Anne Wilson wrote: > These, it seems, are outgoing packets. Why, then, have they got those source > addresses? Is someone managing to bounce packets through my mail server to > hide their tracks? Presumably those logs are for incoming connections in your router (looks like a netgear log to me). The source IP address is the address of the host trying to connect to your imap service (port 143) > I've never seen many of these, just the occasional one. Sometimes they seem > to relate to an ntp source. Often they seem to come from a university site. > I think the fact that I don't see many means that I'm not being used as an > open relay, but I'm not 100% confident of that. I'd like to understand > what's happening. > Again, "being an open relay" refers to spammers being able to send (or relay) mail through your smtp server (port 25). IMAP is a protocol for you to retrieve mail, not send it. You can check your mail server is not acting as an open relay here: http://www.abuse.net/relay.html It's probably a good idea to check each time you change something in /etc/postfix/main.cf if you are not 100% sure.