Mail doesn't usually go 25 -> 25. Usually its 1025+ (unprivileged port) -> 25. As far as I know.. this is probably mail traffic.. could be someone scanning for an open relay mail server.
HTH, .aaron. Matt Simonsen wrote: > I am seeing traffic regularly coming from remote servers' port 25 > destined to our servers' high ports, generally in the 1-3k range. Is > this normal? I plan to block it all, from what I understand SMTP goes > only from 25 to 25, but if that's the case I can't figure out what this > would be. > > According to our IPFilter logs the traffic generally has -AFP set, > please let me know off-line if a tidbit of info I could provide can help > you answer my question. > > Thanks > Matt Simonsen > >
