[CentOS] Sendmail log entries

Thu Sep 20 15:10:44 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

James B. Byrne wrote:
> Recently we began seeing lots of these log entries on our off-site mx
> smtp host.  I have googled this but I am not clear from what I have
> read if this is something we can stop altogether or should even worry
> about.
>
> Comments?
>
I'm not real good with smtp, but it looks as though someone from Spain is
trying to directly connect to your smtp server. Unless you know that
they're legitimately using your system, I'd block that IP now.

fail2ban's your friend....

       mark

> Logwatch.  .  .
>
>  --------------------- sendmail Begin ------------------------
>
>  SMTP SESSION, MESSAGE, OR RECIPIENT ERRORS
>  ------------------------------------------
>
>  WARNING!!!!  Possible Attack:
>     Attempt from 104.Red-83-50-106.dynamicIP.rima-tde.net
> [83.50.106.104] with:
>        command=HELO/EHLO, count=3: 1 Time(s)
>
>
> --
> ***          E-Mail is NOT a SECURE channel          ***
> James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>