[ previous ] [ next ] [ threads ]
 
 From:  Claudio Castro <ccastro at unr dot edu dot ar>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  smtp firewalls rules
 Date:  Sun, 13 Nov 2005 01:21:13 -0300
I have a simple question, I was checking my firewall logs when I saw 
that there was a lot of traffic been blocked, the interface WAN, source 
was e.g. hotmail, the source port 25, destination my mail server, 
destination port was random (e.g.32612).
Now, whats happening here? should I accept traffic from internet with 
source port 25? why is hotmail sending traffic with the source 25 to my 
mail server?

thanks

Here a copy of my logs:

pass
	01:10:51.272485 	DMZ <?if=DMZ> 	10.1.1.2, port 35614 <?sp=35614> 
65.54.190.230, port 25 <?dp=25> 	TCP <?pr=TCP>
block
<?act=b> 	01:10:53.964444 	WAN <?if=WAN> 	65.54.253.37, port 25 
<?sp=25> 	10.1.1.2, port 35612 <?dp=35612> 	TCP <?pr=TCP>