Apple's Mail.app Sending Invalid Packets To Mailserver
Aug 18, 2008I am having a problem with a client who's using Mail.app and it seems to be sending invalid packets to the server. Here is a sample of the report from the firewall:
Code:
Hits: 21
Blocked: permanently
Sample of block hits:
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=48970 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=5724 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=23624 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=49421 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:15 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=10507 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=38488 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=25402 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=18975 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=52260 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=18208 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=30469 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=36698 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=7445 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=47645 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=30465 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=44590 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=2887 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=35090 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=4986 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=42867 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=1310 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
The report just says Invalid IN. Does anybody have any suggestions on what would be causing this? I use Mail.app myself and have never had problems with it triggering the firewall.