On Thu, Sep 20, 2012 at 2:31 PM, James B. Byrne <byrnejb@xxxxxxxxxxxxx> wrote:
>
>
> The list of sources is far too long to include in a message to the
> list. Suffice to say that each IP address is automatically blocked
> for varying lengths of time following any failed attempt. What I am
> trying to discover is what in particular, if anything, caused this
> traffic to suddenly start hitting our external server and whether or
> not we should be concerned about a specific vulnerability.
Where does it fit with the MX preference number ordering? If it is a
higher value (lower priority) the others should be tried first so
traffic might be an indication that other servers are unreachable or
failing. However, it is a common ploy for spammers to try to send to
the low priority target first on the chance that the spam filtering
isn't as good as on the primary server(s).
--
Les Mikesell
lesmikesell@xxxxxxxxx
> This host is our last remaining Sendmail server. All the rest have
> been switched to Postfix. None of the other MX hosts are reporting
> this and so the questions arise: Is this an attack? Is it
> specifically directed at the Sendmail server or is it just a
> co-incidence?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
