Re: What are these types trying to do?

Benny Pedersen Mon, 30 Dec 2019 15:13:55 -0800

Viktor Dukhovni skrev den 2019-12-30 23:46:

Dec 30 23:26:09 mail postfix/postscreen[16020]: CONNECT from[182.99.42.88]:49546 to [192.168.2.66]:25Dec 30 23:26:10 mail postfix/postscreen[16020]: PREGREET 14 after 0.26from [182.99.42.88]:49546: EHLO ylmf-pc\r\n


https://blog.sys4.de/abwehr-des-botnets-pushdo-cutwail-ehlo-ylmf-pc-mit-iptables-string-recent-smtp-de.html

to remove noice in log files

# cat shorewall-rules
?SECTION ESTABLISHED
DROP net $FW tcp 25;;-m string --algo bm --string "EHLO ylmf-pc"

Re: What are these types trying to do?

Reply via email to