Hi!
Anyone else seeing massive sendmail connections seemingly for the sole purpose of a denial of service? This is less than one minute or two after a sendmail restart and we've been seeing this issue since app 6AM today.
[210.20.54.62] startup 16034 ? S 0:00 sendmail: server [4.27.171.43] startup 16035 ? S 0:00 sendmail: server 13Cust29.VR2.NYC4.broadband.uu.net [63.13.166.29] startup 16038 ? S 0:00 sendmail: server localhost.localdomain [127.0.0.1] startup 16040 ? S 0:00 sendmail: server pD9E2C8C3.dip.t-dialin.net [217.226.200.195] startup 16041 ? S 0:00 sendmail: server [222.185.250.34] startup 16042 ? S 0:00 sendmail: server host013.acernautic.com [216.108.233.13] startup 16043 ? S 0:00 sendmail: server [61.172.244.215] startup
This isnt something to discuss on the SURBL list, but it looks like you either have a dictionary attack going on.
You could contact me offlist if you wanna send in more details.
If would suggest blocking with DSBL or something simillar on MTA level. Since sa lot of those seem to be open proxy's on dailup systems.
Bye, Raymond.