On 19 Aug 2019, at 18:00, ko...@mailc.net wrote:
Hi
Kinda OT - as long as I didn't screw something up!
I'm just about ready to pull the trigger on moving our old Communigate
mail system to a new, self-installed Postfix system.
It's been running in test for just a coupled of users for a few weeks
now and looks really good!
I got postscreen set up out in front. It's been doing its thing.
LOTS of bad connections rejected.
I'm curious about one group though. I see LOTS of these PREGREET
rejections,
[snip]
Notice how ALL of them are EHLO of "l*.it\r\n"?
I'm pretty sure that I don't have to care, and that postscreen is just
doing its job blocking these.
Correct.
But I'm dying of curiosity.
Anybody know what bot etc. is creating these?
StealRat? See https://www.abuseat.org/cmsvuln.html
I just never heard about any "l*.it" bot.
Look up any of the miscreant IP's at the CBL site to get a long
explanation, e.g. https://www.abuseat.org/lookup.cgi?ip=1.212.181.131
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
