Posted on November 23, 2018
I found people connecting to our mail server, giving the auth command, then disconnecting. I found out that this was a Chinese botnet attempting to deliver spam but why they would issue an auth command and then not provide arguments is not clear. Perhaps they are aware of some bug in postfix that I am not.
At any rate it is bad behavior so I have added rules to fail2ban to block IP addresses that do this. That’s one less botnet delivering spam.
Ad blocker detected: Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker on our website.
What's Up With Eskimo's Community!
1 post • Page 1 of 1
Users browsing this forum: Bing [Bot] and 60 guests