Matt. The server's SMTP port 25 always tries to connect to remote machines to other random ports. but in your case you are having traffic from remote machine's SMTP at your high ports. This seems suspicious. Nimda worm could also be one reason for this. You try to block the traffic, I am sure your SMTP box will continue to work normal.
> I am seeing traffic regularly coming from remote servers' port 25 > destined to our servers' high ports, generally in the 1-3k range. Is > this normal? I plan to block it all, from what I understand SMTP goes > only from 25 to 25, but if that's the case I can't figure out what this > would be. > According to our IPFilter logs the traffic generally has -AFP set, > please let me know off-line if a tidbit of info I could provide can help > you answer my question. Naseer
