[ previous ] [ next ] [ threads ]
 
 From:  Christoph Hanle <christoph dot hanle at leinpfad dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] smtp firewalls rules
 Date:  Sun, 13 Nov 2005 11:17:51 +0100
Claudio Castro schrieb:
> I have a simple question, I was checking my firewall logs when I saw 
> that there was a lot of traffic been blocked, the interface WAN, source 
> was e.g. hotmail, the source port 25, destination my mail server, 
> destination port was random (e.g.32612).
> Now, whats happening here? should I accept traffic from internet with 
> source port 25?
Never !!

  why is hotmail sending traffic with the source 25 to my
> mail server?
> 
> thanks
> 
> Here a copy of my logs:
> 
> pass
>     01:10:51.272485     DMZ <?if=DMZ>     10.1.1.2, port 35614 
> <?sp=35614> 65.54.190.230, port 25 <?dp=25>     TCP <?pr=TCP>
> block
> <?act=b>     01:10:53.964444     WAN <?if=WAN>     65.54.253.37, port 25 
> <?sp=25>     10.1.1.2, port 35612 <?dp=35612>     TCP <?pr=TCP>
I can see two reasons:
1. Hotmail is sending garbadge
2. Your state-table has an error.

If your mailserver has no problem with sending an receiving mails from 
and to hotmail: make a rule. don't log everything from sourceport 25 tcp 
and don't care about it.

But if you have problems with hotmail. clear the state table and use 
ethereal on your mailserver in combination with the firewall-log to 
analyse the traffic.

bye
christoph

-- 
last words:
"let's make the backup tomorrow"