Hi Audric, > During the last few days I got hundreds of these: > > Dec 12 09:04:08 qube3 sendmail[20950]: NOQUEUE: mrh.rcmail.com [216.54.1.19] did not >issue MAIL/EXPN/VRFY/ETRN during connection to MTA > > should I worry.
Jepp. Could be that someone connected manually to your sendmail port and is/was trying to trick it into doing bad stuff. You can test it out by using "telnet <your.ip.address> 25". Sendmail will then greet you and expects to talk to a mail programm or other mail server. You can basically send emails that way by just typing the commands that Sendmail expects during a normal mail connection, or by letting a script generate them. The error message above (did not issue MAIL/EXPN/VRFY/ETRN) tells us that the connecting party got past the initial "HELO" greeting, but then didn't behave as sendmail expected. > Meanwhile I changed the default rule of my firewall from accept > to deny. Sounds like a good idea. You could of course block this IP-address or the entire address range of the originating ISP instead. -- With best regards, Michael Stauber SOLARSPEED.NET _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
