FYI: My server running imap-uw (Debian 7) has recently been hit twice (that I know of, I will be scanning the logs for other events) by a research project run by sba-research.org. Their scanning machine is scan.sba-research.org at 93.189.25.174. According to their Senior Researcher Marin Mulazzani, they use the software "sslyze" to learn about encryption usage at online mail servers.
The first time my server was scanned it disrupted POP access from legitimate users during and shortly after the scan. I contacted sba-research, and they committed to not scan my servers again. The second time they scanned my system manual intervention was required on my part to restore service to legitimate POP users. While in a general way I support the idea of research into making the internet more secure, I am doubtful that people who don't understand the difference between DNS MX records and A records are the right people to do it. I have now added their IP address to my mail server's permanent iptables drop list. I plan to do the same to my edge router. Obviously, you should use your own judgment about what actions, if any, to take. Ken _______________________________________________ Imap-uw mailing list [email protected] http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
