Could someone explain whats happening or whether undetected outbound traffic is going through postfix/smtp

[Maple]

HostA is:
internal mailhost,
CNAME of ns.example.com and 
a fresh install of:
Fedora Core 8
Firestarter w open ports 53, 80, closed 25, filtered 587, 3306
amavisd, spamassasin, etc.
Postfix w/ TLS, SASLAUTH, and only submission in master.cf
Only one user account

There are no entries in syslog, secure, audit, or maillog alerting about
sessions for 58.55.12.123, 190-50-124-109, 222.162.134.199, etc.

netstat, lsof, nnmap, iptables, etc. do not show open/listening ports
other than configured open ports.

hostA scanned from outside network do not show open ports.

Yet, using tcpdump there appears to be traffic dst port 25. How do I
troubleshoot to find hole that allows smtp traffic?

[EMAIL PROTECTED] ~]# tcpdump dst port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:29:39.833622 IP 58.55.12.123.4493 > hostA.example.com.smtp: S
1223686926:1223686926(0) win 16384 <mss 1440,nop,nop,sackOK>
18:29:43.104312 IP 58.55.12.123.4493 > hostA.example.com.smtp: S
1223686926:1223686926(0) win 16384 <mss 1440,nop,nop,sackOK>
18:29:49.652882 IP 58.55.12.123.4493 > hostA.example.com.smtp: S
1223686926:1223686926(0) win 16384 <mss 1440,nop,nop,sackOK>
18:30:03.791511 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: S 729051831:729051831(0) win 65535 <mss
1440,nop,wscale 0,nop,nop,sackOK>
18:30:04.254891 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: . ack 435012380 win 65535
18:30:06.003350 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: . ack 28 win 65508
18:30:06.301533 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: P 0:35(35) ack 28 win 65508
18:30:06.752339 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: . ack 49 win 65487
18:30:07.116750 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: P 35:67(32) ack 49 win 65487
18:30:07.580371 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: . ack 63 win 65473
18:30:07.921756 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: P 67:103(36) ack 63 win 65473
18:30:08.345567 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: . ack 140 win 65396
18:30:08.806004 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: P 103:109(6) ack 140 win 65396
18:30:09.147135 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: . ack 156 win 65381
18:30:09.153795 IP 190-50-124-109.speedy.com.ar.screencast >
ns.example.com.smtp: F 109:109(0) ack 156 win 65381
18:30:46.727189 IP 222.162.134.199.tapeware > hostA.example.com.smtp: S
2476760398:2476760398(0) win 64800 <mss 1440,nop,nop,sackOK>
18:30:49.831556 IP 222.162.134.199.tapeware > hostA.example.com.smtp: S
2476760398:2476760398(0) win 64800 <mss 1440,nop,nop,sackOK>
18:30:52.208057 IP 163.180.130.99.surveyinst > ns.example.com.smtp: S
1324864061:1324864061(0) win 16384 <mss 1460,nop,nop,sackOK>
18:30:52.384717 IP 163.180.130.99.surveyinst > ns.example.com.smtp: .
ack 1189490064 win 1460
18:30:53.550460 IP 163.180.130.99.surveyinst > ns.example.com.smtp: .
ack 28 win 17493
18:30:53.802689 IP 163.180.130.99.surveyinst > ns.example.com.smtp: P
0:15(15) ack 28 win 17493
18:30:54.100565 IP 163.180.130.99.surveyinst > ns.example.com.smtp: .
ack 142 win 17379
18:30:54.804252 IP 163.180.130.99.surveyinst > ns.example.com.smtp: P
15:88(73) ack 142 win 17379
18:30:55.195768 IP 163.180.130.99.surveyinst > ns.example.com.smtp: .
ack 271 win 17250
18:30:55.303963 IP 163.180.130.99.surveyinst > ns.example.com.smtp: F
88:88(0) ack 271 win 17250
18:30:55.482087 IP 163.180.130.99.surveyinst > ns.example.com.smtp: .
