OT: sendmail: possible SMTP attack??
Matt Kettler
mkettler at evi-inc.com
Mon Oct 16 17:10:13 IST 2006
Jeff A. Earickson wrote:
> Gang,
>
> I've been seeing a ton of "possible SMTP attack" syslog messages
> from sendmail for the last couple of days, from all over the
> place (mostly Isreal and Brazil). Normally, I almost never see
> this message from sendmail. Anybody else seeing this? New
> email virus??? Any other ideas?
I'm seeing a lot of them too. The failing command is HELO/EHLO. This means the
sender issued 3 or more HELO/EHLO commands in a single conversation with sendmail.
Probably a buggy spam tool or virus. Based on the low distribution of hosts
doing this, I'd guess it's a virus, and that this bug is inhibiting its ability
to spread.
More information about the MailScanner
mailing list