On Thu, September 20, 2012 11:10, m.roth@xxxxxxxxx wrote:
> I'm not real good with smtp, but it looks as though someone from
> Spain is trying to directly connect to your smtp server. Unless
> you know that they're legitimately using your system, I'd block
> that IP now.
>
The list of sources is far too long to include in a message to the
list. Suffice to say that each IP address is automatically blocked
for varying lengths of time following any failed attempt. What I am
trying to discover is what in particular, if anything, caused this
traffic to suddenly start hitting our external server and whether or
not we should be concerned about a specific vulnerability.
This host is our last remaining Sendmail server. All the rest have
been switched to Postfix. None of the other MX hosts are reporting
this and so the questions arise: Is this an attack? Is it
specifically directed at the Sendmail server or is it just a
co-incidence?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
