Sorry for the off-topic post, but I can't think of a better list with more
sharp email server admins.

I've just taken a new job with a company that does some (legit, opt-in,
with-working-remove-link, only sending to our paying customers) email
marketing. I'm seeing some very weird traffic from the remote email
servers that we are sending to, and can't figure out what it could be.

Basically, we are seeing denied traffic on our firewall. The source of the
traffic is the mail servers we are sending to; it is coming FROM their
TCP/25, and going to some random high-level TCP port on our sending host.
If I didn't know better, I'd think it was denying part of the three-way
TCP handshake, but the email is flowing, and the mail queues are low.

So far, I can count 1,019 unique external email servers which are doing
this, from all parts of the IPv4 address space.

Does anybody know what this is from? I'm seeing it a lot from yahoo,
comcast, aol, mostly the larger players.

--
Burton Windle bwindle@fint.org