[Mimedefang] "Possible SMTP attack: command=HELO/EHLO, count=3"
John
john at jjgb.com
Thu Oct 26 14:27:10 EDT 2006
Yuppers! It's a pain in the butt! And they are coming from everywhere,
but mostly from RIPE address space. At least in my case.
I cannot deal with them too much as I am a SysAdmin at an ISP and would
have difficulties blocking any address space.
On my personal server, which shares the same address space as the ISP, I
only get a couple a day, and on my secondary MX, on Bresnan cable IP space,
one or two every other day or so. Not enough to worry about there yet.
At 11:39 AM 10/26/2006, you wrote:
>Has anyone else been seeing a ton of sendmail "possible SMTP attack:
>command=HELO/EHLO, count=3" log entries lately? From what I've been able to
>google, it looks like there's a poorly-written spam-bot out there. Among my
>other rules, I use GeoIP, which is blocking the lion's share of these from
>within sub filter_sender, based on the country of origin of the connection.
>But I'm curious, how has anyone else been dealing with these? I've logged
>over 44000 of these hits, in the past week.
>
>Ken
>
>_______________________________________________
>NOTE: If there is a disclaimer or other legal boilerplate in the above
>message, it is NULL AND VOID. You may ignore it.
>
>Visit http://www.mimedefang.org and http://www.roaringpenguin.com
>MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
>http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
John Jaeger - Billings, Montana
EMail To : <mailto:john at jjgb.com>
Home Page : <http://www.jjgb.com>
PGP:
RSA Key ID: 0xAAEC7751 <http://www.jjgb.com/public_files/RSA_Key.zip>
"Our liberty is protected by four boxes...
The ballot box, the jury box, the soap box, and the cartridge box."
- Anonymous
"Soap Box" didn't work, now using the "Cartridge Box" 3/20/2003
More information about the MIMEDefang
mailing list