Hello. We found in our firewall, that Messaging Gateway sending a lot of requests on different IP-adresses through port 25. Yes, you can say its normal, but this requests happens every hour and i cant find any information about it in log. For example at 11PM when no one sends email we have tons of requests from Symantec and some requests can be send for several days every hour on one IP but i cant find any information in logs about it. Can anyone say what it can be?
which IP does the traffic is detined?
You need exact IP?
It would be useful to know to which IP address the SMG is initiating the traffic.
Ok. For couple days we observing two adresses.
54.72.9.51
and
93.170.123.66
one of the IP is amazon AWS, and another one is neopolet.ru.
You can check if the traffic is configured for Amazon AWS, if not capture the network traffic to understand the protocol and the traffic its sending.