Dealing with SMTP invalid command attack

Posted by mark on Server Fault See other posts from Server Fault or by mark
Published on 2012-09-03T16:47:06Z Indexed on 2012/09/03 21:39 UTC
Read the original article Hit count: 228

Filed under:
|
|
|

One of our semi-busy mail servers (sendmail) has had a lot of inbound connections over the past few days from hosts that are issuing garbage commands.

In the past two days:

  • incoming smtp connections with invalid commands from 39,000 unique IPs
  • the IPs come from various ranges all over the world, not just a few networks that I can block
  • the mail server serves users throughout north america, so I can't just block connections from unknown IPs
  • sample bad commands: http://pastebin.com/4QUsaTXT

I am not sure what someone is trying to accomplish with this attack, besides annoy me.

any ideas what this is about, or how to effectively deal with it?

© Server Fault or respective owner

Related posts about linux

Related posts about security