Noticed that I had a host that was pounding the server after a drop in one
of my helo ACL checks.
2003-07-29 13:54:35 H=12-254-182-31.client.attbi.com [12.254.182.31]
rejected EHLO or HELO 209.114.190.200: HELO of this system's IP
2003-07-29 13:54:36 H=12-254-182-31.client.attbi.com [12.254.182.31]
rejected EHLO or HELO 209.114.190.200: HELO of this system's IP
2003-07-29 13:54:38 H=12-254-182-31.client.attbi.com [12.254.182.31]
rejected EHLO or HELO 209.114.190.200: HELO of this system's IP
2003-07-29 13:54:39 H=12-254-182-31.client.attbi.com [12.254.182.31]
rejected EHLO or HELO 209.114.190.200: HELO of this system's IP
More than 1000 of them...
Apparently, they are just reconnecting?
The ACL is...
# Don't HELO with my IP!!!
drop message = You may not use an HELO of this system's IP
address
condition = ${if
eq{$sender_helo_name}{209.114.190.200}{yes}{no}}
Other than blocking that IP, is there another way to deal with this? I've
seen this now several times on different IP's.
