After some weeks of tests, I've found a strange behavior: the new policy is effectively blocking all type of non-solicited incoming connections. But when I try to remotely telnet ports
25 and
110, the telnet console seems to stay connected for a couple of seconds before it is automatically dropped. And if I try to do a port scan (like nmap), it shows me that these two ports are open. Although this behavior, if I check the opened ports using netstat, none of these ports are listening. I'm pretty sure that there isn't any kind of software listening to these ports, like IIS.
Is this behavior (of ports 25 and 110) normal?