Has anyone else been seeing a ton of sendmail "possible SMTP attack: command=HELO/EHLO, count=3" log entries lately? From what I've been able to google, it looks like there's a poorly-written spam-bot out there. Among my other rules, I use GeoIP, which is blocking the lion's share of these from within sub filter_sender, based on the country of origin of the connection. But I'm curious, how has anyone else been dealing with these? I've logged over 44000 of these hits, in the past week.
Ken _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
