I recently set up an SMTP server for myself, and I get some traffic from two IP addresses and no one else (though for obvious reasons I will not specify the addresses here).
A sample session (which REALLY repeats EACH TIME) would be:
ESMTP Customer: HELO *. * Server: 250 Customer: AUTH LOGIN Server: 503 5.5.1 Error: Authentication not activated Customer: EXIT Server: 221 2.0.0 Bye
Why should the attacker continue to try this if LOGIN auth is clearly disabled?
Why would potential attackers use SMTP (if ESMTP is uniquely available) and what to do?
HELO *. * mean? (I know what the HELO command does)
As a reference, I get about every 15 minutes about an "attack".