Strange (mail related) traffic on my server

Question

I'm noticing strange traffic on my webserver which is around 50kbps constantly. Doing a (few seconds worth of) tcpdump on the specific ip address, I get this (pardon the huge list):

09:33:02.385238 IP 40.101.8.117.25113 > my.server.com.pop3s: P 551:588(37) ack 57224 win 8212
09:33:02.385321 IP my.server.com.pop3s > 40.101.8.117.25113: P 57224:57277(53) ack 588 win 63
09:33:02.385520 IP my.server.com.pop3s > 40.101.8.117.25113: FP 57277:57314(37) ack 588 win 63
09:33:02.388842 IP 40.101.8.117.25113 > my.server.com.pop3s: . ack 57315 win 8212
09:33:02.424144 IP my.server.com.smtp > 194.187.172.9.61090: S 1298390814:1298390814(0) ack 696776724 win 5840 <mss 1460>
09:33:02.630389 IP 40.101.8.117.25113 > my.server.com.pop3s: R 588:588(0) ack 57315 win 0
09:33:02.636771 IP 40.101.8.117.40293 > my.server.com.pop3s: SWE 1446068404:1446068404(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
09:33:02.636781 IP my.server.com.pop3s > 40.101.8.117.40293: S 1297662961:1297662961(0) ack 1446068405 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 7>
09:33:02.640090 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 1 win 8212
09:33:02.640608 IP 40.101.8.117.40293 > my.server.com.pop3s: P 1:136(135) ack 1 win 8212
09:33:02.640615 IP my.server.com.pop3s > 40.101.8.117.40293: . ack 136 win 54
09:33:02.642512 IP my.server.com.pop3s > 40.101.8.117.40293: P 1:821(820) ack 136 win 54
09:33:02.646258 IP 40.101.8.117.40293 > my.server.com.pop3s: P 136:334(198) ack 821 win 8209
09:33:02.648807 IP my.server.com.pop3s > 40.101.8.117.40293: P 821:880(59) ack 334 win 63
09:33:02.672588 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 880 win 8209
09:33:02.672601 IP my.server.com.pop3s > 40.101.8.117.40293: P 880:933(53) ack 334 win 63
09:33:02.676305 IP 40.101.8.117.40293 > my.server.com.pop3s: P 334:387(53) ack 933 win 8208
09:33:02.676378 IP my.server.com.pop3s > 40.101.8.117.40293: P 933:986(53) ack 387 win 63
09:33:02.680023 IP 40.101.8.117.40293 > my.server.com.pop3s: P 387:440(53) ack 986 win 8208
09:33:02.697193 IP my.server.com.pop3s > 40.101.8.117.40293: P 986:1039(53) ack 440 win 63
09:33:02.700554 IP 40.101.8.117.40293 > my.server.com.pop3s: P 440:477(37) ack 1039 win 8208
09:33:02.700612 IP my.server.com.pop3s > 40.101.8.117.40293: P 1039:1188(149) ack 477 win 63
09:33:02.704042 IP 40.101.8.117.40293 > my.server.com.pop3s: P 477:514(37) ack 1188 win 8207
09:33:02.704088 IP my.server.com.pop3s > 40.101.8.117.40293: P 1188:1241(53) ack 514 win 63
09:33:02.707420 IP 40.101.8.117.40293 > my.server.com.pop3s: P 514:551(37) ack 1241 win 8207
09:33:02.707491 IP my.server.com.pop3s > 40.101.8.117.40293: P 1241:2302(1061) ack 551 win 63
09:33:02.707583 IP my.server.com.pop3s > 40.101.8.117.40293: . 2302:3762(1460) ack 551 win 63
09:33:02.711094 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 3762 win 8212
09:33:02.711100 IP my.server.com.pop3s > 40.101.8.117.40293: . 3762:5222(1460) ack 551 win 63
09:33:02.711102 IP my.server.com.pop3s > 40.101.8.117.40293: . 5222:6682(1460) ack 551 win 63
09:33:02.711104 IP my.server.com.pop3s > 40.101.8.117.40293: . 6682:8142(1460) ack 551 win 63
