400 rejects in 1 day not counted. Others do work.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fail2ban (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
This may not be a bug but it is a failure.
400 rejects+ in 1 day counted. Others are blocked.
Working system but not blocking this attacker.
It seems he is trying to do a relay and is being rebuffed but keeps trying.
One of 600 plus log entries:
-------
Apr 24 08:11:51 suzi3 postfix/
Apr 24 08:11:51 suzi3 postfix/
-------
It also looks like “zohocrm.com” may try this worldwide.
I blocked him at my Cisco firewall, which counts the attack, 24 more in the last hour.
Thank you
James Duhl
<email address hidden>
More Log: smtpd[29403] : connect from mail.keymbo. com[209. 239.112. 158] smtpd[29403] : Anonymous TLS connection established from mail.keymbo. com[209. 239.112. 158]: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits) smtpd[29403] : NOQUEUE: reject: RCPT from mail.keymbo. com[209. 239.112. 158]: 454 4.7.1 <email address hidden>: Relay access denied; from=<email address hidden> to=<email address hidden> proto=ESMTP helo=<mail. keymbo. com>
Apr 25 12:59:27 suzi3 postfix/
Apr 25 12:59:27 suzi3 postfix/
Apr 25 12:59:27 suzi3 postfix/