What are these types trying to do?

[Gerben Wierda]

Now that Finally have a postfix back with actual logging, I noticed this in my 
log:

Dec 30 23:26:09 mail postfix/postscreen[16020]: CONNECT from 
[182.99.42.88]:49546 to [192.168.2.66]:25
Dec 30 23:26:10 mail postfix/postscreen[16020]: PREGREET 14 after 0.26 from 
[182.99.42.88]:49546: EHLO ylmf-pc\r\n
Dec 30 23:26:10 mail postfix/smtpd[16048]: connect from unknown[182.99.42.88]
Dec 30 23:26:10 mail postfix/smtpd[16048]: lost connection after EHLO from 
unknown[182.99.42.88]
Dec 30 23:26:10 mail postfix/smtpd[16048]: disconnect from 
unknown[182.99.42.88] ehlo=1 commands=1
Dec 30 23:26:10 mail postfix/postscreen[16020]: CONNECT from 
[182.99.42.88]:49631 to [192.168.2.66]:25
Dec 30 23:26:10 mail postfix/postscreen[16020]: PREGREET 14 after 0.25 from 
[182.99.42.88]:49631: EHLO ylmf-pc\r\n
Dec 30 23:26:10 mail postfix/smtpd[16048]: connect from unknown[182.99.42.88]
Dec 30 23:26:11 mail postfix/smtpd[16048]: lost connection after EHLO from 
unknown[182.99.42.88]
Dec 30 23:26:11 mail postfix/smtpd[16048]: disconnect from 
unknown[182.99.42.88] ehlo=1 commands=1
Dec 30 23:26:14 mail postfix/postscreen[16020]: CONNECT from 
[182.99.42.88]:49966 to [192.168.2.66]:25
Dec 30 23:26:14 mail postfix/postscreen[16020]: PREGREET 14 after 0.26 from 
[182.99.42.88]:49966: EHLO ylmf-pc\r\n
Dec 30 23:26:14 mail postfix/smtpd[16048]: connect from unknown[182.99.42.88]
Dec 30 23:26:14 mail postfix/smtpd[16048]: lost connection after EHLO from 
unknown[182.99.42.88]
Dec 30 23:26:14 mail postfix/smtpd[16048]: disconnect from 
unknown[182.99.42.88] ehlo=1 commands=1
Dec 30 23:26:18 mail postfix/postscreen[16020]: CONNECT from 
[182.99.42.88]:50289 to [192.168.2.66]:25
Dec 30 23:26:18 mail postfix/postscreen[16020]: PREGREET 14 after 0.25 from 
[182.99.42.88]:50289: EHLO ylmf-pc\r\n
Dec 30 23:26:18 mail postfix/smtpd[16048]: connect from unknown[182.99.42.88]
Dec 30 23:26:18 mail postfix/smtpd[16048]: lost connection after EHLO from 
unknown[182.99.42.88]
Dec 30 23:26:18 mail postfix/smtpd[16048]: disconnect from 
unknown[182.99.42.88] ehlo=1 commands=1

And then lots of this. It goes on and on and on.

I was wondering (just curious) what these (Chinese) types are actually trying 
to do. It looks like polling based on the expectation that some other payload 
has corrupted my postfix. But I’m curious to what it really is (if known).

(Time to set a pf rule set on geolocation, I guess)

G