09:33:02.715294 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 6682 win 8212
09:33:02.715299 IP my.server.com.pop3s > 40.101.8.117.40293: . 8142:9602(1460) ack 551 win 63
09:33:02.715301 IP my.server.com.pop3s > 40.101.8.117.40293: . 9602:11062(1460) ack 551 win 63
09:33:02.715302 IP my.server.com.pop3s > 40.101.8.117.40293: . 11062:12522(1460) ack 551 win 63
09:33:02.715799 IP my.server.com.pop3 > 194.187.172.9.39400: S 1266943943:1266943943(0) ack 513632612 win 5840 <mss 1460>
09:33:02.718967 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 9602 win 8212
09:33:02.718974 IP my.server.com.pop3s > 40.101.8.117.40293: P 12522:13982(1460) ack 551 win 63
09:33:02.718975 IP my.server.com.pop3s > 40.101.8.117.40293: . 13982:15442(1460) ack 551 win 63
09:33:02.718977 IP my.server.com.pop3s > 40.101.8.117.40293: . 15442:16902(1460) ack 551 win 63
09:33:02.719568 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 12522 win 8212
09:33:02.719571 IP my.server.com.pop3s > 40.101.8.117.40293: . 16902:18362(1460) ack 551 win 63
09:33:02.719573 IP my.server.com.pop3s > 40.101.8.117.40293: P 18362:19822(1460) ack 551 win 63
09:33:02.719586 IP my.server.com.pop3s > 40.101.8.117.40293: . 19822:21282(1460) ack 551 win 63
09:33:02.723039 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 15442 win 8212
09:33:02.723044 IP my.server.com.pop3s > 40.101.8.117.40293: . 21282:22742(1460) ack 551 win 63
09:33:02.723045 IP my.server.com.pop3s > 40.101.8.117.40293: . 22742:24202(1460) ack 551 win 63
09:33:02.723047 IP my.server.com.pop3s > 40.101.8.117.40293: . 24202:25662(1460) ack 551 win 63
09:33:02.723299 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 18362 win 8212
09:33:02.723302 IP my.server.com.pop3s > 40.101.8.117.40293: . 25662:27122(1460) ack 551 win 63
09:33:02.723304 IP my.server.com.pop3s > 40.101.8.117.40293: . 27122:28582(1460) ack 551 win 63
09:33:02.723306 IP my.server.com.pop3s > 40.101.8.117.40293: P 28582:30042(1460) ack 551 win 63
09:33:02.723534 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 21282 win 8212
09:33:02.723549 IP my.server.com.pop3s > 40.101.8.117.40293: P 30042:31492(1450) ack 551 win 63
09:33:02.723663 IP my.server.com.pop3s > 40.101.8.117.40293: . 31492:32952(1460) ack 551 win 63
09:33:02.723667 IP my.server.com.pop3s > 40.101.8.117.40293: . 32952:34412(1460) ack 551 win 63
09:33:02.726595 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 24202 win 8212
09:33:02.726603 IP my.server.com.pop3s > 40.101.8.117.40293: . 34412:35872(1460) ack 551 win 63
09:33:02.726605 IP my.server.com.pop3s > 40.101.8.117.40293: . 35872:37332(1460) ack 551 win 63
09:33:02.726606 IP my.server.com.pop3s > 40.101.8.117.40293: . 37332:38792(1460) ack 551 win 63
09:33:02.726854 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 27122 win 8212
09:33:02.726858 IP my.server.com.pop3s > 40.101.8.117.40293: . 38792:40252(1460) ack 551 win 63
09:33:02.726859 IP my.server.com.pop3s > 40.101.8.117.40293: . 40252:41712(1460) ack 551 win 63
09:33:02.726861 IP my.server.com.pop3s > 40.101.8.117.40293: . 41712:43172(1460) ack 551 win 63
09:33:02.727128 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 30042 win 8212
