|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: large amounts of disconnects
From: Len Conrad (LConrad
Go2France.com)
Date: Mon Jan 01 2007 - 08:12:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>In last 2 weeks i am noticing enormous amounts of strange
>connections to mail server from all over the world. An example from logs:
"lost connection after" is perfectly normal for us. eg, for Sunday:
mx1# zegrep ": lost connection after " /var/log/maillog.[0].gz | awk
'{print $9}' | sort -f | uniq -ic | sort -rfgn | less
394391 RCPT
129629 EHLO
68807 CONNECT
2599 HELO
1820 DATA
1687 MAIL
519 RSET
102 NOOP
24 UNKNOWN
1 VRFY
1 QUIT
and for a weekday last week:
mx1# zegrep ": lost connection after " /var/log/maillog.[5].gz | awk
'{print $9}' | sort -f | uniq -ic | sort -rfgn | less
818589 RCPT
114880 CONNECT
100362 EHLO
2783 DATA
2195 HELO
2182 MAIL
522 RSET
159 NOOP
23 UNKNOWN
2 VRFY
1 QUIT
and for the 5.gz day:
mx1# zegrep -ic ": connect from" /var/log/maillog.[5].gz
2906441
mx1# zegrep -ic ": disconnect from" /var/log/maillog.[5].gz
2899136
Len
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]