[pfx] Re: improper command pipelining

2024-01-15 Thread Bill Cole via Postfix-users
On 2024-01-15 at 04:15:53 UTC-0500 (Mon, 15 Jan 2024 10:15:53 +0100) Admin Beckspaced via Postfix-users is rumored to have said: somoene is trying to use your postfix as http proxy server. Looks like security scanner. do you know the type of encoding? The encoding for the log is octal:

[pfx] Re: improper command pipelining

2024-01-15 Thread Wietse Venema via Postfix-users
Admin Beckspaced via Postfix-users: > dear postfix users, > > since the recent SMTP smuggling issue I applied the short term > workaround by setting smtpd_forbid_unauth_pipelining = yes > > I also do a daily scan on journalctl with some keywords, e.g. 'pipelining' > > the following showed up

[pfx] Re: improper command pipelining

2024-01-15 Thread Jaroslaw Rafa via Postfix-users
Dnia 15.01.2024 o godz. 09:34:06 Admin Beckspaced via Postfix-users pisze: > do i need to be worried? As your logs clearly show it's Shodan, then either ignore it or simply block it right away. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school,

[pfx] Re: improper command pipelining

2024-01-15 Thread Admin Beckspaced via Postfix-users
Looks like security scanner. do you know the type of encoding? I would like to decode and see the actual commands. after CONNECT usually TLS negotiation occurs, that may be it. I don't know if there's any value in knowing that. thanks i was just curious :) Jan 14 01:57:15 cx20

[pfx] Re: improper command pipelining

2024-01-15 Thread Matus UHLAR - fantomas via Postfix-users
On 15.01.24 10:15, Admin Beckspaced via Postfix-users wrote: somoene is trying to use your postfix as http proxy server. Looks like security scanner. do you know the type of encoding? I would like to decode and see the actual commands. after CONNECT usually TLS negotiation occurs, that

[pfx] Re: improper command pipelining

2024-01-15 Thread Bastian Blank via Postfix-users
On Mon, Jan 15, 2024 at 10:15:53AM +0100, Admin Beckspaced via Postfix-users wrote: > > > somoene is trying to use your postfix as http proxy server. > > Looks like security scanner. > do you know the type of encoding? No, by "CONNECT", which is no SMTP command, but a HTTP one. Bastian --

[pfx] Re: improper command pipelining

2024-01-15 Thread Admin Beckspaced via Postfix-users
somoene is trying to use your postfix as http proxy server. Looks like security scanner. do you know the type of encoding? I would like to decode and see the actual commands. Jan 14 01:57:15 cx20 postfix/submission/smtpd[25120]: improper command pipelining after CONNECT from

[pfx] Re: improper command pipelining

2024-01-15 Thread Matus UHLAR - fantomas via Postfix-users
On 15.01.24 09:34, Admin Beckspaced via Postfix-users wrote: dear postfix users, since the recent SMTP smuggling issue I applied the short term workaround by setting smtpd_forbid_unauth_pipelining = yes I also do a daily scan on journalctl with some keywords, e.g. 'pipelining' the following