Meenoo Shivdasani wrote: >> conversation. The question is: why are all of these remote servers >> trying to make connections back to me on high-numbered ports? Should I >> be allowing these connections somehow? >> > > The remote server probably thinks that it's still supposed to be > making connections back to you -- a couple of the lines you posted > showed FIN flags indicating that the TCP connection was being shut > down. At that point, the mail message has already been sent. > > If you get REJECT messages for all SMTP connections, look at your > iptables rules and see if you have a specific rule for smtp that only > permits NEW conns. > But these aren't SMTP connections. The source is port 25, but the destination is not. The mail server is running normally. I'm allowing new SMTP connections and traffic for established connections. ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 > One possibility is that iptables no longer thinks that the connection > is active -- possibly the connection tracking database has already > pushed that connection out. You can check your conntrack max value > with the command > > cat /proc/sys/net/ipv4/ip_conntrack_max > # cat /proc/sys/net/ipv4/ip_conntrack_max 63480 > Yet another possibility is that these are duplicated packets (for > whatever reason) and the connection has already been closed out. > Possible, I guess, but I don't know what would be duplicating them. -- Bowie