09:33:02.727131 IP my.server.com.pop3s > 40.101.8.117.40293: . 43172:44632(1460) ack 551 win 63
09:33:02.727133 IP my.server.com.pop3s > 40.101.8.117.40293: . 44632:46092(1460) ack 551 win 63
09:33:02.727134 IP my.server.com.pop3s > 40.101.8.117.40293: P 46092:47552(1460) ack 551 win 63
09:33:02.727347 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 32952 win 8212
09:33:02.727363 IP my.server.com.pop3s > 40.101.8.117.40293: P 47552:47950(398) ack 551 win 63
09:33:02.727480 IP my.server.com.pop3s > 40.101.8.117.40293: . 47950:49410(1460) ack 551 win 63
09:33:02.727484 IP my.server.com.pop3s > 40.101.8.117.40293: . 49410:50870(1460) ack 551 win 63
09:33:02.730212 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 35872 win 8212
09:33:02.730217 IP my.server.com.pop3s > 40.101.8.117.40293: . 50870:52330(1460) ack 551 win 63
09:33:02.730219 IP my.server.com.pop3s > 40.101.8.117.40293: . 52330:53790(1460) ack 551 win 63
09:33:02.730220 IP my.server.com.pop3s > 40.101.8.117.40293: . 53790:55250(1460) ack 551 win 63
09:33:02.730420 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 38792 win 8212
09:33:02.730424 IP my.server.com.pop3s > 40.101.8.117.40293: . 55250:56710(1460) ack 551 win 63
09:33:02.730621 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 41712 win 8212
09:33:02.730884 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 44632 win 8212
09:33:02.731098 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 47552 win 8212
09:33:02.731248 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 49410 win 8212
09:33:02.731251 IP my.server.com.pop3s > 40.101.8.117.40293: P 56710:57224(514) ack 551 win 63
09:33:02.733815 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 52330 win 8212
09:33:02.734008 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 55250 win 8212
09:33:02.734620 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 57224 win 8212
09:33:02.736021 IP 40.101.8.117.40293 > my.server.com.pop3s: P 551:588(37) ack 57224 win 8212
09:33:02.736092 IP my.server.com.pop3s > 40.101.8.117.40293: P 57224:58285(1061) ack 588 win 63
09:33:02.736137 IP my.server.com.pop3s > 40.101.8.117.40293: . 58285:59745(1460) ack 588 win 63
09:33:02.736162 IP my.server.com.pop3s > 40.101.8.117.40293: . 59745:61205(1460) ack 588 win 63
09:33:02.736208 IP my.server.com.pop3s > 40.101.8.117.40293: . 61205:62665(1460) ack 588 win 63
09:33:02.736232 IP my.server.com.pop3s > 40.101.8.117.40293: . 62665:64125(1460) ack 588 win 63
09:33:02.736257 IP my.server.com.pop3s > 40.101.8.117.40293: . 64125:65585(1460) ack 588 win 63
09:33:02.736301 IP my.server.com.pop3s > 40.101.8.117.40293: . 65585:67045(1460) ack 588 win 63
09:33:02.736326 IP my.server.com.pop3s > 40.101.8.117.40293: . 67045:68505(1460) ack 588 win 63
09:33:02.736364 IP my.server.com.pop3s > 40.101.8.117.40293: . 68505:69965(1460) ack 588 win 63
09:33:02.736389 IP my.server.com.pop3s > 40.101.8.117.40293: . 69965:71425(1460) ack 588 win 63
09:33:02.736427 IP my.server.com.pop3s > 40.101.8.117.40293: . 71425:72885(1460) ack 588 win 63
09:33:02.736451 IP my.server.com.pop3s > 40.101.8.117.40293: . 72885:74345(1460) ack 588 win 63
