Just noticed the following entries in today's log. First some port scanning:
03:12 09:00 SMTPD(002D022E) [194.129.109.34] connect 218.25.142.7 port 4728 03:12 09:00 SMTPD(001D0242) [194.129.109.34] connect 218.25.142.7 port 4730 03:12 09:00 SMTPD(001B020E) [194.129.109.34] connect 218.25.142.7 port 4731 03:12 09:00 SMTPD(0023025E) [194.129.109.34] connect 218.25.142.7 port 4733 03:12 09:00 SMTPD(001001D2) [194.129.109.34] connect 218.25.142.7 port 4734 03:12 09:00 SMTPD(00270272) [194.129.109.34] connect 218.25.142.7 port 4735 and then something else which I'm not sure about. 03:12 09:00 SMTPD(1DE400D0) [218.25.142.7] EHLO second 03:12 09:00 SMTPD(0187014C) [218.25.142.7] EHLO second 03:12 09:00 SMTPD(1F26013A) [218.25.142.7] EHLO second 03:12 09:00 SMTPD(00A800FA) [218.25.142.7] EHLO second 03:12 09:00 SMTPD(340600C2) [0.0.0.0] connect 218.25.142.7 port 4351 03:12 09:00 SMTPD(340600C2) send error 10054 03:12 09:00 SMTPD(340700C2) [0.0.0.0] connect 218.25.142.7 port 4352 03:12 09:00 SMTPD(340700C2) send error 10054 03:12 09:00 SMTPD(340800C2) [0.0.0.0] connect 218.25.142.7 port 4369 03:12 09:00 SMTPD(340800C2) send error 10054 03:12 09:00 SMTPD(340900C2) [0.0.0.0] connect 218.25.142.7 port 4353 03:12 09:00 SMTPD(340900C2) send error 10054 03:12 09:00 SMTPD(340900C2) send error 10054 This is from an IP address registered in China so I'm blocking their IP range until I find out what is going on here. I'm using "no mail relay" and SMTP AUTH. Any ideas anyone? Allen Thompson To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
