John Caradimas

Q: Why is 17.151.38.201 trying to connect to my email server?

I am using Server 5.1.5 in my OS-X server, and I have Mail service activated. In my logs, I see several messages like:

 

pop3-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=17.151.38.201, lip=xx.xx.xx.xx

 

or

 

imap-login: Info: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=17.151.38.201, lip=xx.xx.xx.xx

 

where xx.xx.xx.xx is the IP of my email server.

 

Why is that IP (which is an Apple IP) trying to connect to my server using IMAP or POP3??

Posted on May 22, 2016 2:59 AM

Close

Q: Why is 17.151.38.201 trying to connect to my email server?

  • All replies
  • Helpful answers

  • by John Lockwood,

    John Lockwood John Lockwood May 23, 2016 3:55 AM in response to John Caradimas
    Level 6 (9,225 points)
    Servers Enterprise
    May 23, 2016 3:55 AM in response to John Caradimas

    As you pointed out that address and in fact the entire 17.x.x.x block are all Apple owned IP addresses. Other than Apple Push Notification traffic which this is not, the most common cause of incoming traffic i.e. traffic originating from Apple and going to your network is Apple's 'Reachability' test traffic.

     

    I would say that in this case it looks like this is indeed Apple doing a 'Reachability' test for your server.

     

    See http://mac.lytics.eu/?p=160

  • by John Caradimas,

    John Caradimas John Caradimas May 23, 2016 4:36 AM in response to John Lockwood
    Level 1 (19 points)
    Servers Enterprise
    May 23, 2016 4:36 AM in response to John Lockwood

    Thanks, this may very well be the answer. I can't imagine that an Apple server is compromised to do things like that, without Apple's knowledge.

     

    Thanks again.