On Fri, 2006-11-10 at 09:45 -0500, John Hinton wrote: > Log report is reporting a lot of these lately.. following is just a > short snippet from the beginning on one server. > > WARNING!!!! > Possible Attack: > Attempt from 104.29.broadband2.iol.cz [83.208.29.104] with: > command=HELO/EHLO, count=3 : 1 Time(s) > Attempt from 106.7.broadband7.iol.cz [88.102.7.106] with: > command=HELO/EHLO, count=3 : 1 Time(s) > Attempt from 106.74.broadband5.iol.cz [88.100.74.106] with: > command=HELO/EHLO, count=3 : 1 Time(s) > Attempt from 126.239.broadband7.iol.cz [88.102.239.126] with: > command=HELO/EHLO, count=3 : 1 Time(s) > Attempt from 144.Red-80-34-151.staticIP.rima-tde.net [80.34.151.144] > with: > command=HELO/EHLO, count=3 : 1 Time(s) > > Could anyone expand on what these folks are actually doing? And if I > should be concerned? > > This is happening on both my CentOS 3 and 4 systems, all running Sendmail. Not sure but I do know that hosts on the rima-tde.net network always try to send me tons of spam and rima-tde.net does not act upon any spam report. My logs show that rima-tde.net and tpnet.pl score top place when it comes to spam attempts from European hosts. Haven't seen iol.cz in my logs but I will keep an eye on them too. Regards, Patrick