This is weird
Ken A
ka at pacific.net
Fri Jan 27 22:42:09 GMT 2006
sonic.net (a neighbor of ours) runs a dccd server, as I bet these others
do as well. Probably something dccifd does, though I'm not sure why.
Ken
Pacific.Net
Kevin Miller wrote:
> This morning I started directing our firewall logging to a syslog
> server. I noticed a *whole lot* of these:
> Jan 27 10:18:34 199.58.55.6 %PIX-4-106023: Deny icmp src inside:mxg dst
> outside:66.250.40.33 (type 3, code 3) by access-group "acl_inside"
>
> There were a couple other outside IP addresses too, like 37.208.8.26
> (samantha.wu-wien.ac.at), 208.201.249.233 (eth0.c.spam.sonic.net), and
> 66.250.40.33 (clapton.quatro.com), as well as a few others.
>
> Gotta love that, ...spam.sonic.net!
>
> Get several every second or so. There's no reason (that I can figure)
> for mxg (my mail gateway) to be sending icmp type 3, code 3 packets,
> which I understand to be 'destination unreachable' responses.
>
> When I stop MailScanner the packets immediately dry up (hence my posting
> here). MailScanner is utilizing MailWatch, pyzor, razor and
> spamassassin.
>
> As soon as I restart MailScanner the warnings resume. I'm stumped...
>
> ...Kevin
More information about the MailScanner
mailing list