Hi,

We're running an SMTP relay on our ISA 2004 firewall. Today I've noticed
there 3 connections keep being made, and only drop after the SMTP server
specified 10 minute timeout limit, once dropped the connection re-connect
almost instantly.
The 3 connections are:

om-zonelabs.rgc3.net - 66.35.244.229
dnet012.dnspool.net - 212.104.131.38
itbe.wc09.net - 63.211.222.4

Now, are these people trying to spam through our server? Looking at the ISA
logs, only the initial connection is being made, no other traffic is coming
from these connections, hopefully this means ISA is doing it's job, and the
relay is configured securely.
Or, are these legit connections, from someone who is maybe sending huge
emails, and not succeeding, as the connection is timing out before it sends?

Current connections have been up for 507 seconds, 460 seconds, and 302
seconds. I'm assuming when it hits 600 the connection will time out again!

Any help/suggestions would be much appreciated

Ben