Hello. (sendmail->mimdefang->spamassassin)
Since this past weekend I been seeing in the mail log: possible SMTP attack: command=HELO/EHLO, count=3 These used to be very rare, but since Saturday there are a great many (for us). For the past few hours, I've been firewalling the offending IPs with iptables as they occur, but so far the supply of IP addresses seems endless. The IPs do seem weighted towards a couple of ISPs in Israel though: No. of ip addresses: KOREA, REPUBLIC OF: 7 RUSSIAN FEDERATION: 12 GERMANY: 17 CHINA: 20 UNITED STATES: 21 CZECH REPUBLIC: 47 ISRAEL: 93 I don't think any of these messages have actually made it as far as getting to SA, but can someone enlighten me as to what this is? -- Mike G
