> These, it seems, are outgoing packets. Why, then, have they got those source > addresses? Is someone managing to bounce packets through my mail server to > hide their tracks? > > I've never seen many of these, just the occasional one. Sometimes they seem > to relate to an ntp source. Often they seem to come from a university site. > I think the fact that I don't see many means that I'm not being used as an > open relay, but I'm not 100% confident of that. I'd like to understand > what's happening. > > open relay is not to so with IMAP - thats SMTP if this is an issue rather than just forwarding the ports setup an openvpn server on your LAN machine access your LAN using the VPN.