1

Topic: Possible server breach?

I'm getting thousands of entries in my log for this:

Oct 11 06:20:47 mx postfix/submission/smtpd[6926]: connect from unknown[193.56.28.191]
Oct 11 06:20:48 mx postfix/submission/smtpd[6926]: disconnect from unknown[193.56.28.191] ehlo=1 auth=0/1 rset=0/1 quit=1 commands=2/4

Is this a potential breach where this address is able to log in and send thru smtp?  It does seem to be shady as they are in the abuseipdb database. Are they actually able to send thru my server?  Need an expert to educate me here.

I'm dropping that IP in IP tables until I get it sorted out.

Thanks!

2

Re: Possible server breach?

Safe to ignore, it's just connection attempt and disconnected.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee