> Sorry, I was being a bit vague, I've got a stateful firewall between my > mailserver and the external world, and I kept seeing that there were > session timeouts "no_connection_for_this_packet" from a lot of different > places. > > There's absolutely no problems with my connection or my mailserver load, > and it was something that was leaving me a bit confused.
This seems to be a sort of address-spoofing: someone sends you a SYN packet directed to the smtp port of your server, but the source address of the packet itself is fake. This kind of attack would attempt to cause a DoS or, even worse, may be used to attempt issue a short message apparently caming from 127.0.0.1 or your intranet. However, apart the fact you got your firewall, this kind of attack may eventually have success on quite old OSes: linux, in example, has a lot of ways to discover that these packets are not valid (by syn_cookies or simply since they came from the "wrong" interface). However, this matter fits better on a firewall list or maybe on the linux-networking list. giampaolo > > I don't use anvil, at least not at the moment. > > A sort of moment of clarity. > > Nick