09:33:02.736489 IP my.server.com.pop3s > 40.101.8.117.40293: . 74345:75805(1460) ack 588 win 63
09:33:02.736492 IP my.server.com.pop3s > 40.101.8.117.40293: . 75805:77265(1460) ack 588 win 63
09:33:02.736535 IP my.server.com.pop3s > 40.101.8.117.40293: . 77265:78725(1460) ack 588 win 63
09:33:02.739625 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 59745 win 8212
09:33:02.739631 IP my.server.com.pop3s > 40.101.8.117.40293: . 78725:80185(1460) ack 588 win 63
09:33:02.739632 IP my.server.com.pop3s > 40.101.8.117.40293: . 80185:81645(1460) ack 588 win 63
09:33:02.739634 IP my.server.com.pop3s > 40.101.8.117.40293: . 81645:83105(1460) ack 588 win 63
09:33:02.739942 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 62665 win 8212
09:33:02.739946 IP my.server.com.pop3s > 40.101.8.117.40293: P 83105:84097(992) ack 588 win 63
09:33:02.740242 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 65585 win 8212
09:33:02.740391 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 68505 win 8212
09:33:02.740686 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 71425 win 8212
09:33:02.740933 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 74345 win 8212
09:33:02.741176 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 77265 win 8212
09:33:02.743035 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 80185 win 8212
09:33:02.743536 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 83105 win 8212
09:33:02.745416 IP 40.101.8.117.40293 > my.server.com.pop3s: P 588:625(37) ack 84097 win 8208
09:33:02.755735 IP my.server.com.pop3s > 40.101.8.117.40293: P 84097:85158(1061) ack 625 win 63
09:33:02.755815 IP my.server.com.pop3s > 40.101.8.117.40293: . 85158:86618(1460) ack 625 win 63
09:33:02.759400 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 86618 win 8212
09:33:02.759413 IP my.server.com.pop3s > 40.101.8.117.40293: P 86618:87669(1051) ack 625 win 63
09:33:02.763032 IP 40.101.8.117.40293 > my.server.com.pop3s: P 625:678(53) ack 87669 win 8208
09:33:02.769289 IP my.server.com.pop3s > 40.101.8.117.40293: P 87669:88730(1061) ack 678 win 63
09:33:02.779679 IP my.server.com.https > 194.187.172.9.54941: S 1263982254:1263982254(0) ack 591669863 win 5840 <mss 1460>
09:33:02.792501 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 88730 win 8212
09:33:02.792519 IP my.server.com.pop3s > 40.101.8.117.40293: P 88730:90148(1418) ack 678 win 63
09:33:02.816504 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 90148 win 8206
09:33:02.983540 IP my.server.com.submission > 194.187.172.9.33854: S 1293313064:1293313064(0) ack 3870452117 win 5840 <mss 1460>
09:33:03.042997 IP 40.101.8.117.40293 > my.server.com.pop3s: P 678:715(37) ack 90148 win 8206
09:33:03.043117 IP my.server.com.pop3s > 40.101.8.117.40293: P 90148:90201(53) ack 715 win 63
09:33:03.043320 IP my.server.com.pop3s > 40.101.8.117.40293: FP 90201:90238(37) ack 715 win 63
09:33:03.046614 IP 40.101.8.117.40293 > my.server.com.pop3s: . ack 90239 win 8212
09:33:03.047044 IP 40.101.8.117.40293 > my.server.com.pop3s: R 715:715(0) ack 90239 win 0
09:33:03.079568 IP 194.187.172.9.48421 > my.server.com.https: S 4264579235:4264579235(0) win 29200
