1 Topic by m.krzaczek

  • m.krzaczek
  • Member
  • Offline
  • Registered: 2010-08-25
  • Posts: 66

Topic: what does it mean?

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

what is this, dos attack?


Feb 12 15:49:10 mail postfix/postscreen[15181]: CONNECT from [193.227.216.44]:14420 to [192.168.1.89]:25
Feb 12 15:49:10 mail postfix/postscreen[15181]: PASS OLD [193.227.216.44]:14420
Feb 12 15:49:10 mail postfix/smtpd[15337]: connect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:10 mail postfix/smtpd[15337]: Anonymous TLS connection established from mx01.lot.pl[193.227.216.44]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Feb 12 15:49:10 mail postfix/smtpd[15337]: disconnect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:13 mail postfix/postscreen[15181]: CONNECT from [193.227.216.44]:14426 to [192.168.1.89]:25
Feb 12 15:49:13 mail postfix/postscreen[15181]: PASS OLD [193.227.216.44]:14426
Feb 12 15:49:13 mail postfix/smtpd[15182]: connect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:13 mail postfix/smtpd[15182]: Anonymous TLS connection established from mx01.lot.pl[193.227.216.44]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Feb 12 15:49:13 mail postfix/smtpd[15182]: disconnect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:16 mail postfix/postscreen[15181]: CONNECT from [193.227.216.44]:14433 to [192.168.1.89]:25
Feb 12 15:49:16 mail postfix/postscreen[15181]: PASS OLD [193.227.216.44]:14433
Feb 12 15:49:16 mail postfix/smtpd[15337]: connect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:16 mail postfix/smtpd[15337]: Anonymous TLS connection established from mx01.lot.pl[193.227.216.44]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Feb 12 15:49:16 mail postfix/smtpd[15337]: disconnect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:19 mail postfix/postscreen[15181]: CONNECT from [193.227.216.44]:14435 to [192.168.1.89]:25
Feb 12 15:49:19 mail postfix/postscreen[15181]: PASS OLD [193.227.216.44]:14435
Feb 12 15:49:19 mail postfix/smtpd[15182]: connect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:19 mail postfix/smtpd[15182]: Anonymous TLS connection established from mx01.lot.pl[193.227.216.44]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Feb 12 15:49:19 mail postfix/smtpd[15182]: disconnect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:22 mail postfix/postscreen[15181]: CONNECT from [193.227.216.44]:14439 to [192.168.1.89]:25
Feb 12 15:49:22 mail postfix/postscreen[15181]: PASS OLD [193.227.216.44]:14439
Feb 12 15:49:22 mail postfix/smtpd[15337]: connect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:22 mail postfix/smtpd[15337]: Anonymous TLS connection established from mx01.lot.pl[193.227.216.44]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Feb 12 15:49:22 mail postfix/smtpd[15337]: disconnect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:25 mail postfix/postscreen[15181]: CONNECT from [193.227.216.44]:14447 to [192.168.1.89]:25
Feb 12 15:49:25 mail postfix/postscreen[15181]: PASS OLD [193.227.216.44]:14447
Feb 12 15:49:25 mail postfix/smtpd[15182]: connect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:25 mail postfix/smtpd[15182]: Anonymous TLS connection established from mx01.lot.pl[193.227.216.44]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Feb 12 15:49:25 mail postfix/smtpd[15182]: disconnect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:28 mail postfix/postscreen[15181]: CONNECT from [193.227.216.44]:14459 to [192.168.1.89]:25
Feb 12 15:49:28 mail postfix/postscreen[15181]: PASS OLD [193.227.216.44]:14459
Feb 12 15:49:28 mail postfix/smtpd[15337]: connect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:28 mail postfix/smtpd[15337]: Anonymous TLS connection established from mx01.lot.pl[193.227.216.44]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Feb 12 15:49:28 mail postfix/smtpd[15337]: disconnect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:31 mail postfix/postscreen[15181]: CONNECT from [193.227.216.44]:14464 to [192.168.1.89]:25
Feb 12 15:49:31 mail postfix/postscreen[15181]: PASS OLD [193.227.216.44]:14464
Feb 12 15:49:31 mail postfix/smtpd[15182]: connect from mx01.lot.pl[193.227.216.44]
Feb 12 15:49:31 mail postfix/smtpd[15182]: Anonymous TLS connection established from mx01.lot.pl[193.227.216.44]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by gargoyle_ir

  • gargoyle_ir
  • Member
  • Offline
  • Registered: 2017-02-13
  • Posts: 22

Re: what does it mean?

