Response connections being dropped

I have several external POP accounts with many email service providers. I use the Outlook desktop app to check email on all of those accounts. I use port 995 to check email on all accounts. The Outlook client is behind the Sophos UTM which has a firewall rule to allow traffic out on port 995. I do not currently have any Sophos UTM Email Protection settings specified for any of these POP accounts.

I installed Mail-In-A-Box (MIAB) on an external server to be used primarily for server monitoring emails. It seems to be working fine. I can send and receive emails but why is it that only MIAB tries to initiate a separate connection back to me, from port 995, each time I check email? These separate connections are being dropped by Sophos UTM.

2021:06:25-02:13:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="56" srcport="995" dstport="58354" tcpflags="RST"
2021:06:25-02:13:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="56" srcport="995" dstport="58354" tcpflags="RST"
2021:06:25-02:15:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="55" srcport="995" dstport="58594" tcpflags="RST"
2021:06:25-02:15:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="55" srcport="995" dstport="59151" tcpflags="RST"

So every time I use Outlook to check email on the MIAB server, Sophos blocks connections from port 995 of the MIAB server. I do not see this type of behavior from any other external email server that I connect to.

 I'm guessing MIAB is simply responding to the connections I establish. Should I ignore, create a Sophos UTM firewall rule just to stop logging these events or should Sophos not be dropping this traffic?



Change title
[edited by: jeffshead at 1:49 PM (GMT -7) on 25 Jun 2021]
  • It looks like my reported issue is more of the same which has already been answered, here, by the maestro.

    I neglected to use the correct keywords to search for until someone else pointed them out to me (hits head against wall).

    --------------------------------------------------------------

    9.707-5 Sophos UTM Software Home Edition
    Installed on a Dell OptiPlex XE SFF:

    • Intel® Core™2 Duo Processor E8600
      • 6M Cache, 3.33 GHz, 1333 MHz FSB
    • 8GB RAM