ack 272 win 17250
18:30:55.797787 IP 222.162.134.199.tapeware > hostA.example.com.smtp: S
2476760398:2476760398(0) win 64800 <mss 1440,nop,nop,sackOK>
18:31:04.455971 IP 163.180.130.99.krb5gatekeeper > ns.example.com.smtp:
S 1421630867:1421630867(0) win 16384 <mss 1460,nop,nop,sackOK>
18:31:04.628559 IP 163.180.130.99.krb5gatekeeper >
ns.example.com.smtp: . ack 1374260047 win 1460
18:31:05.030708 IP 163.180.130.99.krb5gatekeeper >
ns.example.com.smtp: . ack 28 win 17493
18:31:05.622120 IP 163.180.130.99.krb5gatekeeper > ns.example.com.smtp:
P 0:15(15) ack 28 win 17493
18:31:06.014558 IP 163.180.130.99.krb5gatekeeper >
ns.example.com.smtp: . ack 142 win 17379
18:31:06.647155 IP 163.180.130.99.krb5gatekeeper > ns.example.com.smtp:
P 15:93(78) ack 142 win 17379
18:31:07.004928 IP 163.180.130.99.krb5gatekeeper >
ns.example.com.smtp: . ack 271 win 17250
18:31:07.130454 IP 163.180.130.99.krb5gatekeeper > ns.example.com.smtp:
F 93:93(0) ack 271 win 17250
18:31:07.314074 IP 163.180.130.99.krb5gatekeeper >
ns.example.com.smtp: . ack 272 win 17250
18:31:07.835731 IP 222.162.134.199.4611 > ns.example.com.smtp: S
3872927950:3872927950(0) win 64800 <mss 1440,nop,nop,sackOK>
18:31:08.108249 IP 222.162.134.199.4611 > ns.example.com.smtp: . ack
1427428045 win 64800
18:31:08.720372 IP 222.162.134.199.4611 > ns.example.com.smtp: P
0:22(22) ack 28 win 64773
18:31:09.015259 IP 222.162.134.199.4611 > ns.example.com.smtp: P
22:52(30) ack 49 win 64752
18:31:09.348249 IP 222.162.134.199.4611 > ns.example.com.smtp: P
52:85(33) ack 63 win 64738
18:31:09.625282 IP 222.162.134.199.4611 > ns.example.com.smtp: P
85:122(37) ack 141 win 64660
18:31:09.891347 IP 222.162.134.199.4611 > ns.example.com.smtp: P
122:164(42) ack 219 win 64582
18:31:10.180382 IP 222.162.134.199.4611 > ns.example.com.smtp: P
164:170(6) ack 297 win 64504
18:31:10.490487 IP 222.162.134.199.4611 > ns.example.com.smtp: . ack 297
win 64504
18:31:10.492312 IP 222.162.134.199.4611 > ns.example.com.smtp: . ack 313
win 64489
18:31:10.497707 IP 222.162.134.199.4611 > ns.example.com.smtp: F
170:170(0) ack 313 win 64489
18:31:16.633315 IP 163.180.130.99.piccolo > ns.example.com.smtp: S
1964183136:1964183136(0) win 16384 <mss 1460,nop,nop,sackOK>
18:31:16.807770 IP 163.180.130.99.piccolo > ns.example.com.smtp: . ack
1575136787 win 1460
18:31:17.019470 IP 163.180.130.99.piccolo > ns.example.com.smtp: . ack 1
win 17520
18:31:17.019862 IP 163.180.130.99.piccolo > ns.example.com.smtp: . ack
77 win 17445
18:31:17.296811 IP 163.180.130.99.piccolo > ns.example.com.smtp: F
0:0(0) ack 77 win 17445
18:31:28.866905 IP 163.180.130.99.tftps > ns.example.com.smtp: S
