On Sunday 24 February 2002 03:37 pm, jorge wrote: > Hi everybody, > > I'm getting the following report from logcheck from this morning at 4 > up to now being repeated every 2:xx minutes. > Now, please notice the IP number is the local route to get to the > server to check mail (if I block it, 95% of my customers won't be able > to read mail nor see their web sites). > Seems to me like someone is trying to break this user's paswwd. > What do you think ? > How can I correct the "not issue MAIL/EXPN/VRFY/ETRN during connection > to MTA" ?
This entry is probably from the active monitor program, ran every 15 minutes, it connecs to see if sendmail is running and then abruptly disconnects. > Feb 24 12:30:03 www sendmail[31012]: NOQUEUE: localhost [127.0.0.1] did > not issue MAIL/EXPN/VRFY/ETRN during connection to MTA These are one of your users??? logging in to get his mail, he probably has his emaiil client setup to connect every two minutes. > Feb 24 12:32:58 www in.qpopper[31132]: (v?) POP login by > user "adrianac" at (200.66.165.18) 200.66.165.18 > Feb 24 12:34:01 www in.qpopper[31171]: (v?) POP login by > user "adrianac" at (200.66.165.18) 200.66.165.18 -- Gerald Waugh _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
