can you detect this attack? for throtle the smtp connection or log error
+ remote ip address to help to add a fail2ban rule ?
thanks!
Mar 31 16:07:15 scarlet synchronet: mail 0128 SMTP Session thread started
Mar 31 16:07:15 scarlet synchronet: mail 0128 SMTP Connection accepted
on port 25 from: 45.143.223.164 port 60809
Mar 31 16:07:15 scarlet synchronet: mail 0128 SMTP DNSBL Query:
164.223.143.45.sbl.spamhaus.org
Mar 31 16:07:15 scarlet synchronet: mail 0128 SMTP DNSBL Query:
164.223.143.45.sbl.spamhaus.org resolved to: 127.0.0.3
Mar 31 16:07:15 scarlet synchronet: mail 0128 SMTP BLACKLISTED SERVER on
sbl.spamhaus.org (see http://www.spamhaus.org/):
[45.143.223.164] = 127.0.0.3
Mar 31 16:07:15 scarlet synchronet: mail 0128 SMTP Session
ID=14cf8023962f051dee29521
Mar 31 16:07:16 scarlet synchronet: mail 0178 SMTP !ERROR 32 sending on
socket
Mar 31 16:07:16 scarlet synchronet: mail 0178 SMTP Socket closed by peer
on receive
Mar 31 16:07:16 scarlet synchronet: mail 0178 SMTP Session thread
terminated (8 threads remain, 3817 clients served)
Mar 31 16:07:16 scarlet synchronet: mail 0128 SMTP RX: EHLO ylmf-pc
Mar 31 16:07:16 scarlet synchronet: mail 0128 SMTP RX: AUTH LOGIN
Mar 31 16:07:16 scarlet synchronet: mail 0128 SMTP Socket closed by peer
on receive
Mar 31 16:07:16 scarlet synchronet: mail 0128 SMTP !missing AUTH LOGIN
username argument
Mar 31 16:07:16 scarlet synchronet: mail 0178 SMTP Session thread started
Mar 31 16:07:16 scarlet synchronet: mail 0178 SMTP Connection accepted
on port 25 from: 45.143.223.164 port 52049
Mar 31 16:07:16 scarlet synchronet: mail 0178 SMTP DNSBL Query:
164.223.143.45.sbl.spamhaus.org
Mar 31 16:07:16 scarlet synchronet: mail 0178 SMTP DNSBL Query:
164.223.143.45.sbl.spamhaus.org resolved to: 127.0.0.3
Mar 31 16:07:16 scarlet synchronet: mail 0178 SMTP BLACKLISTED SERVER on
sbl.spamhaus.org (see http://www.spamhaus.org/):
[45.143.223.164] = 127.0.0.3
Mar 31 16:07:16 scarlet synchronet: mail 0178 SMTP Session
ID=14cfb25cfd1eba1dee30b55
Mar 31 16:07:16 scarlet synchronet: mail 0188 SMTP !ERROR 32 sending on
socket
Mar 31 16:07:16 scarlet synchronet: mail 0188 SMTP Socket closed by peer
on receive
Mar 31 16:07:16 scarlet synchronet: mail 0188 SMTP Session thread
terminated (8 threads remain, 3818 clients served)
Mar 31 16:07:16 scarlet synchronet: mail 0178 SMTP RX: EHLO ylmf-pc
Mar 31 16:07:17 scarlet synchronet: mail 0178 SMTP RX: AUTH LOGIN
Mar 31 16:07:17 scarlet synchronet: mail 0178 SMTP Socket closed by peer
on receive
Mar 31 16:07:17 scarlet synchronet: mail 0178 SMTP !missing AUTH LOGIN
username argument
Mar 31 16:07:17 scarlet synchronet: mail 0188 SMTP Session thread started
Mar 31 16:07:17 scarlet synchronet: mail 0188 SMTP Connection accepted
on port 25 from: 45.143.223.164 port 60259
Mar 31 16:07:17 scarlet synchronet: mail 0188 SMTP DNSBL Query:
164.223.143.45.sbl.spamhaus.org
Mar 31 16:07:17 scarlet synchronet: mail 0188 SMTP DNSBL Query:
164.223.143.45.sbl.spamhaus.org resolved to: 127.0.0.3
Mar 31 16:07:17 scarlet synchronet: mail 0188 SMTP BLACKLISTED SERVER on
sbl.spamhaus.org (see http://www.spamhaus.org/):
[45.143.223.164] = 127.0.0.3
Mar 31 16:07:17 scarlet synchronet: mail 0188 SMTP Session
ID=14cfbc1e13a4761dee3a7f0
Mar 31 16:07:17 scarlet synchronet: mail 0188 SMTP RX: EHLO ylmf-pc
Mar 31 16:07:18 scarlet synchronet: mail 0130 SMTP !ERROR 32 sending on
socket
Mar 31 16:07:18 scarlet synchronet: mail 0130 SMTP Socket closed by peer
on receive
Mar 31 16:07:18 scarlet synchronet: mail 0130 SMTP Session thread
terminated (8 threads remain, 3819 clients served)
Mar 31 16:07:18 scarlet synchronet: mail 0188 SMTP RX: AUTH LOGIN
Mar 31 16:07:18 scarlet synchronet: mail 0188 SMTP Socket closed by peer
on receive
Mar 31 16:07:18 scarlet synchronet: mail 0188 SMTP !missing AUTH LOGIN
username argument
Copy mode aborted
---
■ Synchronet ■ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|