Milter-greylist

More curious than anything else, it doesn't seem to be an actual problem.

In /var/log/maillog, I see many instances of incoming failures that go on
for sometimes over an hour, at intervals of 1-6 seconds, like this example:

Nov  7 10:32:15 fcshome sendmail[29404]: uA7FW8Wx029404: [49.64.41.187] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Nov  7 10:32:15 fcshome sendmail[29406]: uA7FW90o029406: [49.64.41.187] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

this particular string went on for about a half hour. some are shorter,
some are longer. 

all the ones I've checked (using the host command) don't resolve.

As I have sendmail configured to drop such things they don't seem to
cause any actual problem, but since I see many sets of similar events
every day I wonder what's going on. Is this someone's spam engine gone
whacko, or someone trying to DOS me, or what?

Thanks in advance, Information welcome!

Fred
-- 
---- Fred Smith -- fredex@... -----------------------------
                         God made him who had no sin
                      to be sin for us, so that in him
                 we might become the righteousness of God."
--------------------------- Corinthians 5:21 ---------------------------------

On 2016-11-10 00:25, Fred Smith fredex@... 
[milter-greylist] wrote:
> More curious than anything else, it doesn't seem to be an actual 
> problem.
> 
> In /var/log/maillog, I see many instances of incoming failures that go 
> on
> for sometimes over an hour, at intervals of 1-6 seconds, like this 
> example:
> 
> Nov  7 10:32:15 fcshome sendmail[29404]: uA7FW8Wx029404:
> [49.64.41.187] did not issue MAIL/EXPN/VRFY/ETRN during connection to
> MTA
> Nov  7 10:32:15 fcshome sendmail[29406]: uA7FW90o029406:
> [49.64.41.187] did not issue MAIL/EXPN/VRFY/ETRN during connection to
> MTA
> 
> this particular string went on for about a half hour. some are shorter,
> some are longer.
> 
> all the ones I've checked (using the host command) don't resolve.
> 
> As I have sendmail configured to drop such things they don't seem to
> cause any actual problem, but since I see many sets of similar events
> every day I wonder what's going on. Is this someone's spam engine gone
> whacko, or someone trying to DOS me, or what?
> 
> Thanks in advance, Information welcome!

This happens when the client hasn't issued any commands. May be a
scanning, grabbing your banner etc. but also seen from monitoring tools 
(nagios, monit).

Ciao!

Fred Smith fredex@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> [49.64.41.187] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Probably a network scanner, perhaps a bot looking for a vulnerable
service.
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...