The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EXIM: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (error:140760FC)

Discussion in 'E-mail Discussions' started by nospa, Apr 30, 2012.

  1. nospa

    nospa Well-Known Member

    Joined:
    Apr 23, 2012
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Reseller Owner
    HI

    Since 8-10 days, I recive very strange errors in exim_mainlog:

    Here are some examples:

    Code:
    2012-04-30 02:33:30 TLS error on connection from (localhost) [74.79.177.106] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    2012-04-30 02:34:46 TLS error on connection from (localhost) [186.182.196.246] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    2012-04-30 02:35:32 TLS error on connection from (localhost) [173.21.9.179] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    2012-04-30 02:36:02 TLS error on connection from (localhost) [119.77.234.116] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    Everytime there is (localhost) [IP] connection scheme, and there is error 140760FC with the same message, while IPs in [...] are different.

    My server accept TLS connections. I've checked many of IPs from such errors, and all of them was some sort of dictionary attackers, open relay mail servers etc. Also non of my users reported that they missed any emails.

    I don't know if there is some sort of attack to my server? Is there any way to know what domain they try to connect? I tried to tcpdump packed while this error becames, and the only thing I found that they send QUIT very soon after connection, this is something I catch on 25 port just before error became:

    Code:
    02:19:04.416765 IP 201.231.132.235.cp-spxsvr > MY_SERVER_IP.smtp: Flags [P.], seq 2509958694:2509958700, ack 3637536753, win 65182, length 6
    0x0000: 4500 002e c092 4000 6a06 9611 c9e7 84eb E.....@.j.......
    0x0010: b009 bb49 1119 0019 959a ee26 d8d0 67f1 ...I.......&..g.
    0x0020: 5018 fe9e 7998 0000 5155 4954 0d0a P...y...QUIT..
    
    Mike
     
Loading...

Share This Page