|
||||||||
Claudio Castro schrieb: > I have a simple question, I was checking my firewall logs when I saw > that there was a lot of traffic been blocked, the interface WAN, source > was e.g. hotmail, the source port 25, destination my mail server, > destination port was random (e.g.32612). > Now, whats happening here? should I accept traffic from internet with > source port 25? Never !! why is hotmail sending traffic with the source 25 to my > mail server? > > thanks > > Here a copy of my logs: > > pass > 01:10:51.272485 DMZ <?if=DMZ> 10.1.1.2, port 35614 > <?sp=35614> 65.54.190.230, port 25 <?dp=25> TCP <?pr=TCP> > block > <?act=b> 01:10:53.964444 WAN <?if=WAN> 65.54.253.37, port 25 > <?sp=25> 10.1.1.2, port 35612 <?dp=35612> TCP <?pr=TCP> I can see two reasons: 1. Hotmail is sending garbadge 2. Your state-table has an error. If your mailserver has no problem with sending an receiving mails from and to hotmail: make a rule. don't log everything from sourceport 25 tcp and don't care about it. But if you have problems with hotmail. clear the state table and use ethereal on your mailserver in combination with the firewall-log to analyse the traffic. bye christoph -- last words: "let's make the backup tomorrow" |