Every 15 minutes, 24/7 I get the following connection to my mail router.

Mon 2007-05-07 12:59:59: Session 1057; child 1; thread 3324
Mon 2007-05-07 12:59:48: Accepting SMTP connection from [195.157.130.161 : 41779]
Mon 2007-05-07 12:59:48: Performing PTR lookup (161.130.157.195.IN-ADDR.ARPA)
Mon 2007-05-07 12:59:48: * Error: Name server reports domain name unknown
Mon 2007-05-07 12:59:48: * No PTR records found
Mon 2007-05-07 12:59:48: ---- End PTR results
Mon 2007-05-07 12:59:48: --> 220 all-one-word.com ESMTP MDaemon 9.5.2; Mon, 07 May 2007 12:59:48 +0100
Mon 2007-05-07 12:59:49: <-- EHLO titian.gsb.co.uk
Mon 2007-05-07 12:59:49: Performing IP lookup (titian.gsb.co.uk)
Mon 2007-05-07 12:59:49: * Error: Name server reports domain name unknown
Mon 2007-05-07 12:59:49: ---- End IP lookup results
Mon 2007-05-07 12:59:49: EHLO/HELO response delayed 10 seconds
Mon 2007-05-07 12:59:59: --> 250-all-one-word.com Hello titian.gsb.co.uk, pleased to meet you
Mon 2007-05-07 12:59:59: --> 250-ETRN
Mon 2007-05-07 12:59:59: --> 250-AUTH=LOGIN
Mon 2007-05-07 12:59:59: --> 250-AUTH LOGIN CRAM-MD5
Mon 2007-05-07 12:59:59: --> 250-8BITMIME
Mon 2007-05-07 12:59:59: --> 250 SIZE 0
Mon 2007-05-07 12:59:59: Connection closed
Mon 2007-05-07 12:59:59: SMTP session terminated (Bytes in/out: 23/218)

That IP relates to Granada Sky Broadcasting Ltd. Not sure if this is Sky itself. I don't have any internet stuff with them and I don't recall ever giving them an email address. There are never any attempts to send anything, it's always just the same as above.

The 161 IP is the University of Missouri-Columbia? wtf?

Any idea what's happening there?

ETRN is a command/request to deliver stored email on the destination server to the source domain (titian.gsb.co.uk in this case). It is odd that you're seeing it, only thing I can suggest is contact the webmaster and see what the crack is.

I've already done that a few days ago with no reply. It's not hurting me, it's just annoying :(

At a guess I'd say their box on that IP is hacked. *checks whois for abuse details*

Oh bollocks...Thats one of our customers ;D
Send an abuse e-mail in to abuse@netscalibur.co.uk containing those logs, and include details of frequency of such attempts, tell me the ticket number and I'll make sure the abuse team investigates. Thats not equipment NOC have any responsibility, looks like its hung on the end of a leased line, but our abuse team will be able to get in contact with a proper tech contact at there end.

lol
Email sent, I'll let you know a ticket number as and when I get it, ta.

No reply to the mail I sent to that abuse address :(

No reply to the mail I sent to that abuse address :(

Gah.. chuck one to abuse@uk.clara.net you'll get an automatic ticket response from our ticketing system. I'll do some checks tomorrow and see if I can trace abuse tickets through from the netscalibur domain. ITs supposed to forward to the ticketing system but obviously something has gone tits up. *sigh*

Did that this morning, got a reply but there was no number on it, just a generic autoreply..

I've knocked up a ticket myself, I'll keep an eye on it and chase the team tomorrow