09:33:03.079588 IP my.server.com.https > 194.187.172.9.48421: S 1312334752:1312334752(0) ack 4264579236 win 5840 <mss 1460>
09:33:03.115467 IP my.server.com.pop3 > 194.187.172.9.36472: S 1303075663:1303075663(0) ack 137590602 win 5840 <mss 1460>
09:33:03.122330 IP 194.187.172.9.55960 > my.server.com.submission: S 3933198553:3933198553(0) win 29200
09:33:03.122342 IP my.server.com.submission > 194.187.172.9.55960: S 1312159497:1312159497(0) ack 3933198554 win 5840 <mss 1460>
09:33:03.223352 IP my.server.com.smtp > 194.187.172.9.65385: S 1282670643:1282670643(0) ack 364019544 win 5840 <mss 1460>
09:33:03.223356 IP my.server.com.smtp > 194.187.172.9.53019: S 1215914394:1215914394(0) ack 220134958 win 5840 <mss 1460>
09:33:03.402454 IP 194.187.172.9.50321 > my.server.com.ftp: S 2651955289:2651955289(0) win 29200
09:33:03.402476 IP my.server.com.ftp > 194.187.172.9.50321: S 1304419046:1304419046(0) ack 2651955290 win 5840 <mss 1460>
09:33:03.515100 IP my.server.com.pop3 > 194.187.172.9.44445: S 1290670717:1290670717(0) ack 1573452704 win 5840 <mss 1460>
09:33:03.710941 IP my.server.com.pop3s > 194.187.172.9.50164: S 1290684941:1290684941(0) ack 3519706082 win 5840 <mss 1460>
09:33:03.778873 IP my.server.com.https > 194.187.172.9.40075: S 1215942759:1215942759(0) ack 926962103 win 5840 <mss 1460>
09:33:03.822773 IP my.server.com.smtp > 194.187.172.9.51520: S 1303374796:1303374796(0) ack 1164064911 win 5840 <mss 1460>
09:33:03.978586 IP my.server.com.https > 194.187.172.9.54721: S 1213851703:1213851703(0) ack 1732550431 win 5840 <mss 1460>
09:33:04.030528 IP my.server.com.ftp > 194.187.172.9.52614: S 1210467771:1210467771(0) ack 1979014129 win 5840 <mss 1460>
09:33:04.122426 IP my.server.com.www > 194.187.172.9.62225: S 1277551319:1277551319(0) ack 780076023 win 5840 <mss 1460>
09:33:04.190338 IP my.server.com.imap2 > 194.187.172.9.33566: S 1281277639:1281277639(0) ack 1631338682 win 5840 <mss 1460>
09:33:04.378123 IP my.server.com.https > 194.187.172.9.47332: S 1301993201:1301993201(0) ack 134137318 win 5840 <mss 1460>
09:33:04.390107 IP my.server.com.imap2 > 194.187.172.9.37723: S 1302134477:1302134477(0) ack 1242652868 win 5840 <mss 1460>
09:33:04.422068 IP my.server.com.smtp > 194.187.172.9.38423: S 1288684043:1288684043(0) ack 2059251295 win 5840 <mss 1460>
09:33:04.567701 IP 194.187.172.9.48718 > my.server.com.pop3: S 2635281353:2635281353(0) win 29200
09:33:04.567706 IP my.server.com.pop3 > 194.187.172.9.48718: S 1310017122:1310017122(0) ack 2635281354 win 5840 <mss 1460>
09:33:04.581457 IP 194.187.172.9.46174 > my.server.com.ftp: S 984265860:984265860(0) win 29200
09:33:04.581464 IP my.server.com.ftp > 194.187.172.9.46174: S 1310048321:1310048321(0) ack 984265861 win 5840 <mss 1460>
09:33:04.581883 IP my.server.com.https > 194.187.172.9.50979: S 1289913672:1289913672(0) ack 856839526 win 5840 <mss 1460>
09:33:04.793638 IP my.server.com.imap2 > 194.187.172.9.46838: S 1304995262:1304995262(0) ack 1202253926 win 5840 <mss 1460>
09:33:04.913497 IP my.server.com.pop3s > 194.187.172.9.64305: S 1293760610:1293760610(0) ack 2293442289 win 5840 <mss 1460>
09:33:05.193217 IP my.server.com.imap2 > 194.187.172.9.35882: S 1304168091:1304168091(0) ack 3287443154 win 5840 <mss 1460>
