I'm assuming you're a RoadRunner customer? Your Apache isn't relaying anything. It looks like RoadRunner is doing some sort of audit on their customers. I have been picking these up in my /var/log/messages (from iptables logging) and my Apache logs. They are from as far back as December 24th (that's how far back my logs go) and seem to happen at least once a week.
In addition to Apache, I see them probing these ports: 119, 25, 8080, 8081, 6588, 4480, 3128, 1080, 81 I realize that our TOS probably allows them to portscan our computers, but it would seem a little bit more "polite" if they announced that they were going to be doing it beforehand. To me, this seems like the equivalent of my homeowners association rattling all of the windows on my house in the middle of the night to make sure they're locked. If these scans from RoadRunner bother you (they bother me), you can take care of the problem they way I did: iptables -I INPUT --src 24.30.199.228/32 -j DROP or route add 24.30.199.228 reject -Steve -----Original Message----- From: Peter Kiem [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 2:39 PM To: [EMAIL PROTECTED] Subject: Does this mean my Apache is relaying mail? I noticed log entries like these in my Apache logs. 24.30.199.228 - - [22/Jan/2003:18:55:49 +1000] "CONNECT security.rr.com:25 HTTP/1.0" 200 14244 "-" "-" 24.30.199.228 - - [22/Jan/2003:18:55:49 +1000] "PUT http://security.rr.com:25/ HTTP/1.1" 200 12768 "-" "-" Since 24.30.199.228 is not my IP address does that mean they are relaying mail through my Apache or is it my Apache sending mail to them? -- Regards, +-----------------------------+---------------------------------+ | Peter Kiem .^. | E-Mail : <[EMAIL PROTECTED]> | | Zordah IT /V\ | Mobile : +61 0414 724 766 | | IT Consultancy & /( )\ | WWW : www.zordah.net | | Internet Hosting ^^-^^ | ICQ : "Zordah" 866661 | +-----------------------------+---------------------------------+ -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list