We have BM3.5 installed on our server. I have temporarily turned on
global logging to just view the files. I have been trying to find
information that would explain in better detail how to decipher to log to
see if someone has gained access internally. I stumbled across a log
entry this morning that was inbound to every server in our network. The
log looked like this (I have 'x'd out the ip addresses.
-0500,xxx.xx.xxx.xxx,192.xxx.x.xxTCP,2360,445,SYN,1 ,1,2,-,-,INBOUND
-0500,xxx.xx.xxx.xxx,192.xxx.x.xx,TCP,2361,445,SYN, 1,1,2,-,-,INBOUND
-0500,xxx.xx.xxx.xxx,192.xxx.x.xx,TCP,2362,445,SYN, 1,1,2,-,-,INBOUND

0500,xxx.xx.xxx.xxx,192.xxx.x.xx,TCP,2915,445,FIN ACK,1,1,2,-,-,INBOUND
-0500,xxx.xx.xxx.xxx,192.xxx.x.x,TCP,2915,445,RST,1 ,1,2,-,-,INBOUND
-0500,xxx.xx.xxx.xxx,,TCP,2915,445,RST, 1,1,2,-,-,INBOUND

I was concerned because of the SYN, FIN, RST in the logs. Is this
something that indicates access to our servers? We have been receiving of
course a lot of spam and have been concerned we may be used as a spam
server. Is there any information available that details these logs and
what I should look for that might be cause for concern?