Hello (not helo :-)
I am working on a spam filter and so I find myself spending a lot more quality
time with mail logs than I used to. One of the things I have noticed is that I
will get a lot of connections that send a HELO command and then disconnect.
Sometimes I get this repeated several times a minute from the same IP for hours
on end. What is going on here? Should I block these IPs? Am I being scanned?
By what? To what end?
Maybe this could be some Spam prevention systems. Some systems try to
reach the MX of a domain (like
https://www.rspamd.com/doc/modules/mx_check.html)
Thanks,
rg
