Add signature: Postfix reverse DNS lookup mismatch

Create issue
Issue #36 wontfix
Former user created an issue

Dear team,

Another trace to add to your program:

Jun 26 00:25:44 ceto postfix/smtpd[77932]: warning: hostname neobusters.xyz does not resolve to address 195.154.113.107: hostname nor servname provided, or not known

Comments (4)

  1. Kevin Zheng

    Additional signature copied from #37:

    Jun 27 17:21:50 ceto postfix/smtpd[49955]: warning: hostname static.vnpt.vn does not resolve to address 14.166.206.168
    
  2. Kevin Zheng

    I'm hesitant to label this as an attack. Although few mail servers you'd want to receive mail from don't have reverse DNS configured correctly, I think it's better to leave attack signatures to match egregious behavior like authentication failures or open relaying. Please re-open/comment on this ticket or post on the mailing list if you'd like to discuss.

  3. Log in to comment