i've started running a mail server in a DMZ. it's an out of the box solution (axigen) running on ubuntu server 7.10
for a brief period i had a configuration issue - my bad - and an open relay
i noticed something was wrong becuse the Rx/Tx lights on my router were going bonkers with no PCs running (except the mailserver)
so i checked the activity graphs on the firewall and there was a massive spike in traffic into and out of the DMZ where the mailserver resides
i ran a few tests and corrected the config so i am no longer an open relay (i now pass the tests at abuse.net and mailradar.com for example)
interestingly i think there was an open relay for about 8-12 hours but the graphs only show activity spikes starting at a specific time this evening - presumably the point at which the relay was 'discovered'
despite having closed the relay i'm still getting multiple, multiple connections being made to my port 25 from servers all over the world (malaysia and brazil figure prominently in my whois lookups)with odd port numbers and, although nothing is coming of these connections as the mailserver drops them, the hits alone are causing bandwidth issues
has anyone any ideas how i might mitigate this ?
thanks as always