Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
0
Helpful
1
Replies

SMTP question

niro
Level 1
Level 1

‎09-04-2008 11:21 AM - edited ‎03-11-2019 06:40 AM

I have two mail relay servers (running brightmail) in our DMZ which accept inbound and send outbound mail. Everything works fine and has been working fine for a long time. However I do see a lot of Denied traffic from these servers, sourcing on port 25 with a random dst port (by a lot I mean a few every second). What would cause that? I'm not having any mail flow problems, but I'm just wondering if this is a problem I should worry about.

This is an example of the deny log (I replaced our local relay servers IP with "localip" and the target public ip with "publicip":

09-04-2008 15:19:57 Local4.Warning 10.15.1.254 Sep 04 2008 15:19:56: %ASA-4-106023: Deny tcp src Outside-Servers:localaddress/25 dst outside:remoteaddress/58496 by access-group "server-acl" [0x0, 0x0]

Labels:
0 Helpful
1 Reply 1

knudsen-s
Level 1
Level 1

‎09-06-2008 05:13 AM

Hi,

I looks like a ack on a mail comming ind, but if you are shure that you get all mails, I would do a network sniffing to see the tcp option bits, this will telle you more and you will se the session.

/Soren

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card