>I have been confused by an entry in my daily stats. Each and every day shows >the same number of connections from on of MY boxes, 63.237.136.17. This box >is used for my customers personal websites. Yet every day for over a month >the box makes exactly 287 connections to my Imgate box. Below is a snippet >from my logs grepping for a stmpd process associated with that IP address. >Any thoughts. > >Host/Domain Summary: SMTPD Connections (top 25) > connections time conn. avg./conn. max. time host/domain > ----------- ---------- ---------- --------- ----------- > 287 0:00:22 0s 1s 63.237.136.17 > > > >Jan 12 09:59:02 imgate1 postfix/smtpd[13987]: reject: RCPT from >ool-18ba8004.dyn.optonline.net[24.186.128.4]: 554 <[EMAIL PROTECTED]>: >Relay access denied;
dyn.optonline.net 555 mta_clients_bw "dyn" I guess is their dialup/cable/dsl sub-domain. big source of abuse, ime. >from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> >Jan 12 09:59:07 imgate1 postfix/smtpd[13987]: disconnect from >ool-18ba8004.dyn.optonline.net[24.1 >86.128.4] >Jan 12 09:59:16 imgate1 postfix/smtpd[13987]: connect from >unknown[209.10.194.5] >Jan 12 09:59:20 imgate1 postfix/smtpd[13987]: lost connection after CONNECT >from unknown[209.10.1 >94.5] >Jan 12 09:59:20 imgate1 postfix/smtpd[13987]: disconnect from >unknown[209.10.194.5] >Jan 12 09:59:30 imgate1 postfix/smtpd[13987]: connect from >unknown[63.237.136.17] >Jan 12 09:59:30 imgate1 postfix/smtpd[13987]: disconnect from >unknown[63.237.136.17] your ip has no PTR?? not a good idea. you should know by now when an MTA has questionable behaviour AND no PTR, the absent PTR weighs, often tips the decision, towards blocking the ip. probably just a screwed-up mailer application, or a scanner, or a cracked machine. so the evidence to your customer and ask them what's going on. Len
