Over the last couple of days I've seen aprox. 150K lines in the log file like this
They've originated from aprox. 25K different IP addresses.
What would be the use of these? A slow DOS? Finding a bug in Exim 4.83?
Anyone else facing the same type of 'attack'? What would you recommend in blocking these attempts?
Adding these 25K IP addresses to the firewall would be a nightmare...
Code:
2014-08-07 15:20:06 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=cpe-74-65-96-183.stny.res.rr.com [74.65.96.183] input="Vaejpty37CHNRWbglqvz49DINRWbglrw059EINSWbglrv15AFKPTYdhmrw16BGLPVZeiosx27CHLQVaejpty37CINSXchlrv049EINSXcgmrw16BFKPTYdhmrw16BHLQUZdiosx16BGLQUZejoty27"They've originated from aprox. 25K different IP addresses.
What would be the use of these? A slow DOS? Finding a bug in Exim 4.83?
Anyone else facing the same type of 'attack'? What would you recommend in blocking these attempts?
Adding these 25K IP addresses to the firewall would be a nightmare...
