This is a discussion on Re: OT: unusual traffic from mail servers - SpamAssassin ; Burton Windle a écrit : > Sorry for the off-topic post, but I can't think of a better list with > more sharp email server admins. > > I've just taken a new job with a company that does some ...
Burton Windle a écrit :
> Sorry for the off-topic post, but I can't think of a better list with
> more sharp email server admins.
> I've just taken a new job with a company that does some (legit, opt-in,
> with-working-remove-link, only sending to our paying customers) email
> marketing. I'm seeing some very weird traffic from the remote email
> servers that we are sending to, and can't figure out what it could be.
> Basically, we are seeing denied traffic on our firewall. The source of
> the traffic is the mail servers we are sending to; it is coming FROM
> their TCP/25, and going to some random high-level TCP port on our
> sending host. If I didn't know better, I'd think it was denying part of
> the three-way TCP handshake, but the email is flowing, and the mail
> queues are low.
Sniff traffic and you'll probably see that the packets you drop are part
of the smtp transaction and that your firewall is forcing the other end
Make sure that your firewall can support the load. and while you are at
it, make sure it correctly implements TCP window scaling and that it
doesn't drop (all) icmp traffic. I'm saying this because it's a common
> So far, I can count 1,019 unique external email servers which are doing
> this, from all parts of the IPv4 address space.
> Does anybody know what this is from? I'm seeing it a lot from yahoo,
> comcast, aol, mostly the larger players.