Hello all, I find this inmy logs throughout the day today: Dec 28 16:35:52 finn postfix/smtpd[13320]: NOQUEUE: reject: RCPT from pcp0012209034pcs.blairblvd.tn.nash.comcast.net[69.245.57.210]: 501 <-1217882552>: Helo command rejected: Invalid name; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=SMTP helo=<-1217882552>
Notice that helo section is a negative number (which is why my postfix rejects the message) There are about 5 messages a minute at its peak, and this has been going on most of the day today (EST time zone) Some of the connecting IP's are listed in various black lists, such as OPM. Has anyone noticed this as well? Is this a virus or just some new spam tool? Some more rejected messages below: Dec 28 16:37:50 finn postfix/smtpd[34627]: NOQUEUE: reject: RCPT from cpe-66-75-65-130.socal.res.rr.com[66.75.65.130]: 501 <-1218008120>: Helo command rejected: Invalid name; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=SMTP helo=<-1218008120> Dec 28 16:37:54 finn postfix/smtpd[13320]: NOQUEUE: reject: RCPT from unknown[219.130.49.89]: 554 Service unavailable; Client host [219.130.49.89] blocked using opm.blitzed.org; Open proxy - see http://opm.blitzed.org/219.130.49.89; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=SMTP helo=<-1209697480> Dec 28 16:38:10 finn postfix/smtpd[34627]: NOQUEUE: reject: RCPT from 194-144-9-218.du.xdsl.is[194.144.9.218]: 501 <-1209697480>: Helo command rejected: Invalid name; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=SMTP helo=<-1209697480> Thanks, Max
