rejected commands from localhost due to pre-greeting traffic
Johnny Stork
stork at openenterprise.ca
Mon Oct 8 08:32:11 IST 2007
No nagios running, but I do run a zabbix client but it is currently not
being used for any smtp or other mail ports. Its is also a fresh, clean
install of Centos 5, and is currently accepting mail on port 25. Thats
the only port connecting to that server from the internet
Steve Freegard wrote:
> Johnny Stork wrote:
>> Thanks again. Did all the suggested steps and although that original
>> message is gone, it seems to have been replaced by these....
>>
>> localhost.localdomain [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN
>> during connection to MTA
>>
>
> Are you running Nagios or some sort of other monitoring locally?
>
> It seems that something is connecting to port 25 and maybe even
> issuing a HELO/EHLO and then disconnecting.
>
> I've seen this happen with some monitoring tools before, if you don't
> run any or have not carried out any work on this machine recently then
> you should probably check for rootkits or other nasties and make sure
> you don't have any weak root or user passwords as malware could case
> this as well.
>
> Cheers,
> Steve.
More information about the MailScanner
mailing list