[Mimedefang] "Possible SMTP attack: command=HELO/EHLO, count=3"

Cormack, Ken ken.cormack at roadway.com
Thu Oct 26 13:39:28 EDT 2006

Has anyone else been seeing a ton of sendmail "possible SMTP attack:
command=HELO/EHLO, count=3" log entries lately?  From what I've been able to
google, it looks like there's a poorly-written spam-bot out there.  Among my
other rules, I use GeoIP, which is blocking the lion's share of these from
within sub filter_sender, based on the country of origin of the connection.
But I'm curious, how has anyone else been dealing with these?  I've logged
over 44000 of these hits, in the past week.


More information about the MIMEDefang mailing list