NOW, the server (firewall side) is just bulk rejecting ALL connections (again!). It considers any incoming mail as a SYN attack, and rejects it! (egads! I'm getting tired of this chase!). I thought I had this sorted out...
/var/log/messages is bing filled with messages like:
Jan 15 07:51:50 ibu portsentry[2524]: attackalert: Host: mtsbp122.discountdeals.net/64.253.203.58 is already blocked Ignoring
Jan 15 07:54:16 ibu portsentry[2524]: attackalert: TCP SYN/Normal scan from host: smtp.mandrake.com/63.209.80.248 to TCP port: 25
Jan 15 07:54:16 ibu portsentry[2524]: attackalert: Host: smtp.mandrake.com/63.209.80.248 is already blocked Ignoring
Jan 15 07:54:33 ibu portsentry[2524]: attackalert: TCP SYN/Normal scan from host: telepath3.isomedia.com/207.115.64.104 to TCP port: 25
Jan 15 07:54:33 ibu portsentry[2524]: attackalert: Host 207.115.64.104 has been blocked via wrappers with string: "ALL: 207.115.64.104"
Jan 15 07:54:33 ibu portsentry[2524]: attackalert: Host 207.115.64.104 has been blocked via dropped route using command: "/sbin/iptables -A INPUT -s 207.115.64.104 -j DROP"
It's all incoming mail, that is not coming in!
Any thoughts on WHY it would interpret all incoming connections as an attack? Anything not already blocked is interpreted as a SYN attack, and is rejected, and added to the list....
Thanks !
Ric
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com