Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users
Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
 

Index | Next | Previous | View Flat


web at iszczecin

Apr 5, 2012, 5:41 PM


Views: 1538
Permalink
Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol [In reply to]

HI

Since 8 days, I recive very strange errors in exim_mainlog:

Here are some recent examples:

2012-04-06 02:33:30 TLS error on connection from (localhost) [74.79.177.106]
(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol
2012-04-06 02:34:46 TLS error on connection from (localhost)
[186.182.196.246] (SSL_accept): error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2012-04-06 02:35:32 TLS error on connection from (localhost) [173.21.9.179]
(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol
2012-04-06 02:36:02 TLS error on connection from (localhost)
[119.77.234.116] (SSL_accept): error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Everytime there is (localhost) [IP] connection scheme, and there is error
140760FC with the same message, while IPs in [...] are different.

My server accept TLS connections. I've checked many of IPs from such errors,
and all of them was some sort of dictionary attackers, open relay mail
servers etc. Also non of my users reported that they missed any emails.

I don't know if there is some sort of attack to my server? Is there any way
to know what domain they try to connect? I tried to tcpdump packed while
this error becames, and the only thing I found that they send QUIT very soon
after connection, this is something I catch on 25 port just before error
became:

02:19:04.416765 IP 201.231.132.235.cp-spxsvr > MY_SERVER_IP.smtp: Flags
[P.], seq 2509958694:2509958700, ack 3637536753, win 65182, length 6
0x0000: 4500 002e c092 4000 6a06 9611 c9e7 84eb E.....@.j.......
0x0010: b009 bb49 1119 0019 959a ee26 d8d0 67f1 ...I.......&..g.
0x0020: 5018 fe9e 7998 0000 5155 4954 0d0a P...y...QUIT..

Mike


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Subject User Time
Please help me with my ACL to deal with empty From: headers web at iszczecin Mar 27, 2012, 5:40 PM
    Re: Please help me with my ACL to deal with empty From: headers web at iszczecin Mar 28, 2012, 2:49 AM
    Re: Please help me with my ACL to deal with empty From: headers exim at u61 Mar 28, 2012, 3:25 AM
        Re: Please help me with my ACL to deal with empty From: headers web at iszczecin Mar 28, 2012, 11:04 AM
    Re: Please help me with my ACL to deal with empty From: headers Lena at lena Mar 28, 2012, 4:11 AM
    Re: Please help me with my ACL to deal with empty From: headers exim-users at spodhuis Mar 28, 2012, 5:53 PM
        Re: Please help me with my ACL to deal with empty From: headers web at iszczecin Mar 30, 2012, 1:24 AM
            Re: Please help me with my ACL to deal with empty From: headers exim-users at spodhuis Mar 30, 2012, 1:58 PM
                Re: Please help me with my ACL to deal with empty From: headers web at iszczecin Mar 30, 2012, 4:43 PM
                    Re: Please help me with my ACL to deal with empty From: headers exim-users at spodhuis Mar 30, 2012, 6:31 PM
                        Re: Please help me with my ACL to deal with empty From: headers web at iszczecin Mar 31, 2012, 7:11 AM
                            Re: Please help me with my ACL to deal with empty From: headers exim-users at spodhuis Mar 31, 2012, 3:27 PM
                                Re: Please help me with my ACL to deal with empty From: headers web at iszczecin Apr 2, 2012, 6:10 AM
                                    Re: Please help me with my ACL to deal with empty From: headers tlyons at ivenue Apr 2, 2012, 6:51 AM
                                Re: Please help me with my ACL to deal with empty From: headers exim-users at spodhuis Apr 2, 2012, 7:32 AM
                                    Re: Please help me with my ACL to deal with empty From: headers web at iszczecin Apr 2, 2012, 8:05 AM
                                    Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol web at iszczecin Apr 5, 2012, 5:41 PM

  Index | Next | Previous | View Flat
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.