[CentOS] Sendmail log entries

Thu Sep 20 20:12:46 UTC 2012
Les Mikesell <lesmikesell at gmail.com>

On Thu, Sep 20, 2012 at 2:31 PM, James B. Byrne <byrnejb at harte-lyne.ca> wrote:
> The list of sources is far too long to include in a message to the
> list.  Suffice to say that each IP address is automatically blocked
> for varying lengths of time following any failed attempt.  What I am
> trying to discover is what in particular, if anything, caused this
> traffic to suddenly start hitting our external server and whether or
> not we should be concerned about a specific vulnerability.

Where does it fit with the MX preference number ordering?   If it is a
higher value (lower priority) the others should be tried first so
traffic might be an indication that other servers are unreachable or
failing.   However, it is a common ploy for spammers to try to send to
the low priority target first on the chance that the spam filtering
isn't as good as on the primary server(s).

  Les Mikesell
     lesmikesell at gmail.com

> This host is our last remaining Sendmail server.  All the rest have
> been switched to Postfix.  None of the other MX hosts are reporting
> this and so the questions arise: Is this an attack?  Is it
> specifically directed at the Sendmail server or is it just a
> co-incidence?