Perhaps random people are scanning you.
If someone connects to your port 25 and quits, this type of error gets logged too. You can try testing that yourself and observe :)
Regards,
.lzs
On Fri, 10 Sep 2004, Kevin Old wrote:
Hello everyone,
I've been seeing quite a few of these "did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" messages in my maillog over the past few weeks.
Sep 9 23:20:06 s15111287 sendmail[13734]: i8A3JunX013734: [220.186.192.185] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Sep 9 23:20:13 s15111287 sendmail[13732]: i8A3JtnX013732: [220.174.221.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Sep 9 23:20:13 s15111287 sendmail[13775]: i8A3KDnX013775: [64.80.63.187] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
I use iptables and also have portsentry running, but still there are hundreds of these a day in the maillog.
I've thought of writing a perl script that would parse the maillog once a day and produce a list of IP's that issued more than 5 of these within that day.
Is that a good idea, or could I potentailly be blocking legitiment mail?
Thanks, Kevin -- Kevin Old kevinold@xxxxxxxxx
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
