From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Adrian C." <office@snobu.org>
Subject: Re: possible SMTP attack: command=HELO/EHLO, count=3 (fwd)
Date: Sun, 15 Oct 2006 21:40:36 +0300
Message-ID: <453280A4.4090107@snobu.org>
References: <Pine.LNX.4.58.0610150922480.1087@yossarian.aniota.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <linux-admin-owner@vger.kernel.org>
In-Reply-To: <Pine.LNX.4.58.0610150922480.1087@yossarian.aniota.com>
Sender: linux-admin-owner@vger.kernel.org
List-Id: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
To: 'Linux Mail List' <linux-admin@vger.kernel.org>


Welcome to the real world :)

No really, have RBL checking w/ or w/o spamassassin and 
you're ok. If you don't use SMTP AUTH disable that too.

--Adrian C.

terry white wrote:
> ... ciao:
> 
>     i'm starting to see a lot of the following.
> 
>     and i'm not thinking it a good thing ...
> 
> 
> muedsl-82-207-247-115.citykom.de [82.207.247.115]: possible SMTP attack:
> command=HELO/EHLO, count=3
> IGLD-83-130-135-36.inter.net.il [83.130.135.36]: possible SMTP attack:
> command=HELO/EHLO, count=3
> bzq-88-153-185-136.red.bezeqint.net [88.153.185.136]: possible SMTP attack:
> command=HELO/EHLO, count=3
> bzq-88-152-204-198.red.bezeqint.net [88.152.204.198]: possible SMTP attack:
> command=HELO/EHLO, count=3
> 89.1.170.41.dynamic.barak-online.net [89.1.170.41]: possible SMTP attack:
> command=HELO/EHLO, count=3
> 
>