I have noticied something unusual in my sendmail logs lately. I see hosts connecting to my machine, trying to guess legitimate email accounts by issuing an obscene amount of rcpt to: commands with random names. Example:
Nov 2 10:27:19 mail sendmail[4138]: hA2FRCL1004138: < -- RCPT To:elias@coccia.com
Nov 2 10:27:19 mail sendmail[4138]: hA2FRCL1004138: --- 550 5.1.1
elias@coccia.com... User unknown
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: < -- RCPT To:andreas@coccia.com
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: --- 550 5.1.1
andreas@coccia.com... User unknown
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: < -- RCPT To:dewey@coccia.com
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: --- 550 5.1.1 dewey @coccia.com... User unknown
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: < -- RCPT To:dalton@coccia.com
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: --- 550 5.1.1 dalton @coccia.com... User unknown
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: < -- RCPT To:access@coccia.com
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: --- 550 5.1.1 access @coccia.com... User unknown
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: < -- RCPT To:devin@coccia.com
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: --- 550 5.1.1 devin @coccia.com... User unknown
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: < -- RCPT To:francois@coccia.com
Nov 2 10:27:23 mail sendmail[4138]: hA2FRCL1004138: --- 550 5.1.1 francois @coccia.com... User unknown
And so on. They try an average of 30 usernames per session and even if they find legitimate accounts, the email transmission never takes place.
These connections are coming from everywhere. it has already been a week since I started noticing it. Any info will be appreciated