09:33:05.392986 IP my.server.com.imap2 > 194.187.172.9.50062: S 1296616947:1296616947(0) ack 2392695551 win 5840 <mss 1460>
09:33:05.432933 IP my.server.com.ftp > 194.187.172.9.41643: S 1309938430:1309938430(0) ack 3479705144 win 5840 <mss 1460>
09:33:05.507981 IP 194.187.172.9.40731 > my.server.com.www: S 2476706360:2476706360(0) win 29200
09:33:05.508007 IP my.server.com.www > 194.187.172.9.40731: S 1303137199:1303137199(0) ack 2476706361 win 5840 <mss 1460>
09:33:05.512842 IP my.server.com.pop3s > 194.187.172.9.57095: S 1286562223:1286562223(0) ack 1823733716 win 5840 <mss 1460>
09:33:05.712622 IP my.server.com.pop3s > 194.187.172.9.46852: S 1306375377:1306375377(0) ack 4026526065 win 5840 <mss 1460>
09:33:05.784627 IP my.server.com.imaps > 194.187.172.9.37806: S 1299481045:1299481045(0) ack 4166006867 win 5840 <mss 1460>
09:33:06.032583 IP my.server.com.ftp > 194.187.172.9.65430: S 1211978260:1211978260(0) ack 1501211231 win 5840 <mss 1460>
09:33:06.112594 IP my.server.com.pop3s > 194.187.172.9.45409: S 1281039658:1281039658(0) ack 1753481667 win 5840 <mss 1460>
09:33:06.184586 IP my.server.com.submission > 194.187.172.9.55960: S 1312159497:1312159497(0) ack 3933198554 win 5840 <mss 1460>
09:33:06.316526 IP my.server.com.pop3 > 194.187.172.9.34963: S 1310300096:1310300096(0) ack 2668614578 win 5840 <mss 1460>
09:33:06.347189 IP 194.187.172.9.38679 > my.server.com.smtp: S 2756153021:2756153021(0) win 29200
09:33:06.347196 IP my.server.com.smtp > 194.187.172.9.38679: S 1315384332:1315384332(0) ack 2756153022 win 5840 <mss 1460>
09:33:06.392434 IP my.server.com.imap2 > 194.187.172.9.61873: S 1302188975:1302188975(0) ack 2311967775 win 5840 <mss 1460>
09:33:06.512300 IP my.server.com.pop3s > 194.187.172.9.36644: S 1302388939:1302388939(0) ack 750814503 win 5840 <mss 1460>
09:33:06.623620 IP 194.187.172.9.59222 > my.server.com.ftp: S 3997562915:3997562915(0) win 29200
09:33:06.623625 IP my.server.com.ftp > 194.187.172.9.59222: S 1300992972:1300992972(0) ack 3997562916 win 5840 <mss 1460>
09:33:06.632154 IP my.server.com.ftp > 194.187.172.9.50321: S 1304419046:1304419046(0) ack 2651955290 win 5840 <mss 1460>
09:33:06.712062 IP my.server.com.pop3s > 194.187.172.9.55181: S 1258820025:1258820025(0) ack 2712852649 win 5840 <mss 1460>
09:33:06.779980 IP my.server.com.https > 194.187.172.9.48421: S 1312334752:1312334752(0) ack 4264579236 win 5840 <mss 1460>
09:33:07.115591 IP my.server.com.pop3 > 194.187.172.9.61196: S 1208610708:1208610708(0) ack 3046783999 win 5840 <mss 1460>
09:33:07.183514 IP my.server.com.imaps > 194.187.172.9.63239: S 1285997967:1285997967(0) ack 799444045 win 5840 <mss 1460>
09:33:07.509255 IP 194.187.172.9.46828 > my.server.com.pop3s: S 31449381:31449381(0) win 29200
09:33:07.509259 IP my.server.com.pop3s > 194.187.172.9.46828: S 1311528567:1311528567(0) ack 31449382 win 5840 <mss 1460>
09:33:07.623004 IP my.server.com.smtp > 194.187.172.9.64812: S 1307028520:1307028520(0) ack 980469880 win 5840 <mss 1460>
09:33:07.630994 IP my.server.com.ftp > 194.187.172.9.55379: S 1255582847:1255582847(0) ack 2109754992 win 5840 <mss 1460>
09:33:08.022541 IP my.server.com.smtp > 194.187.172.9.39303: S 1263100398:1263100398(0) ack 2763334230 win 5840 <mss 1460>
