Hi everybody,
I'm getting the following report from logcheck from this morning at 4
up to now being repeated every 2:xx minutes.
Now, please notice the IP number is the local route to get to the
server to check mail (if I block it, 95% of my customers won't be able
to read mail nor see their web sites).
Seems to me like someone is trying to break this user's paswwd.
What do you think ?
How can I correct the "not issue MAIL/EXPN/VRFY/ETRN during connection
to MTA" ?
Feb 24 12:30:03 www sendmail[31012]: NOQUEUE: localhost [127.0.0.1] did
not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Feb 24 12:32:58 www in.qpopper[31132]: (v?) POP login by
user "adrianac" at (200.66.165.18) 200.66.165.18
Feb 24 12:34:01 www in.qpopper[31171]: (v?) POP login by
user "adrianac" at (200.66.165.18) 200.66.165.18
... and keeps going
Thanks in advance for your help
Jorge Ceballos
--