I posed this questin a few days ago. I got no response, so I've been
digging, and maybe I can ask a slightly different question.
System: SuSE 6.4 running SuSEfirewall 4.2
Symptom: Output DENY messages when sending mail. I've also sometimes
seen these directed at my ISP's DNS servers.
When sending mail, I get four repetitions of the following, but the mail
output DENY ppp0 PROTO=1 my.ip.ad.dr:3 isp.smtp.ip.addr:3 L=108 S=0xC0
I=5893 F=0x0000 T=
After reading thru SuSEfirewall, I discovered that the messages disappear
when I set FW_ALLOW_FW_TRACEROUTE = "yes" , although my reading of the
script looks like they're still being denied by the '# deny all other type
3' rule, which isn't logged. So it's transparent, with the same effect.
I tried hacking the script, moving the $DENY port-unreachable $LDC just
outside the bracket, and changing it to $ACCEPT port-unreachable
$LAC. Now I can turn off FW_ALLOW_FW_TRACEROUTE again. I'm still
invisible to traceroute, and sending mail gives me just one message in the
output ACCEPT ppp0 PROTO=1 220.127.116.11:3 18.104.22.168:3 L=108 S=0xC0
I=26218 F=0x0000 T=255 (#3)
The destination address is my ISP's mail relay host.
So now my mail is going out without the delay of waiting for four
timeouts. But I still have the question of what is going on here? I have
not been able to find any documentation of the various parameters
displayed with the log message. What port is my ISP's mail host trying to
connect to, and why? Is this normal smtp behaviour?
Can someone point me to the RFC that defines all the ICMP sub-types?
-- Rick Green