On 2/10/2021 3:20 PM, Ron Garret wrote:
Hello (not helo :-)
I am working on a spam filter and so I find myself spending a lot more quality
time with mail logs than I used to. One of the things I have noticed is that I
will get a lot of connections that send a HELO command and then disconnect.
Sometimes I get this repeated several times a minute from the same IP for hours
on end. What is going on here? Should I block these IPs? Am I being scanned?
By what? To what end?
Thanks,
rg
Each connecting IP may have a different reason...
My first two thoughts are either a broken spambot, or an MTA that
doesn't like something about your server's response.
Probably not a scan or anything to be overly concerned with, unless
it looks like you might want their mail. Unless they repeat
thousands of times for hours it's not worth blocking - just ignore them.
-- Noel Jones
