> Sorry for the off-topic post, but I can't think of a
> better list with more sharp email server admins.
>
> I've just taken a new job with a company that does some
> (legit, opt-in, with-working-remove-link, only sending to
> our paying customers) email marketing. I'm seeing some
> very weird traffic from the remote email servers that we
> are sending to, and can't figure out what it could be.
>
> Basically, we are seeing denied traffic on our firewall.
> The source of the traffic is the mail servers we are
> sending to; it is coming FROM their TCP/25, and going to
> some random high-level TCP port on our sending host. If I
> didn't know better, I'd think it was denying part of the
> three-way TCP handshake, but the email is flowing, and
> the mail queues are low.
>
> So far, I can count 1,019 unique external email servers
> which are doing this, from all parts of the IPv4 address
> space.
>
> Does anybody know what this is from? I'm seeing it a lot
> from yahoo, comcast, aol, mostly the larger players.


I'm not an expert, but traffic from their port 25 to your port should be just return messagesfor normal smtp. Your server opened the connection from to their 25, and is getting responses thru that pipe.

Maybe your firewall is broken? There is nothing to report, especially when it does not block it, and mail passes.