85746731:85746731(0) win 16384 <mss 1460,nop,nop,sackOK>
18:31:29.048935 IP 163.180.130.99.tftps > ns.example.com.smtp: . ack
1766009398 win 1460
18:31:29.247919 IP 163.180.130.99.tftps > ns.example.com.smtp: . ack 1
win 17520
18:31:29.361331 IP 163.180.130.99.tftps > ns.example.com.smtp: . ack 77
win 17445
18:31:29.391481 IP 68-185-227-107.dhcp.slid.la.charter.com.57074 >
hostA.example.com.smtp: S 3894333381:3894333381(0) win 24000 <mss 536>
18:31:29.541639 IP 163.180.130.99.tftps > ns.example.com.smtp: F 0:0(0)
ack 77 win 17445
18:31:32.101725 IP 68-185-227-107.dhcp.slid.la.charter.com.57074 >
hostA.example.com.smtp: S 3894333381:3894333381(0) win 24000 <mss 536>
18:31:34.899366 IP 68-185-227-107.dhcp.slid.la.charter.com.57074 >
hostA.example.com.smtp: S 3894333381:3894333381(0) win 24000 <mss 536>
18:31:37.699593 IP 68-185-227-107.dhcp.slid.la.charter.com.57074 >
hostA.example.com.smtp: S 3894333381:3894333381(0) win 24000 <mss 536>
18:31:40.355724 IP 68-185-227-107.dhcp.slid.la.charter.com.57074 >
hostA.example.com.smtp: S 3894333381:3894333381(0) win 24000 <mss 536>
18:31:41.401703 IP 163.180.130.99.re101 > ns.example.com.smtp: S
1739392462:1739392462(0) win 16384 <mss 1460,nop,nop,sackOK>
18:31:41.571834 IP 163.180.130.99.re101 > ns.example.com.smtp: . ack
1950767776 win 1460
18:31:41.743894 IP 163.180.130.99.re101 > ns.example.com.smtp: . ack 1
win 17520
18:31:41.744279 IP 163.180.130.99.re101 > ns.example.com.smtp: . ack 77
win 17445
18:31:42.066758 IP 163.180.130.99.re101 > ns.example.com.smtp: F 0:0(0)
ack 77 win 17445
18:31:43.130461 IP 68-185-227-107.dhcp.slid.la.charter.com.57074 >
hostA.example.com.smtp: S 3894333381:3894333381(0) win 24000 <mss 536>
18:31:45.897983 IP 68-185-227-107.dhcp.slid.la.charter.com.57074 >
hostA.example.com.smtp: S 3894333381:3894333381(0) win 24000 <mss 536>
18:31:46.320444 IP 68-185-227-107.dhcp.slid.la.charter.com.57438 >
ns.example.com.smtp: S 4020436507:4020436507(0) win 24000 <mss 536>
18:31:46.575588 IP 68-185-227-107.dhcp.slid.la.charter.com.57438 >
ns.example.com.smtp: . ack 2030086609 win 24000
18:31:48.620151 IP 68-185-227-107.dhcp.slid.la.charter.com.57438 >
ns.example.com.smtp: . ack 28 win 24000
18:31:48.623443 IP 68-185-227-107.dhcp.slid.la.charter.com.57438 >
ns.example.com.smtp: P 0:46(46) ack 28 win 24000
18:31:48.751536 IP 68-185-227-107.dhcp.slid.la.charter.com.57438 >
ns.example.com.smtp: . ack 142 win 24000
18:31:48.756914 IP 68-185-227-107.dhcp.slid.la.charter.com.57438 >
ns.example.com.smtp: P 46:118(72) ack 142 win 24000
18:31:50.004732 IP 68-185-227-107.dhcp.slid.la.charter.com.57438 >
ns.example.com.smtp: . ack 272 win 24000
