* Boris Kimel (IOC) (bobk@ioc.ac.ru) [030602 10:14]:
I've googled for those and found some situations involving port scans etc. But here we get the messages every second so this should be a DoS attempt. Am I right? What is the medicine?
Possibly just a spammer trying to get usernames. Just block the ip with iptables or tcpwrappers.
-ckm
If the spammer has dial-up or dsl-connection he/she may possibly have another ip next time, instead block the fdqn of the smtp, if he has one (if he/she has dyn-dns). This can be done in /etc/hosts.deny! Anyway, why does everybody run sendmail instead of postfix (8.x comes with postfix as default MTA)? Within postfix you can set a maximum of messages per IP within a defined timetable. Postfix has got more effective ways to get rid of spam, abuse, hackattempts and runs chrooted as well (I didn't find anything like that in sendmail). Not to mention the fine routing functions, smarthost, amavis-integration, virtual maps (forwarding stuff) and further on ... Philippe P.S.: I run qmail or postfix on my/our servers (it's not a question of faith but of security).