Thread Info
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 1172 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Response connections being dropped

Jeff x

I have several external POP accounts with many email service providers. I use the Outlook desktop app to check email on all of those accounts. I use port 995 to check email on all accounts. The Outlook client is behind the Sophos UTM which has a firewall rule to allow traffic out on port 995. I do not currently have any Sophos UTM Email Protection settings specified for any of these POP accounts.

I installed Mail-In-A-Box (MIAB) on an external server to be used primarily for server monitoring emails. It seems to be working fine. I can send and receive emails but why is it that only MIAB tries to initiate a separate connection back to me, from port 995, each time I check email? These separate connections are being dropped by Sophos UTM.

2021:06:25-02:13:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="56" srcport="995" dstport="58354" tcpflags="RST"
2021:06:25-02:13:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="56" srcport="995" dstport="58354" tcpflags="RST"
2021:06:25-02:15:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="55" srcport="995" dstport="58594" tcpflags="RST"
2021:06:25-02:15:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="55" srcport="995" dstport="59151" tcpflags="RST"

So every time I use Outlook to check email on the MIAB server, Sophos blocks connections from port 995 of the MIAB server. I do not see this type of behavior from any other external email server that I connect to.

 I'm guessing MIAB is simply responding to the connections I establish. Should I ignore, create a Sophos UTM firewall rule just to stop logging these events or should Sophos not be dropping this traffic?



This thread was automatically locked due to age.

  • It looks like my reported issue is more of the same which has already been answered, here, by the maestro.

    I neglected to use the correct keywords to search for until someone else pointed them out to me (hits head against wall).

    --------------------------------------------------------------------
    Sophos UTM 9.718-5 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

Unfiltered HTML