I manually enter IP address in the Control Access List under SMTP Security. I have Granted Access checked and manually add IP’s that I would like the SMTP not to accept a connection from. One address in particular is 193.95.242.196. Looking though the syslog, this entry was under SMTPD Errors. 79 Invalid User IP = 193.95.242.196.
As I did more research I found these entries in the log.
10:20 00:47 SMTPD(214901bc00002d57) [193.95.242.196] EHLO mail.xhorizont.com
10:20 00:47 SMTPD(214901bc00002d57) [193.95.242.196] MAIL FROM:<[EMAIL PROTECTED]>
10:20 00:47 SMTPD(214901bc00002d57) [193.95.242.196] RCPT TO:<[EMAIL PROTECTED]>
10:20 00:47 SMTPD(214901bc00002d57) [x] looking up odryna.com in HOSTS
10:20 00:47 SMTPD(214901bc00002d57) [193.95.242.196] ERR jeep.lakespeed.com invalid user <[EMAIL PROTECTED]
10:20 00:47 SMTPD(214901bc00002d57) [193.95.242.196] RCPT TO:<[EMAIL PROTECTED]>
10:20 00:47 SMTPD(214901bc00002d57) [x] looking up odryna.com in HOSTS
10:20 00:47 SMTPD(214901bc00002d57) [193.95.242.196] ERR jeep.lakespeed.com invalid user <[EMAIL PROTECTED]
10:20 00:47 SMTPD(214901bc00002d57) [193.95.242.196] Max Invalid RCPTs Exceeded
Each time the IP was doing a dictionary attack.
Why did the SMTP server accept the connection?
I am using version 8.21 – 2005.07.11.2 with MXGuard and ClamAV
Any help would be appreciated.
Mike Odryna
Owner
Island Pond Computer
