Dear List Members,
I have the following lines that appear in my log files
01:15 01:13 SMTPD(05B20122) [0.0.0.0] connect 66.197.140.121 port 36087
01:15 01:13 SMTPD(05B20122) send error 10054
01:15 01:13 SMTPD(05B20122) send error 10054
Of course in many instances the IP addresses are different. If the same IP
generates the message
the port changes. In all but a handful of instances the IP addresses are
outside of my network.
Previously I was seeing many more of these log entries (approximately every
4 to 10 minutes. The only
pattern that I could see was that the IPs were IANA reserved per RFC 1918
(example 172.16.0.0/12). When
this was occuring the IP usually was not changing, but the port address
was. I eventually resolved the problem
by blocking 172.16.0.0 w. subnet mask 255.240.0.0.
I've reviewed http://www.declude.com/info/logs.htm, but I still have some
questions.
My questions are:
1. What is the technical explanation for what is happening?
2. What does the [0.0.0.0] mean in the first line? If I understand the
log formats correctly, SMTPD and connect means the
server is dealing with incoming mail, and therefore [0.0.0.0] should be the
IP of my local Imail server 199.181.178.202.
3. What is the explanation for reserved IPs appearing in the log?
Thanks for your help in advance.
Burzin
------
Burzin Sumariwalla Phone: (314) 994-9411 x291
[EMAIL PROTECTED] Fax: (314) 997-7602
Pager: (314) 407-3345
Networking and Telecommunications Manager
Information Technology Services
St. Louis County Library District
1640 S. Lindbergh Blvd.
St. Louis, MO 63131
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
- RE: [IMail Forum] Log Help Burzin Sumariwalla
- RE: [IMail Forum] Log Help John Tolmachoff
- RE: [IMail Forum] Log Help Burzin Sumariwalla
- RE: [IMail Forum] Log Help R. Scott Perry
- Re: [IMail Forum] Log Help Eric Shanbrom