18:31:50.007440 IP 68-185-227-107.dhcp.slid.la.charter.com.57438 >
ns.example.com.smtp: R 118:118(0) ack 272 win 24000
18:31:54.066754 IP 163.180.130.99.btprjctrl > ns.example.com.smtp: S
812406913:812406913(0) win 16384 <mss 1460,nop,nop,sackOK>
18:31:54.253064 IP 163.180.130.99.btprjctrl > ns.example.com.smtp: . ack
2145129544 win 1460
18:31:54.582838 IP 163.180.130.99.btprjctrl > ns.example.com.smtp: . ack
28 win 17493
18:31:55.253303 IP 163.180.130.99.btprjctrl > ns.example.com.smtp: P
0:15(15) ack 28 win 17493
18:31:55.671477 IP 163.180.130.99.btprjctrl > ns.example.com.smtp: . ack
142 win 17379
18:31:56.246375 IP 163.180.130.99.btprjctrl > ns.example.com.smtp: P
15:102(87) ack 142 win 17379
18:31:56.657210 IP 163.180.130.99.btprjctrl > ns.example.com.smtp: . ack
271 win 17250
18:31:56.750732 IP 163.180.130.99.btprjctrl > ns.example.com.smtp: F
102:102(0) ack 271 win 17250
18:31:56.924318 IP 163.180.130.99.btprjctrl > ns.example.com.smtp: . ack
272 win 17250
18:32:06.726061 IP 163.180.130.99.4219 > ns.example.com.smtp: S
2569170962:2569170962(0) win 16384 <mss 1460,nop,nop,sackOK>
18:32:06.898067 IP 163.180.130.99.4219 > ns.example.com.smtp: . ack
2357258692 win 1460
18:32:07.259760 IP 163.180.130.99.4219 > ns.example.com.smtp: . ack 28
win 17493
18:32:07.886631 IP 163.180.130.99.4219 > ns.example.com.smtp: P 0:15(15)
ack 28 win 17493
18:32:08.245270 IP 163.180.130.99.4219 > ns.example.com.smtp: . ack 142
win 17379
18:32:08.883877 IP 163.180.130.99.4219 > ns.example.com.smtp: P
15:94(79) ack 142 win 17379
18:32:09.225524 IP 163.180.130.99.4219 > ns.example.com.smtp: . ack 271
win 17250
18:32:09.381537 IP 163.180.130.99.4219 > ns.example.com.smtp: F 94:94(0)
ack 271 win 17250
18:32:09.556998 IP 163.180.130.99.4219 > ns.example.com.smtp: . ack 272
win 17250
18:32:19.351143 IP 163.180.130.99.utcd > ns.example.com.smtp: S
2295731268:2295731268(0) win 16384 <mss 1460,nop,nop,sackOK>
18:32:19.514609 IP 163.180.130.99.utcd > ns.example.com.smtp: . ack
2547389691 win 1460
18:32:19.688590 IP 163.180.130.99.utcd > ns.example.com.smtp: . ack 1
win 17520
18:32:19.688980 IP 163.180.130.99.utcd > ns.example.com.smtp: . ack 77
win 17445
18:32:20.018737 IP 163.180.130.99.utcd > ns.example.com.smtp: F 0:0(0)
ack 77 win 17445
18:32:31.912643 IP 163.180.130.99.nati-logos > ns.example.com.smtp: S
113908704:113908704(0) win 16384 <mss 1460,nop,nop,sackOK>
18:32:32.072229 IP 163.180.130.99.nati-logos > ns.example.com.smtp: .
ack 2747008718 win 1460
18:32:32.235163 IP 163.180.130.99.nati-logos > ns.example.com.smtp: .
ack 1 win 17520
18:32:32.235541 IP 163.180.130.99.nati-logos > ns.example.com.smtp: .
