Whenever sending to a Hotmail account from my server I end up with roughly 10 dropped packets from random IP addresses within hotmail's IP space. My firewall rules are pretty tight (I think), but no other server has demonstrated this problem (and I send to a lot of people on a wide variety of other servers).
The weird part is that the message goes through to hotmail just fine right away, but then the packets are logged about once a minute for the 10 minutes after sending a message. Checking my mail logs shows no connections to the IP addresses in question, however the ACK bit is set on all of the packets that I block. Here's the most recent example: May 15 17:21:13 nigel kernel: IN=eth0 OUT= MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145 DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=11945 DF PROTO=TCP SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 May 15 17:21:21 nigel kernel: IN=eth0 OUT= MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145 DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=11946 DF PROTO=TCP SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 May 15 17:21:38 nigel kernel: IN=eth0 OUT= MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145 DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=42543 DF PROTO=TCP SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 May 15 17:22:12 nigel kernel: IN=eth0 OUT= MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145 DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=42544 DF PROTO=TCP SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 May 15 17:23:12 nigel kernel: IN=eth0 OUT= MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145 DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=5521 DF PROTO=TCP SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 May 15 17:24:12 nigel kernel: IN=eth0 OUT= MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145 DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=65521 DF PROTO=TCP SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 May 15 17:25:12 nigel kernel: IN=eth0 OUT= MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145 DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=59985 DF PROTO=TCP SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 May 15 17:26:12 nigel kernel: IN=eth0 OUT= MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145 DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=54449 DF PROTO=TCP SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 May 15 17:27:12 nigel kernel: IN=eth0 OUT= MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145 DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=48913 DF PROTO=TCP SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 Note that I've sanitized the IP that these are coming into. Again, 64.4.49.145 shows up nowhere in my smtp logs. There aren't any return receipts or other weirdnesses to the messages, just plain text. Is Hotmail screwing something up? Am I? A quick search through the archives of this list and the postfix list doesn't seem to bring anything up, and since the problem seems to be with iptables at this point I thought I'd start here... Let me know if posting my iptables config would help. I'm hoping that I'm especially dense at searching through the archives and that this is some sort of well known issue. TIA -- Travis
