On Wed, Oct 07, 2020 at 08:02:02PM -0700, li...@lazygranch.com wrote:
> Is there something I should be doing to mitigate this problem?
>
> Oct 8 02:11:42 myserver postfix/smtpd[11630]: connect from
> unknown[180.123.163.212]
Were you expecting email from the below network? If not, you don't
need to worry about bots checking out your MTA. [ Not all bots are bad,
my DANE survey bot will connect to your MX hosts ~once a day to each MX
host IP address (for those MX hosts that have DANE TLSA records), but it
will politely send "QUIT" after STARTTLS[1] and a post-TLS EHLO. ]
inetnum: 180.96.0.0 - 180.127.255.255
netname: CHINANET-JS
descr: Chinanet Jiangsu Province Network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: CJ186-AP
remarks: service provider
status: ALLOCATED PORTABLE
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-JS
last-modified: 2016-05-04T00:18:52Z
source: APNIC
mnt-irt: IRT-CHINANET-CN
irt: IRT-CHINANET-CN
address: No.31 ,jingrong street,beijing
address: 100032
e-mail: anti-s...@ns.chinanet.cn.net
abuse-mailbox: anti-s...@ns.chinanet.cn.net
admin-c: CH93-AP
tech-c: CH93-AP
auth: # Filtered
mnt-by: MAINT-CHINANET
last-modified: 2010-11-15T00:31:55Z
source: APNIC
role: CHINANET JIANGSU
address: 260 Zhongyang Road,Nanjing 210037
country: CN
phone: +86-25-86588231
phone: +86-25-86588745
fax-no: +86-25-86588104
e-mail: jsab...@189.cn
remarks: send anti-spam reports to jsab...@189.cn
remarks: send abuse reports to jsab...@189.cn
remarks: times in GMT+8
remarks: www.jsinfo.net
admin-c: CH360-AP
tech-c: CS306-AP
tech-c: CN142-AP
nic-hdl: CJ186-AP
notify: jsab...@189.cn
mnt-by: MAINT-CHINANET-JS
last-modified: 2020-04-02T09:18:02Z
source: APNIC
person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-s...@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
mnt-by: MAINT-CHINANET
last-modified: 2014-02-27T03:37:38Z
source: APNIC
--
Viktor.
[1] https://stats.dnssec-tools.org/about.html
If so, you'll see log entries like:
Oct 7 15:23:51 amnesiac postfix/smtpd[94878]: connect
from dnssec-stats.ant.isi.edu[128.9.29.254]
Oct 7 15:23:52 amnesiac postfix/smtpd[94878]:
Anonymous TLS connection established
from dnssec-stats.ant.isi.edu[128.9.29.254]:
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
server-digest SHA256
Oct 7 15:23:52 amnesiac postfix/smtpd[94878]: disconnect
from dnssec-stats.ant.isi.edu[128.9.29.254]
ehlo=2 starttls=1 quit=1 commands=4
Oct 7 15:23:53 amnesiac postfix/smtpd[94878]: connect
from dnssec-stats.ant.isi.edu[2001:1878:401::8009:1dfe]
Oct 7 15:23:54 amnesiac postfix/smtpd[94878]:
Anonymous TLS connection established
from dnssec-stats.ant.isi.edu[2001:1878:401::8009:1dfe]:
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
server-digest SHA256
Oct 7 15:23:54 amnesiac postfix/smtpd[94878]: disconnect
from dnssec-stats.ant.isi.edu[2001:1878:401::8009:1dfe]
ehlo=2 starttls=1 quit=1 commands=4
