In message <blu0-smtp18666eaddba40b2b455f798bb...@phx.gbl>, Tarig Ahmed writes: > hi all > > I am receiving emails from many servers saying that: this ip (from a > customer) is trying to attacking one of our servers. > > Is it appropriate to filter ssh, telnet, and smtp from my customers, > or just forward the message to my customer contact persons?
I suspect that your customer is compromised and you should put them in a walled garden until they fix the problem. Look at traffic flows first however. > Thanks in advance.. > > Tarig Yassin Ahmed -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org