SMTP question

Unanswered Question

I have two mail relay servers (running brightmail) in our DMZ which accept inbound and send outbound mail. Everything works fine and has been working fine for a long time. However I do see a lot of Denied traffic from these servers, sourcing on port 25 with a random dst port (by a lot I mean a few every second). What would cause that? I'm not having any mail flow problems, but I'm just wondering if this is a problem I should worry about.

This is an example of the deny log (I replaced our local relay servers IP with "localip" and the target public ip with "publicip":

09-04-2008 15:19:57 Local4.Warning Sep 04 2008 15:19:56: %ASA-4-106023: Deny tcp src Outside-Servers:localaddress/25 dst outside:remoteaddress/58496 by access-group "server-acl" [0x0, 0x0]

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
knudsen-s Sat, 09/06/2008 - 05:13


I looks like a ack on a mail comming ind, but if you are shure that you get all mails, I would do a network sniffing to see the tcp option bits, this will telle you more and you will se the session.



This Discussion