I was troubleshooting some configurations on my mail server (postfix + dovecot) and while reviewing /var/log/syslog for postfix, I found that around 3am, postfix received a connection from an unknown IP and was issued a non-SMTP command, "GET /aaa9 HTTP/1.1".
My best guess is something is trying all ports for a web server and issuing an invalid command to have the server return an error code (and a server signature).
Any ideas? Is my mail server at any risk because of probing requests like this?
Nothing to worry about. If you keep getting HTTP requests on and SMTP port from the same ip, you can block them using iptables or your company firewall.