It appears that hackers have figured out how to use ASL as an illegal mail relay. Spammers are sending mail as if it's coming from port 25 on a legitimate mail server (e.g. AOL), and into Astaro on a high ephemeral port (e.g. 43300) with ACK PSH. The same packet is sent again, to the same port, as ACK FIN. Astaro then turns that packet around and sends it back to the "source" (the spoofed IP address) and it appears to that mail server as a legitimate packet and it is processed. The result is that ASL can become an open relay. Somehow, ASL is absorbing these illegal packets and processing them rather than rejecting them by default.
This thread was automatically locked due to age.
