Quote:
Originally Posted by kbp
What exactly do you mean by 'scanning' ? .. attempting to send mail ? Have a look at /var/log/maillog, see if the activity is initiated by sendmail.
cheers
|
It's apparently sending out requests. Our firewall is seeing this:
"Date" "Time" "Action" "Service" "Source" "Destination" "Protocol"
"18Feb2010" "21:16:56" "Drop" "smtp" "xx.xx.xx.xx" "fk-in-f27.1e100.net" "tcp"
"18Feb2010" "21:18:29" "Drop" "smtp" "xx.xx.xx.xx" "fk-in-f27.1e100.net" "tcp"
"18Feb2010" "21:20:05" "Drop" "smtp" "xx.xx.xx.xx" "mail-ew0-f60.google.com" "tcp"
"18Feb2010" "21:21:38" "Drop" "smtp" "xx.xx.xx.xx" "mail-ew0-f60.google.com" "tcp"
/var/log/maillog and the associated versions going back a few weeks are all zero bytes.
Sendmail is not in active processes and there is nothing in top that looks peculiar.