exim mainlog: temporarily rejected RCPT

kimbo

Verified User
Joined
Apr 23, 2013
Messages
57
These days I notice a lot of the following below in the exim mainlog.
A client reported also that they missed some mails and I ask myself if I'm hacked or that this is just a mass spam pointed to my server.
I already blocked the IP's in the deny file, still see this in the logs. :unsure:

Anyone has an idea what it is and what to do?

2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 remote host address is the local host: websrv01.mydomain.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-19 07:38:01 H=([185.143.223.163]) [185.143.223.160] incomplete transaction (connection lost) from <[email protected]>
 
What is the deny file? How did you block the IP?
It is blocked via CFS so it is in host.deny file.

remote host address is the local host is an exim error message which indicates that the sender or recipient's domain has your machine's hostname/IP, but exim is not configured to accept mail for that domain.
So does it mean that they pointed their IP to my domain? Or how can I understand this?
 
CSF uses /etc/csf/csf.deny

Did you mask the domains in logs lines? It might be the MX records of the domains point to your server but you don't host them, or whatever else similar.
 
CSF uses /etc/csf/csf.deny

Did you mask the domains in logs lines? It might be the MX records of the domains point to your server but you don't host them, or whatever else similar.
Yes I masked them, the IP's in the logs are not mine. So I think this is a kind of attack.


In the mean time after blocking the IP they changed again their IP: 🙃
2020-02-19 08:33:09 H=([185.143.223.163]) [185.143.223.171]


csf: DENY_IP_LIMIT (200), the following IP's were removed from /etc/csf/csf.deny:
128.68.61.56 # lfd: (sshd) Failed SSH login from 128.68.61.56 (RU/Russian Federation/128-68-61-56.broadband.corbina.ru): 5 in the last 3600 secs - Sat Feb 15 21:12:40 2020
DROP all opt -- in !lo out * 128.68.61.56 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 128.68.61.56
Adding 185.143.223.171 to csf.deny and iptables DROP...
DROP all opt -- in !lo out * 185.143.223.171 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 185.143.223.171
 
Last edited:
Constantly I'm under attack by: H=([185.143.223.163]) [185.143.223.166]
I have a client who says now that mails get lost

Now add 185.143.223.0/32 as blocked range and hope it will stop.
Asked hosting provider if they see DDOS issues.
 
This is set in CSF blocking list: 185.143.223.0/32 # block RU range - Fri Feb 21 14:06:10 2020
In the config: CC_DENY = "CN,RU"

Still the traffic isn't dropped: :unsure:

2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 remote host address is the local host: websrv01.myserver.net (while verifying <[email protected]> from host ([185.143.223.163]) [185.143.223.160])
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] F=<[email protected]> temporarily rejected RCPT <[email protected]>: remote host address is the local host
2020-02-21 21:02:30 H=([185.143.223.163]) [185.143.223.160] incomplete transaction (connection lost) from <[email protected]>
 
Last edited:
Range 185.143.223.0/32 was incorrect subnetted... /24 did the trick, I need to see now if this completely drops all spam so that my server functions normaly again.
 
Cause the subnet is located in NL:

Code:
inetnum:        185.143.223.0 - 185.143.223.255
netname:        informtech
country:        NL
admin-c:        LD5508-RIPE
tech-c:         LD5508-RIPE

Code:
# geoiplookup 185.143.223.0
GeoIP Country Edition: NL, Netherlands

so you need to block NL too in this case ;)
 
Location For an IP: 185.143.223.163
P Address:185.143.223.163
[IP Blacklist Check]
Reverse DNS:** server can't find 163.223.143.185.in-addr.arpa: SERVFAIL
Hostname:185.143.223.163
Continent:Europe (EU)
Country: Russian Federation
IP Location Find In Russian Federation
(RU)
Capital:Moscow
State:Saint Petersburg City
City Location:Saint Petersburg
Postal:190005
ISP:Power Networking Limited
Organization:Unknown
AS Number:AS57043 Hostkey B.v.
 
