Heho, i am currently looking at a weird set of (reoccurring, but i only have a pcap of one) log events related to an SMTP connect from rDNS tunnel613353-pt.tunnel.tserv11.ams1.ipv6.he.net with v6 IP 2001:470:1f14:fa5::2 ehlo'ing as vrfcanaclu03.rfcanalyzer.net.
It has a funny interaction with my network, which lets it descent into a +1.5k PPS / 50mbit+ pmtud exceeded/retransmit storm (which might not entirely be their fault, though...). Still, i'd like to get to the bottom of things, and if this is a benign service, i'd like to get in touch with the people running it. Googling tied rfcanalyzer.net to a measurement system of the Dutch tax authorities' SOC (dropped them a mail already), but given that this is behind HE, i'd be surprised if this was _actually_ them. So, has anyone else seen this in mail.logs/has an idea what that host is doing? With best regards, Tobias _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
