DrTinyCat
Reputation: 33
Postfix Log: non-SMTP command from unknown IP address, "GET /aaa9 HTTP/1.1"
I was troubleshooting some configurations on my mail server (postfix + dovecot) and while reviewing /var/log/syslog for postfix, I found that around 3am, postfix received a connection from an unknown IP and was issued a non-SMTP command, "GET /aaa9 HTTP/1.1".
My best guess is something is trying all ports for a web server and issuing an invalid command to have the server return an error code (and a server signature).
Any ideas? Is my mail server at any risk because of probing requests like this?
Upvotes: 0
Views: 3018
Answers (1)
Inc0
Reputation: 809
Nothing to worry about. If you keep getting HTTP requests on and SMTP port from the same ip, you can block them using iptables or your company firewall.
Upvotes: 1
Related Questions
- Postfix Server - How do I block an IP thats is constantly trying to connect
- Postfix smtpd - constant connect and disconnect in /var/log/mail.log
- NOQUEUE: reject: RCPT from unknown 454 4.7.1 Relay access denied
- Postfix returning Invalid Addresses; 454 <[email protected]>: Relay access denied
- What human-edited file did I put a bad address into, for Postfix?
- Identifying the source of an SMTP process
- possible attack on postfix server
- Block incoming connections with hostnames that contain IP addresses
- postfix error sending mail to spam
- Mail server postfix mail considered junk