Yuppers! It's a pain in the butt! And they are coming from everywhere,
but mostly from RIPE address space. At least in my case.
I cannot deal with them too much as I am a SysAdmin at an ISP and would
have difficulties blocking any address space.
On my personal server, which shares the same address space as the ISP, I
only get a couple a day, and on my secondary MX, on Bresnan cable IP space,
one or two every other day or so. Not enough to worry about there yet.
At 11:39 AM 10/26/2006, you wrote:
Has anyone else been seeing a ton of sendmail "possible SMTP attack:
command=HELO/EHLO, count=3" log entries lately? From what I've been able to
google, it looks like there's a poorly-written spam-bot out there. Among my
other rules, I use GeoIP, which is blocking the lion's share of these from
within sub filter_sender, based on the country of origin of the connection.
But I'm curious, how has anyone else been dealing with these? I've logged
over 44000 of these hits, in the past week.
Ken
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
John Jaeger - Billings, Montana
EMail To : <mailto:[EMAIL PROTECTED]>
Home Page : <http://www.jjgb.com>
PGP:
RSA Key ID: 0xAAEC7751 <http://www.jjgb.com/public_files/RSA_Key.zip>
"Our liberty is protected by four boxes...
The ballot box, the jury box, the soap box, and the cartridge box."
- Anonymous
"Soap Box" didn't work, now using the "Cartridge Box" 3/20/2003
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
