Strange TCP/IP Connection in Event Log

Strange TCP/IP Connection in Event Log

Post by Ed » Thu, 07 Aug 2003 01:27:50



I have an SMTP Server that receives mail directly and
sends it out via my ISP's mail server. This means that in
the application section of the NT Event log I have an
entry for each external TCP/IP connection that is created
when mail is delivered but no entries for mail going out.
This is fine but I have noticed that my SMTP server makes
repeated connections to my ISP's IP (212.23.8.70) but
these connections seem to be made for different companies.

'A new TCP/IP SMTP connection has been made to host
212.23.8.70 (for compuserve.com).  Logfile: L0000003.LOG'

A new TCP/IP SMTP connection has been made to host
212.23.8.70 (for peoplesound.com).  Logfile: L0000000.LOG

A new TCP/IP SMTP connection has been made to host
212.23.8.70 (for yahoo.co.uk).  Logfile: L0000000.LOG

The event type is Success Audit for the MSExchangeIMC.

Can anyone cast some light on this, I know that it is not
relaying since we have that successfully blocked, could it
be some other type of SPAM.