On 2024-01-15 at 04:15:53 UTC-0500 (Mon, 15 Jan 2024 10:15:53 +0100)
Admin Beckspaced via Postfix-users
is rumored to have said:
somoene is trying to use your postfix as http proxy server.
Looks like security scanner.
do you know the type of encoding?
The encoding for the log is octal:
Admin Beckspaced via Postfix-users:
> dear postfix users,
>
> since the recent SMTP smuggling issue I applied the short term
> workaround by setting smtpd_forbid_unauth_pipelining = yes
>
> I also do a daily scan on journalctl with some keywords, e.g. 'pipelining'
>
> the following showed up
Dnia 15.01.2024 o godz. 09:34:06 Admin Beckspaced via Postfix-users pisze:
> do i need to be worried?
As your logs clearly show it's Shodan, then either ignore it or simply block
it right away.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school,
Looks like security scanner.
do you know the type of encoding?
I would like to decode and see the actual commands.
after CONNECT usually TLS negotiation occurs, that may be it.
I don't know if there's any value in knowing that.
thanks
i was just curious :)
Jan 14 01:57:15 cx20
On 15.01.24 10:15, Admin Beckspaced via Postfix-users wrote:
somoene is trying to use your postfix as http proxy server.
Looks like security scanner.
do you know the type of encoding?
I would like to decode and see the actual commands.
after CONNECT usually TLS negotiation occurs, that
On Mon, Jan 15, 2024 at 10:15:53AM +0100, Admin Beckspaced via Postfix-users
wrote:
>
> > somoene is trying to use your postfix as http proxy server.
> > Looks like security scanner.
> do you know the type of encoding?
No, by "CONNECT", which is no SMTP command, but a HTTP one.
Bastian
--
somoene is trying to use your postfix as http proxy server.
Looks like security scanner.
do you know the type of encoding?
I would like to decode and see the actual commands.
Jan 14 01:57:15 cx20 postfix/submission/smtpd[25120]: improper
command pipelining after CONNECT from
On 15.01.24 09:34, Admin Beckspaced via Postfix-users wrote:
dear postfix users,
since the recent SMTP smuggling issue I applied the short term
workaround by setting smtpd_forbid_unauth_pipelining = yes
I also do a daily scan on journalctl with some keywords, e.g. 'pipelining'
the following