Ubuntu
fail2ban package

400 rejects in 1 day not counted. Others do work.

Bug #1574968 reported by James
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fail2ban (Ubuntu)
New
Undecided
Unassigned

Bug Description

This may not be a bug but it is a failure.
400 rejects+ in 1 day counted. Others are blocked.
Working system but not blocking this attacker.
It seems he is trying to do a relay and is being rebuffed but keeps trying.
One of 600 plus log entries:
---------------------------------------
Apr 24 08:11:51 suzi3 postfix/smtpd[6255]: connect from sender217.zohocrm.com[74.201.84.217]
Apr 24 08:11:51 suzi3 postfix/smtpd[6255]: NOQUEUE: reject: RCPT from sender217.zohocrm.com[74.201.84.217]: 454 4.7.1 <email address hidden>: Relay access denied; from=<email address hidden> to=<email address hidden> proto=ESMTP helo=<sender217.zohocrm.com>
---------------------------------------
It also looks like “zohocrm.com” may try this worldwide.
I blocked him at my Cisco firewall, which counts the attack, 24 more in the last hour.
Thank you
James Duhl
<email address hidden>

Revision history for this message
James (jduhl) wrote :

More Log:
Apr 25 12:59:27 suzi3 postfix/smtpd[29403]: connect from mail.keymbo.com[209.239.112.158]
Apr 25 12:59:27 suzi3 postfix/smtpd[29403]: Anonymous TLS connection established from mail.keymbo.com[209.239.112.158]: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
Apr 25 12:59:27 suzi3 postfix/smtpd[29403]: NOQUEUE: reject: RCPT from mail.keymbo.com[209.239.112.158]: 454 4.7.1 <email address hidden>: Relay access denied; from=<email address hidden> to=<email address hidden> proto=ESMTP helo=<mail.keymbo.com>

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.