I was looking through my email log and saw this.. The disconnect/lost connection after EHLO portion at the bottom goes on and on probably hundreds of times. Should I be concerned about this?
It looks like some tool that is looking at your mail server. I have no clue who it is, exept that it's in the Middle east! http://213.42.236.38
Yeah, emirates.com. Some airline company. But is there something I can or should do about this? Also saw this in there, is this normal? I'm new to this so I don't really know what to look for as far as threats or what's normal. Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: connect from unknown[208.64.49.132] Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: setting up TLS connection from unknown[208.64.49.132] Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: TLS connection established from unknown[208.64.49.132]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Jun 14 00:10:30 webserv1 postfix/smtpd[4120]: A239C458359: client=unknown[208.64.49.132]
If you look at the time stamps, they are doing this all in ONE second. That means they are trying to break in...but aren't getting in. You can try fail2ban or denyhosts to clean up some of this stuff, but they will always try.
Thanks guys, is there going to be many differences in the guide if I'm using Ubuntu server? (won't be able to check it out till I get home tonight)
