On Friday 28 March 2008 11:14:39 Ned Slider wrote: > Anne Wilson wrote: > > These, it seems, are outgoing packets. Why, then, have they got those > > source addresses? Is someone managing to bounce packets through my mail > > server to hide their tracks? > > Presumably those logs are for incoming connections in your router (looks > like a netgear log to me). The source IP address is the address of the > host trying to connect to your imap service (port 143) > > > I've never seen many of these, just the occasional one. Sometimes they > > seem to relate to an ntp source. Often they seem to come from a > > university site. I think the fact that I don't see many means that I'm > > not being used as an open relay, but I'm not 100% confident of that. I'd > > like to understand what's happening. > > Again, "being an open relay" refers to spammers being able to send (or > relay) mail through your smtp server (port 25). IMAP is a protocol for > you to retrieve mail, not send it. > > You can check your mail server is not acting as an open relay here: > > http://www.abuse.net/relay.html > > It's probably a good idea to check each time you change something in > /etc/postfix/main.cf if you are not 100% sure. > Thanks for the suggestion. I've had a look at the site, and even tried it, but I don't think it's designed for those of us who collect mail from the ISP's server. If I'm wrong I register with an address that the ISP knows and try again, but it seems to me that it will be testing them, not me. Anne -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20080328/5ad8c321/attachment-0005.sig>