[Dshield] unusual port 25 traffic
fb0xwp802 at sneakemail.com
Sat Jan 28 15:19:40 GMT 2006
On Fri, Jan 27, 2006 at 02:58:00PM +0100, Stephane Grobety wrote:
> Without a packet dump, it's pretty hard to tell what is happening.
> Here is, however, something that could result in what you're seeing:
> The result is that you see nearly as much outbound traffic than
> inbound and yet see no mail routed.
> I have seen that happen a few time at my gateway (without reaching the
> same proportion). It didn't actually grew into a problem because the
> server is configured to drop the connection after 5 errors and tarpit
> it for 5 minutes (i.e. not accept any more connections from that IP).
Just out of curiosity, what are you using for a mailer? And is there
any special config reuired?
More information about the list