On Mon, 2022-04-04 at 17:27 +0300, Teemu Likonen wrote: > * 2022-04-04 07:40:47-0600, Joe Pfeiffer wrote: > > > This isn't really debian-specific, but I don't know a better place to > > ask... recently, I've been having servers make a large number of > > attempts to access my mail host using what appear to be random strings > > as usernames -- it looks like this: > > > They all have the same form: <something random>.f...@pfeifferfamily.net > > That pattern is the Message-ID field generated by Emacs message-mode (or > some component under it). Just look at your or my message's Message-ID > field. > > > So, anybody have any ideas what's up here? > > I would guess that someone has tried to automatically collect a lot of > email addresses and ended up getting also those message id's. Then an > attacker tries to intrude with those addresses.
I get spam like that to my domain, using email usernames obviously got from the Message-ID of my messages to mailing lists over the years, there's a whole category of names ending in 'git-send-email-tixy' presumably from patches I've sent with git. -- Tixy
