On Mon, 12 Dec 2011 09:11:26 -0500 (EST) Wietse Venema <wie...@porcupine.org> wrote:
> James Seymour: > > > The TCP stack sends an outbound ACK|RST because it received > > > *something* on port 25. Your firewall should not have passed that. > > > > Should not have passed it *incoming*, do you mean? > > Indeed (assuming that ipfilter actually tracks state in the exact > same way as the TCP stack, which is an assumption that may not > be valid). I think it's only happening with spammer/scammer attempts. I'll write up a litte ad hoc script to reconcile the ipmon entries with the maillog. If it's only abusive behaviour when which it happens, I don't know as it's worth putting much time into? Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.