Dear list members, as we only run a dial up mailserver I'm not very experienced with security issues. So it got me by surprise to find this in my /var/log/mail: Oct 31 17:15:50 kbsvr07x sendmail[26682]: NOQUEUE: h-62.96.138.42.user.addcom.de [62.96.138.42] (may be forged): HELO/EHLO attack? Oct 31 17:15:51 kbsvr07x sendmail[26682]: NOQUEUE: Null connection from h-62.96.138.42.user.addcom.de [62.96.138.42] (may be forged) What does it mean? I run tripwire regularly, it does not show anything unusual, neither do my other logfiles. Normally I have the mailserver connecting our ISP at this time to fetch mail, so the dial-up connection was correctly initiated. Dial in is disabled. I ran nslookup at the given address, the hostname fits it, the information in whois database don't tell me anything I can find useful. Thank you for the answers Greetings VOlker