On Friday 28 March 2008 11:14:39 Ned Slider wrote:
Anne Wilson wrote:
These, it seems, are outgoing packets. Why, then, have they got those source addresses? Is someone managing to bounce packets through my mail server to hide their tracks?
Presumably those logs are for incoming connections in your router (looks like a netgear log to me). The source IP address is the address of the host trying to connect to your imap service (port 143)
I've never seen many of these, just the occasional one. Sometimes they seem to relate to an ntp source. Often they seem to come from a university site. I think the fact that I don't see many means that I'm not being used as an open relay, but I'm not 100% confident of that. I'd like to understand what's happening.
Again, "being an open relay" refers to spammers being able to send (or relay) mail through your smtp server (port 25). IMAP is a protocol for you to retrieve mail, not send it.
You can check your mail server is not acting as an open relay here:
http://www.abuse.net/relay.html
It's probably a good idea to check each time you change something in /etc/postfix/main.cf if you are not 100% sure.
Thanks for the suggestion. I've had a look at the site, and even tried it, but I don't think it's designed for those of us who collect mail from the ISP's server. If I'm wrong I register with an address that the ISP knows and try again, but it seems to me that it will be testing them, not me.
Anne