Hi Warren,
I have found that mail servers that run on the windows platform make a call to 135 in
the process of verifying the hostname of your
mailserver when using host verification to permit / drop email.
If you are referring your mail host mail.lws.co.za you should be able to disable port
135 from the internet as the destination mail
host will be able to use the PTR record that you have set up for the mail server to
verify it.
In this specific case I believe the source hostname is actually c7-ndf-77.dial-up.net
if this is the case the netblock for this is
owned by The Internet Solution (NETBLK-ISNET-04) which is located za also. It would
appear by the hostname that it is actually a
dial up user and not a mail server that is performing this connection.
I would check to ensure that if your mail server has the following ports blocked from
the internet 135 137 138 as these are common
attack points for windows machines.
Also [ot] I noticed that your web addresses do not have PTR records configured, this
is really a cosmetic issue and is not a cause
for concern.
ERROR: lws.co.za. has an A record of 196.36.177.6, but no reverse PTR record for
6.177.36.196.in-addr.arpa. can be found on
nameserver falcon.mweb.co.za.
The following resource record should be added:
6.177.36.196.in-addr.arpa. IN PTR lws.co.za.
ERROR: www.lws.co.za. has an A record of 196.36.177.6, but no reverse PTR record for
6.177.36.196.in-addr.arpa. can be found on
nameserver falcon.mweb.co.za.
The following resource record should be added:
6.177.36.196.in-addr.arpa. IN PTR www.lws.co.za.
Hope that helps.
Ad.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
