none
Potential spammer RRS feed

  • Question

  • Hi,
    Can you tell me what people is trying to achieve (to Email server), due to below log details?

    "DEBUG"	3820	"2019-06-27 09:07:47.898"	"Creating session 397"
    "TCPIP"	3820	"2019-06-27 09:07:47.906"	"TCP - 3.94.116.70 connected to 113.255.213.124:25."
    "DEBUG"	3820	"2019-06-27 09:07:47.914"	"TCP connection started for session 396"
    "SMTPD"	3820	396	"2019-06-27 09:07:47.917"	"3.94.116.70"	"SENT: 220 WIN-APIUFD1NJEU ESMTP"
    "SMTPD"	3784	396	"2019-06-27 09:07:48.212"	"3.94.116.70"	"RECEIVED: EHLO scanner.sslsonar.org"
    "SMTPD"	3784	396	"2019-06-27 09:07:48.215"	"3.94.116.70"	"SENT: 250-WIN-APIUFD1NJEU[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
    "SMTPD"	3800	396	"2019-06-27 09:07:48.478"	"3.94.116.70"	"RECEIVED: STARTTLS"
    "SMTPD"	3800	396	"2019-06-27 09:07:48.482"	"3.94.116.70"	"SENT: 220 Ready to start TLS"
    "DEBUG"	3784	"2019-06-27 09:07:48.487"	"Performing SSL/TLS handshake for session 396. Verify certificate: False"
    "TCPIP"	3820	"2019-06-27 09:07:49.030"	"TCPConnection - TLS/SSL handshake completed. Session Id: 396, Remote IP: 3.94.116.70, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384, Bits: 256"
    "SMTPD"	3820	396	"2019-06-27 09:07:49.371"	"3.94.116.70"	"RECEIVED: EHLO scanner.sslsonar.org"
    "SMTPD"	3820	396	"2019-06-27 09:07:49.375"	"3.94.116.70"	"SENT: 250-WIN-APIUFD1NJEU[nl]250-SIZE 20480000[nl]250-AUTH LOGIN[nl]250 HELP"
    "DEBUG"	3784	"2019-06-27 09:07:59.629"	"The read operation failed. Bytes transferred: 0 Remote IP: 3.94.116.70, Session: 396, Code: 335544539, Message: short read"
    "DEBUG"	3784	"2019-06-27 09:07:59.634"	"Ending session 396"


    Many Thanks & Best Regards, Hua Min

    Thursday, June 27, 2019 6:55 AM