Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SMTP question

I have two mail relay servers (running brightmail) in our DMZ which accept inbound and send outbound mail. Everything works fine and has been working fine for a long time. However I do see a lot of Denied traffic from these servers, sourcing on port 25 with a random dst port (by a lot I mean a few every second). What would cause that? I'm not having any mail flow problems, but I'm just wondering if this is a problem I should worry about.

This is an example of the deny log (I replaced our local relay servers IP with "localip" and the target public ip with "publicip":

09-04-2008 15:19:57 Local4.Warning 10.15.1.254 Sep 04 2008 15:19:56: %ASA-4-106023: Deny tcp src Outside-Servers:localaddress/25 dst outside:remoteaddress/58496 by access-group "server-acl" [0x0, 0x0]

1 REPLY
New Member

Re: SMTP question

Hi,

I looks like a ack on a mail comming ind, but if you are shure that you get all mails, I would do a network sniffing to see the tcp option bits, this will telle you more and you will se the session.

/Soren

116
Views
0
Helpful
1
Replies
CreatePlease to create content