ack 77 win 17445
18:32:32.566056 IP 163.180.130.99.nati-logos > ns.example.com.smtp: F
0:0(0) ack 77 win 17445
18:33:41.003225 IP 163.180.130.99.4797 > ns.example.com.smtp: S
320257738:320257738(0) win 16384 <mss 1460,nop,nop,sackOK>
18:33:41.156686 IP 163.180.130.99.4797 > ns.example.com.smtp: . ack
3844995826 win 1460
18:33:41.653197 IP 163.180.130.99.4797 > ns.example.com.smtp: . ack 28
win 17493
18:33:42.158426 IP 163.180.130.99.4797 > ns.example.com.smtp: P 0:15(15)
ack 28 win 17493
18:33:42.524928 IP 163.180.130.99.4797 > ns.example.com.smtp: . ack 142
win 17379
18:33:43.166656 IP 163.180.130.99.4797 > ns.example.com.smtp: P
15:101(86) ack 142 win 17379
18:33:43.618254 IP 163.180.130.99.4797 > ns.example.com.smtp: . ack 271
win 17250
18:33:43.667473 IP 163.180.130.99.4797 > ns.example.com.smtp: F
101:101(0) ack 271 win 17250
18:33:43.838591 IP 163.180.130.99.4797 > ns.example.com.smtp: . ack 272
win 17250
18:33:55.429738 IP 163.180.130.99.rusb-sys-port > ns.example.com.smtp: S
124271277:124271277(0) win 16384 <mss 1460,nop,nop,sackOK>
18:33:55.590967 IP 163.180.130.99.rusb-sys-port > ns.example.com.smtp: .
ack 4061804033 win 1460
18:33:55.973455 IP 163.180.130.99.rusb-sys-port > ns.example.com.smtp: .
ack 28 win 17493
18:33:56.578822 IP 163.180.130.99.rusb-sys-port > ns.example.com.smtp: P
0:15(15) ack 28 win 17493
18:33:57.069748 IP 163.180.130.99.rusb-sys-port > ns.example.com.smtp: .
ack 142 win 17379
18:33:57.585733 IP 163.180.130.99.rusb-sys-port > ns.example.com.smtp: P
15:102(87) ack 142 win 17379
18:33:58.051462 IP 163.180.130.99.rusb-sys-port > ns.example.com.smtp: .
ack 271 win 17250
18:33:58.082764 IP 163.180.130.99.rusb-sys-port > ns.example.com.smtp: F
102:102(0) ack 271 win 17250
18:33:58.244102 IP 163.180.130.99.rusb-sys-port > ns.example.com.smtp: .
ack 272 win 17250
18:34:09.900000 IP 163.180.130.99.dx-instrument > ns.example.com.smtp: S
1892578179:1892578179(0) win 16384 <mss 1460,nop,nop,sackOK>
18:34:10.065217 IP 163.180.130.99.dx-instrument > ns.example.com.smtp: .
ack 4293363610 win 1460
18:34:10.232171 IP 163.180.130.99.dx-instrument > ns.example.com.smtp: .
ack 1 win 17520
18:34:10.233379 IP 163.180.130.99.dx-instrument > ns.example.com.smtp: .
ack 77 win 17445
18:34:10.554442 IP 163.180.130.99.dx-instrument > ns.example.com.smtp: F
0:0(0) ack 77 win 17445
18:34:24.340247 IP 163.180.130.99.argis-ds > ns.example.com.smtp: S
1553230625:1553230625(0) win 16384 <mss 1460,nop,nop,sackOK>
18:34:24.512181 IP 163.180.130.99.argis-ds > ns.example.com.smtp: . ack
229795912 win 1460
18:34:24.686661 IP 163.180.130.99.argis-ds > ns.example.com.smtp: . ack
1 win 17520
18:34:24.687033 IP 163.180.130.99.argis-ds > ns.example.com.smtp: . ack
77 win 17445
18:34:25.012267 IP 163.180.130.99.argis-ds > ns.example.com.smtp: F
0:0(0) ack 77 win 17445
18:34:38.888062 IP 163.180.130.99.4181 > ns.example.com.smtp: S
1808086271:1808086271(0) win 16384 <mss 1460,nop,nop,sackOK>
18:34:39.053577 IP 163.180.130.99.4181 > ns.example.com.smtp: . ack
448337406 win 1460
18:34:39.239404 IP 163.180.130.99.4181 > ns.example.com.smtp: . ack 1
win 17520
18:34:39.239790 IP 163.180.130.99.4181 > ns.example.com.smtp: . ack 77
win 17445
18:34:39.544254 IP 163.180.130.99.4181 > ns.example.com.smtp: F 0:0(0)
ack 77 win 17445