Code:
traceroute to 185.143.223.1 (185.143.223.1), 30 hops max, 60 byte packets
 1  l7.ams4.transip.net (95.170.86.220)  125.002 ms  124.992 ms  124.990 ms
 2  l7.f2.ams4.transip.net (77.72.151.72)  11.713 ms  11.723 ms  11.718 ms
 3  f2.r1.ams0.transip.net (77.72.151.122)  0.278 ms  0.294 ms  0.291 ms
 4  r1-a0.e1.ams0.transip.net (157.97.168.9)  0.387 ms  0.389 ms  0.385 ms
 5  ams-ix.retn.net (80.249.209.216)  1.150 ms  1.155 ms  1.153 ms
 6  ae0-3.rt.srv.dro.nl.retn.net (87.245.232.44)  2.186 ms  1.846 ms  1.814 ms
 7  gw-serverius.retn.net (87.245.246.61)  11.681 ms  11.767 ms  11.948 ms
 8  185.8.179.39 (185.8.179.39)  4.093 ms  3.943 ms *
 9  185.53.163.41 (185.53.163.41)  193.797 ms  193.173 ms  193.092 ms
10  10.20.0.1 (10.20.0.1)  3.109 ms  3.179 ms  3.493 ms
11  185.143.223.1 (185.143.223.1)  3.466 ms  3.615 ms  3.710 ms

and 185.53.163.41 belongs to https://serverius.net/

Code:
inetnum:        185.53.160.0 - 185.53.163.255
netname:        NL-SERVERIUS-20140411
country:        NL
org:            ORG-SHB2-RIPE
admin-c:        SN1
tech-c:         SN1
status:         ALLOCATED PA
 
I also encounter portscans and systems trying to send spam to my servers.
This also is done from Dutch servers, but owned/rented by Russians.

IP Address185.143.223.160
Host185.143.223.160
Location
NL
NL, Netherlands

But...
person: Lenar Davletshin
address: ul. Gorohovaya 48A, pom. 4N, office 20D
address: ul. Gorohovaya 48A, pom. 4N, office 20D
address: Saint Petersburg
address: RUSSIAN FEDERATION
phone: +7 (495) 409-6573
nic-hdl: LD5508-RIPE
mnt-by: ru-informtech-1-mnt
created: 2018-01-19T16:15:06Z
last-modified: 2019-12-11T15:23:38Z
source: RIPE # Filtered

% Information related to '185.143.223.0/24AS204718'

route: 185.143.223.0/24
origin: AS204718
descr: infotech.ru.net
mnt-by: ru-informtech-1-mnt
created: 2018-10-15T13:09:21Z
last-modified: 2018-10-15T13:10:21Z
source: RIPE

However, one can always just block an ip range with CSF.
 
I also encounter portscans and systems trying to send spam to my servers.
This also is done from Dutch servers, but owned/rented by Russians.

IP Address185.143.223.160
Host185.143.223.160
Location
NL
NL, Netherlands

But...
person: Lenar Davletshin
address: ul. Gorohovaya 48A, pom. 4N, office 20D
address: ul. Gorohovaya 48A, pom. 4N, office 20D
address: Saint Petersburg
address: RUSSIAN FEDERATION
phone: +7 (495) 409-6573
nic-hdl: LD5508-RIPE
mnt-by: ru-informtech-1-mnt
created: 2018-01-19T16:15:06Z
last-modified: 2019-12-11T15:23:38Z
source: RIPE # Filtered

% Information related to '185.143.223.0/24AS204718'

route: 185.143.223.0/24
origin: AS204718
descr: infotech.ru.net
mnt-by: ru-informtech-1-mnt
created: 2018-10-15T13:09:21Z
last-modified: 2018-10-15T13:10:21Z
source: RIPE

However, one can always just block an ip range with CSF.

This IP (or few IPs block) just rented by somebody from RU. For example when we rent ip block from Hetzner - they add our contacts to its description.
 
Back
Top