> Sorry for the off-topic post, but I can't think of a > better list with more sharp email server admins. > > I've just taken a new job with a company that does some > (legit, opt-in, with-working-remove-link, only sending to > our paying customers) email marketing. I'm seeing some > very weird traffic from the remote email servers that we > are sending to, and can't figure out what it could be. > > Basically, we are seeing denied traffic on our firewall. > The source of the traffic is the mail servers we are > sending to; it is coming FROM their TCP/25, and going to > some random high-level TCP port on our sending host. If I > didn't know better, I'd think it was denying part of the > three-way TCP handshake, but the email is flowing, and > the mail queues are low. > > So far, I can count 1,019 unique external email servers > which are doing this, from all parts of the IPv4 address > space. > > Does anybody know what this is from? I'm seeing it a lot > from yahoo, comcast, aol, mostly the larger players.
I'm not an expert, but traffic from their port 25 to your port <random high port> should be just return messagesfor normal smtp. Your server opened the connection from <random high port> to their 25, and is getting responses thru that pipe. Maybe your firewall is broken? There is nothing to report, especially when it does not block it, and mail passes.
