Hello, since some time I was observing in my email logs numerous attempts to send mail to non-existent addresses on my server from hosts resolving in DNS as mail.*.tritontrollius.com, where various strings appear in place of "*".
Because of this, quite long ago I blocked all these hosts in client_access table. But since yesterday, I observe a flood of these attempts, hundreds of them. They usually come in pairs, and they look like this example: Oct 6 01:52:05 rafa postfix/smtpd[26266]: NOQUEUE: reject: RCPT from mail.woodrowartibee.tritontrollius.com[185.55.189.3]: 554 5.7.1 <mail.woodrowartibee.tritontrollius.com[185.55.189.3]>: Client host rejected: Access denied; from=<athena.seppelt+gary.hillhouse=rafa.eu....@mail.woodrowartibee.tritontrollius.com> to=<[email protected]> proto=ESMTP helo=<mail.woodrowartibee.tritontrollius.com> Oct 6 01:52:05 rafa postfix/smtpd[26266]: NOQUEUE: reject: RCPT from mail.woodrowartibee.tritontrollius.com[185.55.189.3]: 554 5.7.1 <mail.woodrowartibee.tritontrollius.com[185.55.189.3]>: Client host rejected: Access denied; from=<athena.seppelt+gary.hillhouse=rafa.eu....@mail.woodrowartibee.tritontrollius.com> to=<[email protected]> proto=ESMTP helo=<mail.woodrowartibee.tritontrollius.com> The first message is always from "name.surname+something=rafa.eu....@mail.somename.tritontrollius.com" to "[email protected]" (where "something" is the same as in the sender address, in this case "gary.hillhouse"), the second one is from the same sender to "[email protected]" ("randomstring" always being random alphanumeric string). I wonder, what they want to achieve? They send to very specific addresses (like "gary.hillhouse"), not some generic names like eg. "john", so it's almost guaranteed the address won't exist. It's even more guaranteed for a random alphanumeric string like "hl2tsrrvugb". It doesn't seem to me like brute-force address guessing. Rather they have some specific source for these addresses. The structure of the sender address suggests that they expect some replies to these messages and want to process them somehow. What is their goal? I don't understand... Can anybody comment on this? -- Regards, Jaroslaw Rafa [email protected] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
