Over the past two days, one of my servers has been getting connections from ns.suse.de attempting to send mail to strange addresses in my domain. For instance: Mar 11 09:56:38 shadow postfix/smtpd[17219]: connect from ns.suse.de[195.135.220.2] Mar 11 09:56:38 shadow postfix/smtpd[17219]: 9AED41E4F2: client=ns.suse.de[195.135.220.2] Mar 11 09:56:39 shadow postfix/smtpd[17219]: 9AED41E4F2: reject: RCPT from ns.suse.de[195.135.220.2]: 450 <20040203131322.ckkgoccks8owc80s@rio.vg>: User unknown in local recipient table; from=<> to=<20040203131322.ckkgoccks8owc80s@rio.vg> proto=ESMTP helo=<Cantor.suse.de> Mar 11 09:56:41 shadow postfix/smtpd[17219]: disconnect from ns.suse.de[195.135.220.2] As "ns.x.x" is generally the nameserver, I assume that SuSE would be running linux on such a server. Over the past two days, I have recieved over a dozen of these attempts. I've sent an e-mail to security@suse.com and abuse@suse.com, but I thought it might be wise to also give a heads up to the list. Is anyone else getting these connections? Has ns.suse.de been owned by nefarious parties? Or is this some new exploit in postfix or even a linux worm?