here's a excerpt from the log on this:

01:23 08:37 SMTPD(dc0801420000b4da) [65.112.155.254] connect 195.22.225.11 port 3727
01:23 08:37 SMTPD(dc0801420000b4da) [195.22.225.11] EHLO moldova.cc
01:23 08:37 SMTPD(dc0801420000b4da) [195.22.225.11] MAIL FROM:<[EMAIL PROTECTED]>
01:23 08:37 SMTPD(dc0801420000b4da) [195.22.225.11] RCPT TO:<[EMAIL PROTECTED]>
01:23 08:37 SMTPD(dc0801420000b4da) [x] looking up ledgerplus.com in HOSTS
01:23 08:37 SMTPD(dc0801420000b4da) [195.22.225.11] ERR PINE.MATROSITY.COM invalid user <[EMAIL PROTECTED]
01:23 08:37 SMTPD(dc0801420000b4da) [195.22.225.11] RCPT TO:<[EMAIL PROTECTED]>
01:23 08:37 SMTPD(dc0801420000b4da) [x] looking up ledgerplus.com in HOSTS
01:23 08:37 SMTPD(dc0801420000b4da) [195.22.225.11] ERR PINE.MATROSITY.COM invalid user <[EMAIL PROTECTED]
01:23 08:37 SMTPD(dc0801420000b4da) [195.22.225.11] Max Invalid RCPTs Exceeded

It seems they never tripped the dictionary attack so this went on all day with the same email addresses.


Matrosity Hosting wrote:
I ran a report for smtpd connections. What could this mean?

4,358
195.22.225.11

I ran a tracert and came up with mdl.net?

Reply via email to