Rodolfo Alcazar Portillo wrote:
Back to munging the lots and figuring out the attacking IP addresses, etc as I outlined already.
Already tried, but unsuccessful. rbl running. http://www.padep.org.bo/log20080325/checks/ips_by_attempt
That doesn't look too flash, the 10.x.x.x addresses shouldn't be coming in from outside your network.
Do not use the headers from the email, just the info in your logs.
Have a look at how logwatch summarises the info for hints.