Greetings,

i just wondered if anyone can help me out with a possible incident / DOS.
for the past 10 hours or so i have been getting sendmail log entries like.
....
Mar 27 06:30:19 hostname sendmail[690]: NOQUEUE:
host*-*-*-*.in-addr.btopenworld.com [*.*.*.*] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Mar 27 06:31:29 hostname sendmail[752]: NOQUEUE:
host*-*-*-*.in-addr.btopenworld.com [*.*.*.*] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Mar 27 06:32:39 hostname sendmail[792]: NOQUEUE:
host*-*-*-*.in-addr.btopenworld.com [*.*.*.*] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Mar 27 06:33:49 hostname sendmail[834]: NOQUEUE:
host*-*-*-*.in-addr.btopenworld.com [*.*.*.*] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Mar 27 06:34:59 hostname sendmail[896]: NOQUEUE:
host*-*-*-*.in-addr.btopenworld.com [*.*.*.*] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
.... continuous ......

they are happening every 1 min and 10 seconds roughly and as i said been
going on for about 10-12 hours.

I would run a whois on btopenworld.com and if you don't have legitimate need to talk to them block connections to/from their ip address. It may not be malicious but they obviously have a problem with their server.

now its more than one

a "ps -ax" shows

28667 ? S 0:00 sendmail: server n20.grp.scd.yahoo.com [66.218.66.76] cmd read
28710 ? S 0:00 sendmail: server [196.1.142.222] child wait
28717 ? S 0:00 sendmail: server [219.95.161.138] cmd read
28837 ? S 0:00 sendmail: startup with 24-193-160-236.nyc.rr.com
28839 ? S 0:00 sendmail: startup with scorpion.postdirect.com
28840 ? S 0:00 sendmail: server [203.190.128.135] child wait
28843 ? S 0:01 sendmail: ./hB2HxB528686: from queue
28848 ? S 0:00 sendmail: startup with ti211310a080-2221.bb.online.no
28856 ? S 0:00 sendmail: startup with [211.212.14.76]


and it goes over 255 connections