I have two mail relay servers (running brightmail) in our DMZ which accept inbound and send outbound mail. Everything works fine and has been working fine for a long time. However I do see a lot of Denied traffic from these servers, sourcing on port 25 with a random dst port (by a lot I mean a few every second). What would cause that? I'm not having any mail flow problems, but I'm just wondering if this is a problem I should worry about.
This is an example of the deny log (I replaced our local relay servers IP with "localip" and the target public ip with "publicip":
09-04-2008 15:19:57 Local4.Warning 10.15.1.254 Sep 04 2008 15:19:56: %ASA-4-106023: Deny tcp src Outside-Servers:localaddress/25 dst outside:remoteaddress/58496 by access-group "server-acl" [0x0, 0x0]