On 7/25/12, Chris Knadle <Chris.Knadle@???> wrote: > What I don't understand about this particular situation is that the IP
> address of the attacker is in the RFC 1918 private IP address range (192.168.x.x)
> which would make it seem like the attacker is on the local LAN (or via VPN).
Looking at my own logs with such attacks, the value in the bracket
appears to be just the name/address provided by the attacker during
HELO.
