The logs on my mail server are filling up with this kind of thing: Oct 19 17:03:51 bnofmail kernel: REJECT: IN=eth0 OUTMAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=195.140.240.6 DST=XX.XX.XX.XX LEN=189 TOS=0x00 PREC=0x00 TTL=52 ID=6284 DF PROTO=TCP SPT=25 DPT=32776 WINDOW=65535 RES=0x00 ACK PSH URGP=0 The source port is always 25 and the destination is a high-numbered port. The destination address is the private IP of the server. These seem to be related to outgoing email connections based on the source IPs, but I don't know why they are not part of an established connection. The mail server seems to be running just fine regardless of these blocked connections. Any ideas? -- Bowie
Bowie Bailey wrote on Mon, 19 Oct 2009 17:18:16 -0400:> The destination address is the private IP of the server. These > seem to be related to outgoing email connections based on the source > IPsIs 195.140.240.6 the public IP of that machine? Why do you obfuscate a private IP number? Do you want to say that these are internal mail server connections? If not, the explanation about the IP numbers doesn't make sense to me. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
On Monday 19 October 2009 17:18, Bowie Bailey wrote:> The logs on my mail server are filling up with this kind of thing: > > Oct 19 17:03:51 bnofmail kernel: REJECT: IN=eth0 OUT> MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=195.140.240.6 > DST=XX.XX.XX.XX LEN=189 TOS=0x00 PREC=0x00 TTL=52 ID=6284 DF PROTO=TCP > SPT=25 DPT=32776 WINDOW=65535 RES=0x00 ACK PSH URGP=0 > > The source port is always 25 and the destination is a high-numbered > port. The destination address is the private IP of the server. These > seem to be related to outgoing email connections based on the source > IPs, but I don't know why they are not part of an established > connection. The mail server seems to be running just fine regardless of > these blocked connections. > > Any ideas?Are you running a mixed firewall rule set? Stateful and Connection or just one or the other? Since you state a private address, I'm going to assume you mean something in the 192.168 or similar space, is NATting an issue? -- Regards Robert Linux User #296285 http://counter.li.org