--On Thursday, October 26, 2006 13:39 -0400 "Cormack, Ken" <[EMAIL PROTECTED]> wrote:
Has anyone else been seeing a ton of sendmail "possible SMTP attack: command=HELO/EHLO, count=3" log entries lately? From what I've been able to google, it looks like there's a poorly-written spam-bot out there. Among my other rules, I use GeoIP, which is blocking the lion's share of these from within sub filter_sender, based on the country of origin of the connection. But I'm curious, how has anyone else been dealing with these? I've logged over 44000 of these hits, in the past week.
Lots of them here too, about the same number per day. What does that mean, anyway? Three HELO or EHLO commands? It would be nice to target it. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