09:33:08.030528 IP my.server.com.ftp > 194.187.172.9.35108: S 1296119199:1296119199(0) ack 991677780 win 5840 <mss 1460>
09:33:08.060224 IP 194.187.172.9.35467 > my.server.com.submission: S 611560370:611560370(0) win 29200
09:33:08.060227 IP my.server.com.submission > 194.187.172.9.35467: S 1306605200:1306605200(0) ack 611560371 win 5840 <mss 1460>
09:33:08.114436 IP my.server.com.pop3 > 194.187.172.9.38267: S 1219342640:1219342640(0) ack 950036170 win 5840 <mss 1460>
09:33:08.190346 IP my.server.com.imap2 > 194.187.172.9.45678: S 1211185162:1211185162(0) ack 3953870202 win 5840 <mss 1460>
09:33:08.230296 IP my.server.com.ftp > 194.187.172.9.46174: S 1310048321:1310048321(0) ack 984265861 win 5840 <mss 1460>
09:33:08.323430 IP my.server.com.www > 194.187.172.9.57007: S 1216820507:1216820507(0) ack 2432881511 win 5840 <mss 1460>
09:33:08.382245 IP my.server.com.imaps > 194.187.172.9.46611: S 1260247275:1260247275(0) ack 3326501141 win 5840 <mss 1460>
09:33:08.422184 IP my.server.com.smtp > 194.187.172.9.52287: S 1267656577:1267656577(0) ack 3927123671 win 5840 <mss 1460>
09:33:08.422188 IP my.server.com.smtp > 194.187.172.9.61090: S 1298390814:1298390814(0) ack 696776724 win 5840 <mss 1460>
09:33:08.922142 IP my.server.com.www > 194.187.172.9.40731: S 1303137199:1303137199(0) ack 2476706361 win 5840 <mss 1460>
09:33:09.011902 IP 194.187.172.9.44808 > my.server.com.pop3s: S 2563248690:2563248690(0) win 29200
09:33:09.011908 IP my.server.com.pop3s > 194.187.172.9.44808: S 1304724473:1304724473(0) ack 2563248691 win 5840 <mss 1460>
09:33:09.117362 IP my.server.com.pop3 > 194.187.172.9.48718: S 1310017122:1310017122(0) ack 2635281354 win 5840 <mss 1460>
09:33:09.385112 IP my.server.com.submission > 194.187.172.9.61828: S 1263284872:1263284872(0) ack 1625007754 win 5840 <mss 1460>

(I replaced my real servers name with "my.server.com")

Does anyone know what's going on?

`40.101.8.117` is connecting to your server on POP3S. `194.187.172.9` is connecting to your server on FTP, SMTP, POP3, POP3S, HTTPS, HTTP, IMAP, etc. etc. What's the problem? — Lenniey, Oct 23 '19 at 08:26
And why would they do that? Constantly? A few hundred times per second? I'm guessing this is some kind of amplification attack, but I have no idea how it works and how to stop it. — Zippy1970, Oct 23 '19 at 08:30
Well, is your server a mailserver? Maybe these are legitimate connections, maye some form of portscan, maybe some form of Denial of Service attack...we couldn't know. — Lenniey, Oct 23 '19 at 08:33
The place to look for clues would be your mail logs - especially as you have the IP address to cross-correlate against. — davidgo, Oct 23 '19 at 08:40
That's just it. My mail logs don't show anything related to these ip addresses. Or any log for that matter. — Zippy1970, Oct 23 '19 at 08:55
I checked my logs further and I see the same thing happening on all the server;s IP addresses, and not only on the pop3 port, but also http, https, smtp and msa port. So I'm pretty sure my server is used in some kind of reflection attack. — Zippy1970, Oct 25 '19 at 17:34

Strange (mail related) traffic on my server

0 Answers0