Exim version 4.74 TLS plain and login on port 465 My exim server has been running happily for about 6 months. Hack attempts are rare, I haven't needed to bother with fail2ban in all that time.
However about 7 days ago I started to notice something appearing regularly in the mainlog. TLS error on connection from [xxx.xxx.xxx.xxx] (recv): A record packet with illegal version was received. 2012-10-14 00:26:51 TLS error on connection from [xxx.xxx.xxx.xxx] (send): The specified session has been invalidated for some reason. The frequency was roughly about 1 a minute usually from Chinese or Brazillian IP's. By today (14-oct) my server was being hammered with these messages from IPs all over the world. Ten to twenty a second. The server was becoming sluggish and I had to put in a fail2ban regex to put a stop to it all. 243 IPs were banned in 5 minutes, with about 10 to 20 new ones being banned every hour since. Does anyone know what this new attack is? Is there a new piece of malware out there looking for trouble on port 465? I never saw anything like this before until last week. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
