1 Anonymous TLS connection established from mx.sourceforge.n
in my log it seems that I have a lot of Anonumous TLS connection established…
1 Anonymous TLS connection established from zulu1491.startdedicated.com[188.138.116.171]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
1 Anonymous TLS connection established from unknown[114.202.2.139]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
1 Anonymous TLS connection established from mx.sourceforge.net[216.34.181.68]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
1 Anonymous TLS connection established from hqemgate04.nvidia.com[216.228.121.35]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
1 Anonymous TLS connection established from fan.fandolab.com[184.172.165.107]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
1 Anonymous TLS connection established from ares.shiny.it[195.210.96.31]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
1 Anonymous TLS connection established from adsl-67-113-118-6.dsl.sndg02.pacbell.net[67.113.118.6]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
What does it means?
Is this a security issues?
Why postfix should establish a connection with this guys?
6 Replies
@sblantipodi:
Why postfix should establish a connection with this guys?
From the log entries it sounds like these guys are connecting to you rather than the other way around.
@hawk7000:
@sblantipodi:Why postfix should establish a connection with this guys?
From the log entries it sounds like these guys are connecting to you rather than the other way around.
I don't understood what do you want to mean?
What does it means that they are connecting to me?
mx.sourceforge.net is a mail server. I don't know about the other ones, but if this is a Postfix log, they're probably trying to send you e-mail. Are you getting any spam from these addresses?
@hybinet:
An "anonymous TLS connection" is any TLS connection that doesn't use a client certificate. Since most TLS connections only use a server certificate, there's nothing strange about this. It's not like the client is anonymous anyway; you have their hostnames and IP addresses.
mx.sourceforge.net is a mail server. I don't know about the other ones, but if this is a Postfix log, they're probably trying to send you e-mail. Are you getting any spam from these addresses?
zen.spamhaus blocks spam before seeing it into my mailbox but I received some spam from this email address.
if its nothing to warry about, I'm ok.
@hoopycat:
The lines surrounding the log entries in question are key to understanding what the log entries mean. They'll tell you the sender and recipient(s), as well as the ultimate disposition for the messages. Context is everything.
That output is the output of this command:
echo "Statistics"
egrep 'postfix\/smtpd' ${LOGFILE} | egrep -v 'NOQUEUE:|connect from|client=' | sed -e 's/.*smtpd\[[0-9]*\]: //' -e 's/lost connection.*/lost connection/' -e 's/warning.*/warning/' -e 's/timeout.*/timeout/' -e 's/too many errors.*/too many errors/' -e 's/.*reject.*/other reject/' | sort | uniq -c | sort -rg