From grazulis at ibt.lt Sat Jul 13 10:04:11 2024 From: grazulis at ibt.lt (=?UTF-8?Q?Saulius_Gra=c5=beulis?=) Date: Sat, 13 Jul 2024 10:04:11 +0300 Subject: [Cod-bugs] Flooding our logs :( Message-ID: <9b40f9cc-d716-4792-756a-649bd8952d41@ibt.lt> Hi, folks, your connection makes multiple attempts to send SSL packets that our server deems incorrect, and these packets flood our logs: > Jul 10 05:02:28 xlists postfix/smtpd[24060]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313: > Jul 10 05:02:28 xlists postfix/smtpd[24036]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313: > Jul 10 05:02:28 xlists postfix/smtpd[24056]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313: > Jul 10 05:02:28 xlists postfix/smtpd[24150]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313: > Jul 10 05:02:30 xlists postfix/smtpd[24056]: improper command pipelining after EHLO from*tls-crawler3.cs.uni-paderborn.de*[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n > Jul 10 05:02:30 xlists postfix/smtpd[24078]: improper command pipelining after EHLO from tls-crawler3.cs.uni-paderborn.de[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n > Jul 10 05:02:30 xlists postfix/smtpd[24151]: improper command pipelining after EHLO from tls-crawler3.cs.uni-paderborn.de[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n > Jul 10 05:02:30 xlists postfix/smtpd[24067]: improper command pipelining after EHLO from tls-crawler3.cs.uni-paderborn.de[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n The log becomes about 23M for a single day :( Could you please limit your requests to a single IP to no more that 10-20 requests? Our server is "lists.crystallography.net" (158.129.170.77). Thank you for your understanding. Sincerely yours, Saulius -- Dr. Saulius Gra?ulis Vilnius University Institute of Biotechnology, Saul?tekio al. 7 LT-10257 Vilnius, Lietuva (Lithuania) fax: (+370-5)-2234367 / phone (office): (+370-5)-2234353 mobile: (+370-684)-49802, (+370-614)-36366 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: grazulis.vcf Type: text/vcard Size: 4 bytes Desc: not available URL: From juraj.somorovsky at upb.de Sun Jul 14 21:13:47 2024 From: juraj.somorovsky at upb.de (Juraj Somorovsky) Date: Sun, 14 Jul 2024 20:13:47 +0200 Subject: [Cod-bugs] [syssec-research-scans] Flooding our logs :( In-Reply-To: <9b40f9cc-d716-4792-756a-649bd8952d41@ibt.lt> References: <9b40f9cc-d716-4792-756a-649bd8952d41@ibt.lt> Message-ID: <7eaf6b11-02af-43c8-9903-4d30ecd4a189@upb.de> Dear Saulius, I am very sorry for this, our student had a technical incident, which caused the large number of requests. We have been informed also by another admin and stopped the scan on Thursday. We will of course limit our our future scans as you described. If there is any inconvencience in the future, let us know. Best regards Juraj On 13.07.24 09:04, Saulius Gra?ulis wrote: > Hi, folks, > > your connection makes multiple attempts to send SSL packets that our > server deems incorrect, and these packets flood our logs: > >> Jul 10 05:02:28 xlists postfix/smtpd[24060]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313: >> Jul 10 05:02:28 xlists postfix/smtpd[24036]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313: >> Jul 10 05:02:28 xlists postfix/smtpd[24056]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313: >> Jul 10 05:02:28 xlists postfix/smtpd[24150]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313: >> Jul 10 05:02:30 xlists postfix/smtpd[24056]: improper command pipelining after EHLO from*tls-crawler3.cs.uni-paderborn.de*[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n >> Jul 10 05:02:30 xlists postfix/smtpd[24078]: improper command pipelining after EHLO from tls-crawler3.cs.uni-paderborn.de[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n >> Jul 10 05:02:30 xlists postfix/smtpd[24151]: improper command pipelining after EHLO from tls-crawler3.cs.uni-paderborn.de[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n >> Jul 10 05:02:30 xlists postfix/smtpd[24067]: improper command pipelining after EHLO from tls-crawler3.cs.uni-paderborn.de[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n > > The log becomes about 23M for a single day :( > > Could you please limit your requests to a single IP to no more that > 10-20 requests? Our server is "lists.crystallography.net" (158.129.170.77). > > Thank you for your understanding. > > Sincerely yours, > Saulius > > -- > Dr. Saulius Gra?ulis > Vilnius University Institute of Biotechnology, Saul?tekio al. 7 > LT-10257 Vilnius, Lietuva (Lithuania) > fax: (+370-5)-2234367 / phone (office): (+370-5)-2234353 > mobile: (+370-684)-49802, (+370-614)-36366 > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- Prof. Dr.-Ing. Juraj Somorovsky System Security Dept. of Computer Science Universit?t Paderborn Institut f?r Informatik F?rstenallee 11 D-33102 Paderborn Office F2.315 Telephone +49 5251 60-6690 E-Mail juraj.somorovsky at upb.de Web https://www.uni-paderborn.de/person/83504 Twitter https://twitter.com/jurajsomorovsky https://www.instagram.com/uni_paderborn https://www.facebook.com/unipaderborn https://de.linkedin.com/school/uni-paderborn https://twitter.com/unipb https://www.youtube.com/user/upbvideo