On Thu, Sep 20, 2012 at 2:31 PM, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > > The list of sources is far too long to include in a message to the > list. Suffice to say that each IP address is automatically blocked > for varying lengths of time following any failed attempt. What I am > trying to discover is what in particular, if anything, caused this > traffic to suddenly start hitting our external server and whether or > not we should be concerned about a specific vulnerability. Where does it fit with the MX preference number ordering? If it is a higher value (lower priority) the others should be tried first so traffic might be an indication that other servers are unreachable or failing. However, it is a common ploy for spammers to try to send to the low priority target first on the chance that the spam filtering isn't as good as on the primary server(s). -- Les Mikesell lesmikesell at gmail.com > This host is our last remaining Sendmail server. All the rest have > been switched to Postfix. None of the other MX hosts are reporting > this and so the questions arise: Is this an attack? Is it > specifically directed at the Sendmail server or is it just a > co-incidence?