| John L Magee 2006-09-04, 1:29 pm |
| It seems that sometimes the value in clientipaddress in the smtp transport
sink does not match the IP Address in the Current Sessions display in the
Internet Services MMC.
We have a filter that logs arrivaltime, clientipaddress, from, to, etc. of
every incoming message. In some cases, when manually monitoring traffic,
I've noticed many and or long connections from a particular IP address but
no messages with that IP address in the client IP address. In one situation
when there was a real flood of incoming traffic from a particular IP, I
blocked that IP at the router and the connections and flood of traffic
stopped.
Are there known conditions where this situation may occur? What, exactly, is
the relationship between the value passed in clientipaddress and the value
shown in the MMC?
Thanks in advance for any insights.
John L. Magee
|