[CentOS] Sendmail log entries

Thu Sep 20 20:12:46 UTC 2012
Les Mikesell <lesmikesell at gmail.com>

On Thu, Sep 20, 2012 at 2:31 PM, James B. Byrne <byrnejb at harte-lyne.ca> wrote:
>
>
> The list of sources is far too long to include in a message to the
> list.  Suffice to say that each IP address is automatically blocked
> for varying lengths of time following any failed attempt.  What I am
> trying to discover is what in particular, if anything, caused this
> traffic to suddenly start hitting our external server and whether or
> not we should be concerned about a specific vulnerability.

Where does it fit with the MX preference number ordering?   If it is a
higher value (lower priority) the others should be tried first so
traffic might be an indication that other servers are unreachable or
failing.   However, it is a common ploy for spammers to try to send to
the low priority target first on the chance that the spam filtering
isn't as good as on the primary server(s).

-- 
  Les Mikesell
     lesmikesell at gmail.com





> This host is our last remaining Sendmail server.  All the rest have
> been switched to Postfix.  None of the other MX hosts are reporting
> this and so the questions arise: Is this an attack?  Is it
> specifically directed at the Sendmail server or is it just a
> co-incidence?