Topic: Possible server breach?
I'm getting thousands of entries in my log for this:
Oct 11 06:20:47 mx postfix/submission/smtpd[6926]: connect from unknown[193.56.28.191]
Oct 11 06:20:48 mx postfix/submission/smtpd[6926]: disconnect from unknown[193.56.28.191] ehlo=1 auth=0/1 rset=0/1 quit=1 commands=2/4
Is this a potential breach where this address is able to log in and send thru smtp? It does seem to be shady as they are in the abuseipdb database. Are they actually able to send thru my server? Need an expert to educate me here.
I'm dropping that IP in IP tables until I get it sorted out.
Thanks!
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.