Hi zusammen,
ich bin mir nicht sicher, ob ich alles richtig deute, aber folgendes bekomm ich täglich per Email:
Dies ist ein Auszug aus OSSEC.
Meiner Meinung nach versucht da jmd. zu spammen, aber ohne Erfolg. Ist das richtig?
ich bin mir nicht sicher, ob ich alles richtig deute, aber folgendes bekomm ich täglich per Email:
Code:
OSSEC HIDS Notification.
2008 Sep 10 21:10:15
Received From: hateworx->/var/log/syslog
Rule: 3355 fired (level 10) -> "Multiple attempts to send e-mail to invalid recipient or from unknown sender domain."
Portion of the log(s):
Sep 10 21:10:15 hateworx postfix/smtpd[6530]: NOQUEUE: reject: RCPT from unknown[89.163.22.130]: 504 5.5.2 <1-e5cf50cb63204>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<1-e5cf50cb63204>
Sep 10 21:10:15 hateworx postfix/smtpd[6530]: NOQUEUE: reject: RCPT from unknown[89.163.22.130]: 504 5.5.2 <1-e5cf50cb63204>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<1-e5cf50cb63204>
Sep 10 21:10:04 hateworx postfix/smtpd[6530]: NOQUEUE: reject: RCPT from unknown[89.163.22.130]: 504 5.5.2 <1-e5cf50cb63204>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<1-e5cf50cb63204>
Sep 10 21:10:04 hateworx postfix/smtpd[6530]: NOQUEUE: reject: RCPT from unknown[89.163.22.130]: 504 5.5.2 <1-e5cf50cb63204>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<1-e5cf50cb63204>
Sep 10 21:10:04 hateworx postfix/smtpd[6530]: NOQUEUE: reject: RCPT from unknown[89.163.22.130]: 504 5.5.2 <1-e5cf50cb63204>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<1-e5cf50cb63204>
Sep 10 21:10:04 hateworx postfix/smtpd[6530]: NOQUEUE: reject: RCPT from unknown[89.163.22.130]: 504 5.5.2 <1-e5cf50cb63204>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<1-e5cf50cb63204>
Sep 10 21:09:57 hateworx postfix/smtpd[6530]: NOQUEUE: reject: RCPT from unknown[89.163.22.130]: 504 5.5.2 <1-e5cf50cb63204>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<1-e5cf50cb63204>
--END OF NOTIFICATION
Meiner Meinung nach versucht da jmd. zu spammen, aber ohne Erfolg. Ist das richtig?