> But these aren't SMTP connections. The source is port 25, but the
> destination is not. The mail server is running normally. I'm allowing
> new SMTP connections and traffic for established connections.
They are SMTP connections -- your server initiates a connection to
port 25 on the remote server. Thus, when the connection is set up the
remote server will be responding with source port 25 and destination
port = source port of the initiated connection.
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> tcp dpt:25
I think the ACCEPT all line should catch these, but you might try
adding RELATED,ESTABLISHED specifically to the dpt:25 line.
> # cat /proc/sys/net/ipv4/ip_conntrack_max
> 63480
Unless you're passing a lot of traffic, the conntrack_max looks okay.
>
>> Yet another possibility is that these are duplicated packets (for
>> whatever reason) and the connection has already been closed out.
>>
>
> Possible, I guess, but I don't know what would be duplicating them.
This isn't as likely, but the remote sites could be duplicating them
-- the only way to determine if that's the case would be to sniff the
traffic and see if the remote site sends the same packet more than
one.
M
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
