[exim] Mail traffic that shouldn't be?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Phil Pennock at ->
Delete this message
Reply to this message
Author: daniel
Date:  
To: exim-users
Subject: [exim] Mail traffic that shouldn't be?
Hello all, I'm trying to track down a very strange phenomenon regarding my
mail server at one of our NOCs and I'm hoping someone can help. Here's the
setup:

Internet <-> Firewall/NAT (dallaire) <-> Mail Server (brazilian)

The firewall has two IP's, the legal, external IP on eth0 and the reservered
"192.168.0.1" on the internal interface. The mail server has only a reserved
IP (192.168.0.7).

The server works fine. It's job is essentially to capture mail destined for
the primary mailserver when that box is unavailable and it does the job just
fine.

Now here's the weird part. Every once in a while, and only when the primary
mail host is unavailable, the box spews out a bunch of packets trying to talk
to it's external IP. Ie, 192.168.0.7 tries to talk to <myExternalIP> which
doesn't work 'cause the packets get routed out to my iptables firewall and
blocked. What's more, the packets themselves are empty. Here's a snippet of
an ngrep session:

# ngrep -e host <myExternalIP>
interface: em0 (192.168.0.0/255.255.255.0)
filter: ip and ( host <myExternalIP> )
#
T 192.168.0.7:62127 -> <myExternalIP>:25 [S]
#
T 192.168.0.7:62127 -> <myExternalIP>:25 [S]
...
#
T 192.168.0.7:62127 -> <myExternalIP>:25 [S]

I'm not sure what It's doing and I have no idea how to get more information
but it's bugging me even though it doesn't appear to be affecting
performance.

It may be worth mentioning though that the server is also employing Bind's
"view" feature that lets me have different DNS results depending on the
origin of the request. That is to say, a lookup of the mail server's name on
the LAN will return 192.168.0.7, whereas looking up the same name from
outside would return <myExternalIP>.

Can someone shed some light on this? Should I be allowing this traffic, and
if so, how do you do that with NAT? I can SNAT out and DNAT in, but not out
and back in. If it's not supposed to happen, what did I do wrong?

Thanks for any spare brain cells.


--
I hope that we shall crush in its birth the aristocracy of our moneyed
corporations, which dare already to challenge our government to a trial of
strength, and bid defiance to the laws of our country.
- Thomas Jefferson, 1816


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Re: bounce messages and their potential misuseRe: [exim] Disk failure => 5xx error code->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)