I see a constant parade of entries like this in exim_mainlog:
Obviously these are attacks against our email server. Is there anything else I can do, other than limit the number of max connections in the exim config? I've also switched on the new exim syntax error blocking in CSF. But how long can this sort of thing continue? We've seen this ever since I installed this new server back in October.
Code:
2013-12-19 04:41:15 SMTP connection from [202.164.47.101]:63433 (TCP/IP connection count = 51)
2013-12-19 04:41:15 SMTP connection from [91.150.70.52]:10056 (TCP/IP connection count = 52)
2013-12-19 04:41:15 SMTP connection from [122.167.40.0]:28753 lost
2013-12-19 04:41:15 SMTP connection from 36.65.2.109.rev.sfr.net [109.2.65.36]:63299 lost
2013-12-19 04:41:15 no IP address found for host static-dsl.nesma.net.sa (during SMTP connection from [85.129.205.35]:55490)
2013-12-19 04:41:15 SMTP connection from [82.80.164.41]:50177 (TCP/IP connection count = 51)
2013-12-19 04:41:15 SMTP connection from [88.215.44.129]:61336 (TCP/IP connection count = 52)
2013-12-19 04:41:15 no host name found for IP address 88.215.44.129
2013-12-19 04:41:15 SMTP connection from [2.146.82.74]:54857 (TCP/IP connection count = 53)
2013-12-19 04:41:15 no host name found for IP address 2.146.82.74
2013-12-19 04:41:15 SMTP connection from (00011ed8.fxzooterpion.us) [31.14.23.131]:53157 closed by QUIT
2013-12-19 04:41:15 no host name found for IP address 91.150.70.52
2013-12-19 04:41:16 SMTP connection from smtp-out.vclk.net [64.70.58.135]:29156 closed by QUIT
2013-12-19 04:41:16 SMTP connection from [89.91.237.135]:60371 (TCP/IP connection count = 52)
2013-12-19 04:41:16 no host name found for IP address 202.164.47.101
2013-12-19 04:41:16 SMTP connection from [101.59.153.182]:53997 (TCP/IP connection count = 53)
2013-12-19 04:41:16 no host name found for IP address 101.59.153.182
2013-12-19 04:41:16 SMTP connection from [173.184.61.186]:37823 (TCP/IP connection count = 54)
2013-12-19 04:41:16 SMTP call from h186.61.184.173.static.ip.windstream.net [173.184.61.186]:37823 dropped: too many syntax or protocol errors (last command was "Û.ÒrR{·¸Ý_"RStg¶?ZQ:àÈ=VÉÉW#qn[¶Ð!\»§Iå©:****æð_ó¹éEW}a¥å‡bù‚šì“ìPî¤`™ï")
2013-12-19 04:41:16 SMTP connection from [122.255.14.57]:2444 (TCP/IP connection count = 54)
2013-12-19 04:41:16 SMTP connection from [139.190.182.242]:17123 (TCP/IP connection count = 55)
2013-12-19 04:41:16 SMTP connection from [88.209.85.27]:21783 (TCP/IP connection count = 56)
2013-12-19 04:41:16 SMTP connection from [91.239.218.134]:48311 (TCP/IP connection count = 57)
2013-12-19 04:41:16 SMTP connection from [62.28.160.151]:55656 lost
2013-12-19 04:41:16 SMTP connection from [217.133.103.149]:50821 (TCP/IP connection count = 57)
2013-12-19 04:41:16 SMTP connection from ocs.co.id [202.169.35.82]:19153 lost
2013-12-19 04:41:16 SMTP connection from [113.169.35.235]:34844 (TCP/IP connection count = 57)
2013-12-19 04:41:16 SMTP connection from [111.240.25.98]:25178 (TCP/IP connection count = 58)Obviously these are attacks against our email server. Is there anything else I can do, other than limit the number of max connections in the exim config? I've also switched on the new exim syntax error blocking in CSF. But how long can this sort of thing continue? We've seen this ever since I installed this new server back in October.
