[NTLUG:Discuss] Please Help me interpret some Mail Log Entries...

[Newsletters]

Cliff - NTLUG wrote:

|This to me seem's to be that someone made a connection to port 25 on the
|server and never did anything else, the connection simply timed out before
|the other side sent a message to you. If your getting it from just one ip
|address then it could be on their end. If your getting these from multiple
|IP addresses then you may want to review the setup of the SMTP program
|and/or review any firewall information.
|
|Cliff.

Hi Cliff,

No, Chris is right.  There is a lot of port scanning going on out on the
internet, as I see on both of my server logs.  It is amazing the amount
of traffic I still get logged on machines still running the Code Red
Worms trying to infect my machine  (Of course, apache dutifully issues
the error that command.com which was requested doesn't exist).  On my
ftp server I get a lot of connects, but nobody is so far transferring
files.  And I do know that there are a lot of spammers trying to find
yet another open mail port in which to bulk E-mail their spam for free
(and get the other guy in trouble).  So, yes, I have to stay vigilant
and keep watching to make certain that my Sendmail isn't relaying
messages (I think I'm safe as long as I don't see the dreaded
'stat=sent' statement in my logs with a to: address to somebody I don't
know), and also to make certain that my proftpd service hasn't been
cracked and become a warez site (I do watch the disk usage a lot).  So
far I think I'm OK, but I've got to keep a close watch on my servers.
~ It is tricky on the internet.

Regards...