTex

Posted: Mon Apr 13, 2009 9:51 am Post subject:

Quote:

Perhaps I need to implement a trigger for the connection rate via iptables...

I've found this script to save many headaches; DDoS Deflate http://deflate.medialayer.com/

I found out first hand that it can mitigate tens of thousands of sources without overload (even on lightweight appliances). It's extremely easy to use and install. We use it now for all our services in addition to our FWs. It's a real KISS implementation. Smile

HTH
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

mikey
Malware Expert

Joined: 12 Feb 2004
Last Visit: 03 Sep 2012
Posts: 1061
Location: CenTex

Posted: Mon Apr 13, 2009 10:04 am Post subject:

BTW If you want to use something a bit more sophisticated, you might try SSHBlack; http://www.pettingers.org/code/sshblack.html Very effective for mitigating dictionary attacks and such like in your log. _________________ - W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE Spyware/Adware is NOT freeware, it costs all of us dearly. Mikey's Stuff Fiddler and friends...essential web diagnostic, forensic, & development tools. -

olliver
Expert Developer

Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

Posted: Tue Apr 14, 2009 1:34 am Post subject:

mikey wrote:

Quote:

Perhaps I need to implement a trigger for the connection rate via iptables...

Thanks for the recommendation, Mikey. I looked at the sources (which wasn't easy because you cannot just download the entire package) and it seems it principally does what you needed to do with iptables anyway. So long as it does not interfere with other iptables scripts I wrote (like one that loads the ruleset from a file whenever the server is rebooted) this may be an option.

Quote:

BTW If you want to use something a bit more sophisticated, you might try SSHBlack; http://www.pettingers.org/code/sshblack.html

Very effective for mitigating dictionary attacks and such like in your log.

Thanks, but SSH is not much of a headache to me. I configured it to run on a non standard port and verified it won't show up with an Nmap standard scan. Additionally, root login via SSH is disabled and cryptic passwords are enforced for the chosen few that do have ssh access.

But as its description says, it could be used for monitoring any kind of service, I may have a look at it too, after having gone through the code to see what exactly it does.

Cheers,
Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.

mikey
Malware Expert

Joined: 12 Feb 2004
Last Visit: 03 Sep 2012
Posts: 1061
Location: CenTex

Posted: Tue Apr 14, 2009 8:17 am Post subject:

Quote:

But as its description says, it could be used for monitoring any kind of service...

Exactly.

You know, I hardly ever write my own scripts anymore. Today, there are scripts published for just about anything you could possibly think of. All that is ever needed now, is to cfg or possibly modify to fit my needs. While I may be a little bit lazy, it's actually more of a time management thing for me. Smile

_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

Display posts from previous:

	Spyware Warrior Forum Index -> Spam	All times are GMT - 8 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum