Hi Mike,
>I suspect that what we are seeing is some form of syn requests
>from sendmail??
>
>For example, I am now receiving the same sort of activity from
>another jp site:
>Jul 9 09:00:34 www kernel: Asia2 IN=eth0 OUT=
>MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=202.12.30.137
>DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=238 ID=61693 DF
>PROTO=TCP
>Notice it is from port 25 to a high numbered port and at a
>fairly high repeat
>rate.
This looks like an ANSWER to an SMTP connection from your machine to the .jp
server. At a guess:
* You've set up firewalling to block all incoming packets from an IP
range including the above address, regardless of state of the TCP connection.
do you ave an email to that server sitting in your mailqueue?
* you're not returning icmp unreachable, you're just dropping the
packets
Meaning: even if the machine on the other sinde tries connecting just once,
you'll see several packets due to TCP retries. usualy I'd expect time between
packets to increase until the other side gives up.
Bye, Martin
-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