That address was temporarily white-listed.

http://www.postfix.org/POSTSCREEN_README.html

3 Reply by m.krzaczek

  • m.krzaczek
  • Member
  • Offline
  • Registered: 2010-08-25
  • Posts: 66

Re: what does it mean?

does it mean that my postfix holds a list where that host is listed mx01.lot.pl[193.227.216.44]  and this server does not pass the "qiuck test before everythig else", so it means that  host mx01.lot.pl[193.227.216.44] is misconfigured or sends spam?

4 Reply by m.krzaczek

  • m.krzaczek
  • Member
  • Offline
  • Registered: 2010-08-25
  • Posts: 66

Re: what does it mean?

does anybody know what this is?

Feb 13 13:45:18 mail postfix/postscreen[4016]: DNSBL rank 2 for [209.11.159.66]:63566
Feb 13 13:45:18 mail postfix/tlsproxy[4469]: CONNECT from [209.11.159.66]:63566
Feb 13 13:45:19 mail postfix/tlsproxy[4469]: Anonymous TLS connection established from [209.11.159.66]:63566: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Feb 13 13:45:19 mail postfix/postscreen[4016]: DISCONNECT [209.11.159.66]:63566
Feb 13 13:45:19 mail postfix/tlsproxy[4469]: DISCONNECT [209.11.159.66]:63566
Feb 13 13:45:20 mail postfix/postscreen[4016]: CONNECT from [209.11.159.66]:2239 to [192.168.1.89]:25
Feb 13 13:45:20 mail postfix/dnsblog[4440]: addr 209.11.159.66 listed by domain b.barracudacentral.org as 127.0.0.2
Feb 13 13:45:26 mail postfix/postscreen[4016]: DNSBL rank 2 for [209.11.159.66]:2239
Feb 13 13:45:26 mail postfix/tlsproxy[4469]: CONNECT from [209.11.159.66]:2239
Feb 13 13:45:27 mail postfix/tlsproxy[4469]: Anonymous TLS connection established from [209.11.159.66]:2239: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Feb 13 13:45:27 mail postfix/postscreen[4016]: DISCONNECT [209.11.159.66]:2239
Feb 13 13:45:27 mail postfix/tlsproxy[4469]: DISCONNECT [209.11.159.66]:2239
Feb 13 13:45:28 mail postfix/postscreen[4016]: CONNECT from [209.11.159.66]:3581 to [192.168.1.89]:25
Feb 13 13:45:28 mail postfix/dnsblog[4442]: addr 209.11.159.66 listed by domain b.barracudacentral.org as 127.0.0.2
Feb 13 13:45:34 mail postfix/postscreen[4016]: DNSBL rank 2 for [209.11.159.66]:3581
Feb 13 13:45:34 mail postfix/tlsproxy[4469]: CONNECT from [209.11.159.66]:3581
Feb 13 13:45:35 mail postfix/tlsproxy[4469]: Anonymous TLS connection established from [209.11.159.66]:3581: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Feb 13 13:45:35 mail postfix/postscreen[4016]: DISCONNECT [209.11.159.66]:3581
Feb 13 13:45:35 mail postfix/tlsproxy[4469]: DISCONNECT [209.11.159.66]:3581
Feb 13 13:45:36 mail postfix/postscreen[4016]: CONNECT from [209.11.159.66]:3601 to [192.168.1.89]:25
Feb 13 13:45:36 mail postfix/dnsblog[4440]: addr 209.11.159.66 listed by domain b.barracudacentral.org as 127.0.0.2

5 Reply by swejun

  • swejun
  • Member
  • Offline
  • Registered: 2017-07-26
  • Posts: 84

Re: what does it mean?

check http://barracudacentral.org/lookups/lookup-reputation
the ipa is listed a "poor".
It means that the sending host is a known spammer