Date: 6 Feb 2026 17:07:51 -0500 From: "John Levine" <johnl@iecc.com> To: freebsd-questions@freebsd.org Cc: bc979@lafn.org Subject: Re: Strange sockstat entries Message-ID: <20260206220751.62F37F567CEE@ary.qy> In-Reply-To: <2133E787-9AF9-4999-83DC-83B4C0CABD32@lafn.org> References: <2133E787-9AF9-4999-83DC-83B4C0CABD32@lafn.org>
index | next in thread | previous in thread | raw e-mail
It appears that Doug Hardie <bc979@lafn.org> said: >I am seeing a number of unusual sockstat entries that look like: > >?? ?? ?? ?? tcp4 10.0.1.230:587 178.16.54.22:63001 > >The occur at the end of the output. Often there are about 10 or so entries. Most of them vanish after a few seconds. However, two are quite persistent. What >causes this type of entry? Port 587 is mail submission, so that's a spambot trying to break into your mail server. I see lots of them on my submission server. Unless you have usernames and passwords that are trivially guessable, they shouldn't be a problem. I also see them on port 25 so I added a feature to my mail server so that AUTH on port 25 always succeeds, and it puts the mail they try to send into the spam trap. I get far more of those. -- Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.lyhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20260206220751.62F37F567CEE>