sshguard / sshguard / issues / #36 - Add signature: Postfix reverse DNS lookup mismatch — Bitbucket

Issue #36 wontfix

Former user created an issue 2016-06-26

Dear team,

Another trace to add to your program:

Jun 26 00:25:44 ceto postfix/smtpd[77932]: warning: hostname neobusters.xyz does not resolve to address 195.154.113.107: hostname nor servname provided, or not known

Comments (4)

Kevin Zheng
- changed title to Add signature: Postfix reverse DNS lookup mismatch
- 2016-06-27T15:01:11+00:00

Kevin Zheng

Additional signature copied from ~~#37~~:

Jun 27 17:21:50 ceto postfix/smtpd[49955]: warning: hostname static.vnpt.vn does not resolve to address 14.166.206.168

2016-06-28T16:26:53+00:00

Kevin Zheng
Issue ~~#37~~ was marked as a duplicate of this issue.
- 2016-06-28T16:27:10+00:00
Kevin Zheng
- changed status to wontfix
I'm hesitant to label this as an attack. Although few mail servers you'd want to receive mail from don't have reverse DNS configured correctly, I think it's better to leave attack signatures to match egregious behavior like authentication failures or open relaying. Please re-open/comment on this ticket or post on the mailing list if you'd like to discuss.
- 2016-07-08T22:35:53+00:00
Log in to comment

Assignee: Kevin Zheng

Type: enhancement

Priority: major

Status: wontfix

Component: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!