google server mass connect

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

google server mass connect

Robert Schetterer
Hi all,
i am seeing a periodic mass smtp connect from some google servers without
delivering mails afterwards, anyone else seeing equal ?

Jul 17 13:00:43 mxback postfix/smtpd[18704]: connect from
qb-out-1314.google.com[72.14.204.173]
Jul 17 13:00:43 mxback postfix/smtpd[18653]: connect from
qb-out-1314.google.com[72.14.204.171]
Jul 17 13:00:43 mxback postfix/smtpd[18689]: connect from
qb-out-1314.google.com[72.14.204.173]
Jul 17 13:00:43 mxback postfix/smtpd[18708]: connect from
qb-out-1314.google.com[72.14.204.174]
Jul 17 13:00:43 mxback postfix/smtpd[18712]: connect from
qb-out-1314.google.com[72.14.204.169]
Jul 17 13:00:43 mxback postfix/smtpd[18714]: connect from
qb-out-1314.google.com[72.14.204.170]
Jul 17 13:00:43 mxback postfix/smtpd[18718]: connect from
qb-out-1314.google.com[72.14.204.168]
Jul 17 13:00:43 mxback postfix/smtpd[18719]: connect from
qb-out-1314.google.com[72.14.204.172]
Jul 17 13:00:43 mxback postfix/smtpd[18716]: connect from
qb-out-1314.google.com[72.14.204.174]
Jul 17 13:00:43 mxback postfix/smtpd[18724]: connect from
qb-out-1314.google.com[72.14.204.170]
Jul 17 13:00:43 mxback postfix/smtpd[18721]: connect from
qb-out-1314.google.com[72.14.204.170]
Jul 17 13:00:43 mxback postfix/smtpd[18728]: connect from
qb-out-1314.google.com[72.14.204.171]
Jul 17 13:00:43 mxback postfix/smtpd[18726]: connect from
qb-out-1314.google.com[72.14.204.168]
Jul 17 13:00:43 mxback postfix/smtpd[18729]: connect from
qb-out-0506.google.com[72.14.204.239]
Jul 17 13:00:43 mxback postfix/smtpd[18734]: connect from
qb-out-1314.google.com[72.14.204.171]
Jul 17 13:00:44 mxback postfix/smtpd[18736]: connect from
qb-out-1314.google.com[72.14.204.168]

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: google server mass connect

Victor Duchovni
On Thu, Jul 17, 2008 at 01:04:37PM +0200, Robert Schetterer wrote:

> Hi all,
> i am seeing a periodic mass smtp connect from some google servers without
> delivering mails afterwards, anyone else seeing equal ?

Do they disconnect right away and make a second connection that does
deliver email?

In any case, you need to do a more detailed analysis of the behaviour.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: google server mass connect

Robert Schetterer
Victor Duchovni schrieb:

> On Thu, Jul 17, 2008 at 01:04:37PM +0200, Robert Schetterer wrote:
>
>> Hi all,
>> i am seeing a periodic mass smtp connect from some google servers without
>> delivering mails afterwards, anyone else seeing equal ?
>
> Do they disconnect right away and make a second connection that does
> deliver email?
>
> In any case, you need to do a more detailed analysis of the behaviour.
>

No ,they dont deliver any mail ever, seems like
some kind of smtp check, sorry i see no
point to give more info, only that this google.com behavior is new to
the server.

the server hosts a wide faked 3 letter maildomain, and is mxbackup
server for several others.
so i guess it must be some kind of check, but anyway, i firewalled this
google.com net, cause i am not interested in google.com mails at this
server at this maildomains
and google.com mx is at other ips

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: google server mass connect

lst_hoe02
Zitat von Robert Schetterer <[hidden email]>:

> Victor Duchovni schrieb:
>> On Thu, Jul 17, 2008 at 01:04:37PM +0200, Robert Schetterer wrote:
>>
>>> Hi all,
>>> i am seeing a periodic mass smtp connect from some google servers without
>>> delivering mails afterwards, anyone else seeing equal ?
>>
>> Do they disconnect right away and make a second connection that does
>> deliver email?
>>
>> In any case, you need to do a more detailed analysis of the behaviour.
>>
>
> No ,they dont deliver any mail ever, seems like
> some kind of smtp check, sorry i see no
> point to give more info, only that this google.com behavior is new to
> the server.


Lucky one that they don't deliever mail to you. I have checked the  
logs and we get nothing but spam from google.com.


> the server hosts a wide faked 3 letter maildomain, and is mxbackup
> server for several others.
> so i guess it must be some kind of check, but anyway, i firewalled this
> google.com net, cause i am not interested in google.com mails at this
> server at this maildomains
> and google.com mx is at other ips

Maybe we should feed them to the firewall too, but i am afraid that  
some user want to get mail from google.com :-(

Regards

Andi


--
All your trash belong to us ;-)  www.spamschlucker.org
To: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: google server mass connect

Robert Schetterer
MailingListe schrieb:

> Zitat von Robert Schetterer <[hidden email]>:
>
>> Victor Duchovni schrieb:
>>> On Thu, Jul 17, 2008 at 01:04:37PM +0200, Robert Schetterer wrote:
>>>
>>>> Hi all,
>>>> i am seeing a periodic mass smtp connect from some google servers
>>>> without
>>>> delivering mails afterwards, anyone else seeing equal ?
>>>
>>> Do they disconnect right away and make a second connection that does
>>> deliver email?
>>>
>>> In any case, you need to do a more detailed analysis of the behaviour.
>>>
>>
>> No ,they dont deliver any mail ever, seems like
>> some kind of smtp check, sorry i see no
>> point to give more info, only that this google.com behavior is new to
>> the server.
>
>
> Lucky one that they don't deliever mail to you. I have checked the logs
> and we get nothing but spam from google.com.
>
>
>> the server hosts a wide faked 3 letter maildomain, and is mxbackup
>> server for several others.
>> so i guess it must be some kind of check, but anyway, i firewalled this
>> google.com net, cause i am not interested in google.com mails at this
>> server at this maildomains
>> and google.com mx is at other ips
>
> Maybe we should feed them to the firewall too, but i am afraid that some
> user want to get mail from google.com :-(
>
> Regards
>
> Andi
>
>
Hi Andi,
if users want mail from google , they will get it by using my other
primary mx, so no problem anyway, no mail loss , i know where i can use
firewall rules, without loosing mails, i wouldnt recommend this to
others cause it not a very gentle way, but with this one frequent
spammed and faked mail domain  i got bored over the years, so i use
firewalling
for brain banged spam and backscatter networks , no problem with this
now over one year , we never missed mails, and we have no special
relationship with google at that domain, so i dont care.
Thx for your info that you have no equal requests in your log
so it seems no wide spreaded stuff.


--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria