You are not logged in.
- Topics: Active | Unanswered
#1 2023-04-18 00:00:36
- train__wreck
- Member
- Registered: 2020-08-23
- Posts: 32
Postfix what is this "non-SMTP command"?
I have Postfix running my mail server MTA. As one would expect I am hammered regularly all days with bots doing password guessing/other scanning. I have a Fortinet firewall in front of the server that blocks quite a bit of the noise, and a strict fail2ban that takes care of the rest. Many times I see the following output when certain bots scan me:
warning: non-SMTP command from unknown[104.152.52.148]: \023\001\023\002\023\003\001\000\000s\000+\000\005\004\0
03\004\003\003\000\v\000\002\001\000\000I'm curious. What might this be? With different bots I see many different variations of numbers in between the slashes there, sometimes less of the numbers and sometimes many lines of them. What are they trying to do here?
Last edited by train__wreck (2023-04-18 00:02:17)
Offline
#2 2023-04-18 00:24:08
- Zod
- Member
- From: Hoosiertucky
- Registered: 2019-03-10
- Posts: 634
Re: Postfix what is this "non-SMTP command"?
Buffer overflow?
Offline
#3 2023-04-18 00:24:54
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,367
- Website
Re: Postfix what is this "non-SMTP command"?
Since binary data can’t be printed directly, the corresponding octal values of octets are printed in the log.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline