This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spam Resolver + Spoof protection

Here's the deal...

With spoof protection on "strict" I'm getting thousands of Ack Psh Fin packets logged each day. With spoof protection on "normal" I get less but still too many. The culprit is:

64.191.223.35 or c2resolver1.ctmail.com or "full request (post)" = http://resolver1.ast.ctmail.com/spamresolverNG/spamresolver.dll?DoNewRequest

Other than turning off the spoof protection entirely (Which I did. It worked.) or turning the email protection off (Which I did. It worked.) does anyone have an idea that might reduce the number of log entries for what I think is legitimate traffic?

Thanks.

This thread was automatically locked due to age.

Parents

0 BAlfson over 10 years ago

Apparently, the "Use strict TCP session handling" evaluation takes place before the packet filter rules are referenced.

I would have to see a line or two from the Firewall log file. Maybe the traffic selector in the Firewall rule just needs to have a different destination.

Google site:astaro.org "Use strict TCP session handling".

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 10 years ago

Apparently, the "Use strict TCP session handling" evaluation takes place before the packet filter rules are referenced.

I would have to see a line or two from the Firewall log file. Maybe the traffic selector in the Firewall rule just needs to have a different destination.

Google site:astaro.org "Use strict TCP session handling".

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data