On Friday 28 March 2008 10:31:19 Kai Schaetzl wrote: > Anne Wilson wrote on Fri, 28 Mar 2008 09:23:30 +0000: > > Looking at those addresses in whois, I don't see any good reason for > > these, > > I don't know what [IMAP rule match] means, haven't ever seen this. But it > should be clear that if you have well-known ports open to the world that > these attract brute-force attacks and such. That's how it is. Yes, I understand that. The imap port has to be open for me to use it when I'm away from home. I can see how attempts would pass the router firewall, given that. Hopefully the fail2ban on my server is dealing with a brute-force attack. > > > and I'm concerned in case they are relays. > > I'm not sure what you mean by that? > These, it seems, are outgoing packets. Why, then, have they got those source addresses? Is someone managing to bounce packets through my mail server to hide their tracks? I've never seen many of these, just the occasional one. Sometimes they seem to relate to an ntp source. Often they seem to come from a university site. I think the fact that I don't see many means that I'm not being used as an open relay, but I'm not 100% confident of that. I'd like to understand what's happening. Anne -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20080328/091e50b1/attachment-0005.sig>