This is weird

[Kevin Miller]

This morning I started directing our firewall logging to a syslog
server.  I noticed a *whole lot* of these:
Jan 27 10:18:34 199.58.55.6 %PIX-4-106023: Deny icmp src inside:mxg dst
outside:66.250.40.33 (type 3, code 3) by access-group "acl_inside"

There were a couple other outside IP addresses too, like 37.208.8.26
(samantha.wu-wien.ac.at), 208.201.249.233 (eth0.c.spam.sonic.net), and
66.250.40.33 (clapton.quatro.com), as well as a few others.

Gotta love that, ...spam.sonic.net!

Get several every second or so.  There's no reason (that I can figure)
for mxg (my mail gateway) to be sending icmp type 3, code 3 packets,
which I understand to be 'destination unreachable' responses.

When I stop MailScanner the packets immediately dry up (hence my posting
here).  MailScanner is utilizing MailWatch, pyzor, razor and
spamassassin.

As soon as I restart MailScanner the warnings resume.  I'm stumped...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500