I have a Debian box acting as a mailserver running Exim behind a Debian box acting as a firewall/gateway with appropriate port forwarding etc. Everything runs fine. I've been seeing some odd traffic lately, though. An SMTP request will come in and be forwarded to the mailserver, the mailserver responds by opening a 113 (auth) connection back to the caller, and then, a 7 (echo) and then 2702 (?!) to munitions2.xs4all.nl for no apparent reason. Any ideas?
Here's a sample from my IP tracking logs, gemini is the firewall and libra is the mailserver. Note the contacts to munitions come about 25 seconds after the AUTH traffic, this is not too atypical although it's usually closer to 15, and (by eye I'd say) always between 10 - 30 seconds after the AUTH traffic. 2002-09-01 22:56:24 212.171.20.194 3443 64.83.195.241 25 212.171.20.194 -> gemini (smtp) 2002-09-01 22:56:24 192.168.100.201 1589 212.171.20.194 113 libra -> 212.171.20.194 (auth) 2002-09-01 22:56:50 192.168.100.201 1591 194.109.217.74 7 libra -> munitions2.xs4all.nl (echo) 2002-09-01 22:56:51 192.168.100.201 1592 194.109.217.74 2702 libra -> munitions2.xs4all.nl First noticed this last Thursday. I'd love to know what exactly is going on here and why... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
