Am 06.05.2021 um 11:43 schrieb Cyborg via Exim-users:
Everyone of us sees this in their logsfiles :
2021-05-06 11:07:57 no host name found for IP address 68.183.80.168
2021-05-06 11:07:58 no host name found for IP address 68.183.80.168
2021-05-06 11:07:58 SMTP call from [68.183.80.168] dropped: too many
unrecognized commands (last was "Accept-Encoding: gzip, deflate")
2021-05-06 11:07:59 no host name found for IP address 68.183.80.168
2021-05-06 11:07:59 SMTP call from [68.183.80.168] dropped: too many
unrecognized commands (last was "Accept-Encoding: gzip, deflate")
2021-05-06 11:08:00 no host name found for IP address 68.183.80.168
2021-05-06 11:08:00 SMTP call from [68.183.80.168] dropped: too many
unrecognized commands (last was "Accept-Encoding: gzip, deflate")
2021-05-06 11:08:01 no host name found for IP address 68.183.80.168
2021-05-06 11:08:01 SMTP call from [68.183.80.168] dropped: too many
unrecognized commands (last was "Accept-Encoding: gzip, deflate")
these are clients, that send "GET /..whatever HTTP/1.0" as greeting.
I suggest:
not to wait for the usual error treshhold of smtp related errors, but
instead auto disconnect and block the IP for a few minutes , because, as
seen, they come back as often as you let them.
Use fail2ban to detect these attempts in Exim's logfiles and ban the
source on IP basis.
Regards,
Paul
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
