Maple wrote:
HostA is:
internal mailhost,
CNAME of ns.example.com and
a fresh install of:
Fedora Core 8
Firestarter w open ports 53, 80, closed 25, filtered 587, 3306
amavisd, spamassasin, etc.
Postfix w/ TLS, SASLAUTH, and only submission in master.cf
Only one user account
There are no entries in syslog, secure, audit, or maillog alerting about
sessions for 58.55.12.123, 190-50-124-109, 222.162.134.199, etc.
netstat, lsof, nnmap, iptables, etc. do not show open/listening ports
other than configured open ports.
hostA scanned from outside network do not show open ports.
Yet, using tcpdump there appears to be traffic dst port 25. How do I
troubleshoot to find hole that allows smtp traffic?
[EMAIL PROTECTED] ~]# tcpdump dst port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:29:39.833622 IP 58.55.12.123.4493 > hostA.example.com.smtp: S
1223686926:1223686926(0) win 16384 <mss 1440,nop,nop,sackOK>
18:29:43.104312 IP 58.55.12.123.4493 > hostA.example.com.smtp: S
1223686926:1223686926(0) win 16384 <mss 1440,nop,nop,sackOK>
This shows an incoming connection to port 25, not outgoing.
http://www.postfix.org/DEBUG_README.html
--
Noel Jones
