On Tue, May 31, 2005 at 12:28:22PM +0200, Jose Javier Sianes Ruiz wrote: > <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> > <html> > <head> > <meta content="text/html;charset=ISO-8859-15" > http-equiv="Content-Type"> > <title></title> > </head> > <body bgcolor="#ffffff" text="#000000"> > Hi. From network departament I have been noticed that my Qmail-ldap > servers are trying to send ICMP request to Internet mail servers. > Dumping on one of them:<br> > <br> > <blockquote><tt>[EMAIL PROTECTED]:/root> tcpdump -i eth1 |grep > icmp</tt><br> > <tt>tcpdump: listening on eth1</tt><br> > <tt>12:16:03.100137 192.168.204.150 > mxa.mail.ukl.yahoo.com: > icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><br> > <tt>12:16:39.888951 192.168.204.150 > mxa.mail.ukl.yahoo.com: > icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><br> > <tt>12:17:07.106519 192.168.204.150 > mxa.mail.ukl.yahoo.com: > icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><br> > <tt>12:17:43.890120 192.168.204.150 > mxa.mail.ukl.yahoo.com: > icmp: host 192.168.204.150 unreachable - admin prohibited [tos > 0xc0]</tt><tt></tt><br> > <tt>12:18:11.100234 192.168.204.150 > mxa.mail.ukl.yahoo.com: > icmp: host 192.168.204.150 unreachable - admin prohibited [tos > 0xc0]</tt><tt></tt><br> > <tt>12:18:47.891328 192.168.204.150 > mxa.mail.ukl.yahoo.com: > icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><br> > <tt>12:19:15.105347 192.168.204.150 > mxa.mail.ukl.yahoo.com: > icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><br> > <tt></tt><br> > </blockquote> > <br> > I would like to know if there is any way to avoid the ICMP request from > Qmail. ICMP packages are not allowed in my network and its generating a > lot of Snort alerts on IDS servers. Thanks.<br> > <br>
ICMP is mostly here for error messages. I bet your server has some spam mails in the queue that point to unreachable addresses. That's why ICMP messages are sent. -- :wq Claudio
