2010-04-06
The SMTP auth attack was still going on ...
The SMTP auth attack was still going on this morning so I decided to play a bit with the sendmail access config:SRV_Features:92.241.190.15 AThis disables offering AUTH to the specific attacking IP. The result was interesting in SMTP sessions:220 kzdoos.xs4all.nl ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Tue, 6 Apr 2010 08:25:06 +0200; (No UCE/UBE) logging access from: [92.241.190.15](FAIL)-[92.241.190.15] 9_@@ EHLO hbwgxr.com 250-kzdoos.xs4all.nl Hello [92.241.190.15], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-STARTTLS 250-DELIVERBY 250 HELP RSET 250 2.0.0 Reset state RSET 250 2.0.0 Reset state RSET 250 2.0.0 Reset state RSET 250 2.0.0 Reset state RSET 250 2.0.0 Reset state RSET 250 2.0.0 Reset stateThe attacking script leaves out the authentication attempts and just goes on doing nothing. After a short while the attack from 92.241.190.15 stopped.