Weird lines in mail log

Discussion in 'Server Operation' started by 30uke, May 24, 2021.

  1. 30uke

    30uke Active Member HowtoForge Supporter

    I did notice this in my mail log (mail.info)
    Code:
    May 24 15:00:46 s1 postfix/smtpd[26531]: connect from testo.tel[52.39.45.118]
    May 24 15:00:46 s1 postfix/smtpd[26531]: disconnect from testo.tel[52.39.45.118] ehlo=1 mail=1 quit=1 commands=3
    May 24 15:01:17 s1 postfix/smtpd[26531]: connect from testo.tel[52.39.45.118]
    May 24 15:01:17 s1 postfix/smtpd[26531]: warning: Illegal address syntax from testo.tel[52.39.45.118] in MAIL command: <john@Ã^dÃ^bÃ^hÃ^d-Ã^dÃ^dÃ^eÃ^j.Ã^cÃ
                                                                                                                                                               May 24 15:01:17 s1 postfix/smtpd[26531]: disconnect from testo.tel[52.39.45.118] ehlo=1 mail=0/1 quMay 24 22:35:39 s1 postfix/smtpd[9694]: connect from testo.tel[2600:1f14:df0:400:67ec:ada:c748:6fa2]
    May 24 22:35:40 s1 postfix/smtpd[9694]: disconnect from testo.tel[2600:1f14:df0:400:67ec:ada:c748:6fa2] ehlo=1 mail=1 quit=1 commands=3
    May 24 22:36:10 s1 postfix/smtpd[10595]: connect from testo.tel[2600:1f14:df0:400:67ec:ada:c748:6fa2]
    May 24 22:36:10 s1 postfix/smtpd[10595]: warning: Illegal address syntax from testo.tel[2600:1f14:df0:400:67ec:ada:c748:6fa2] in MAIL command: <john@Ã^dÃ^bÃ^hÃ^d-Ã^dÃ^dÃ^eÃ^j.Ã^cÃ
                                                                                                                                                                                       May 24 22:36:10 s1 postfix/smtpd[10595]: disconnect from testo.tel[2600:1f14:df0:400:67ec:ada:c748:6fa2] ehlo=1 mail=0/1 quit=1 commands=2/3
    I did block the IPv6 and the IPv4 IP addresses as this doesn't look right.
    Does anyone have an idea of what this could be? Is this someone trying to exploit a vulnerability?
     
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Probably that or a domain specified in the wrong format.
     

Share This Page