Some of the emails cannot be collected：Invalid TCP RST

Very simple, you do not have firewall rule that matches that traffic.

Ian

I set up a rule match, but the fault is still, the rest of the mail is normal, only part of it is not acceptable.

Thanks for Help

 The mail receipt is normal, but the email sent by 163.com is not acceptable. 163.com is one of the largest email service providers in China.

Hi,

that dropped message has nothing to do with your mail failure, that is a session that has timed out or has duplicate responses.

Are you saying the 163.com sends you mail to your mail server or do your users send mail to 163.com?

What do the logs show when you filter on 163.com IP?

Ian

The 163.com sends you mail to me，The firewall stopped

Setting the allowed rules is also invalid.

Log:

2018-05-08 10:02:45
messageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="Port4" out_interface="" src_mac="24:4c:07:bb:40:8d" src_ip="216.82.251.14" src_country="" dst_ip="27.166.242.150" dst_country="" protocol="TCP" src_port="57519" dst_port="25" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Could not associate packet to any connection." appresolvedby="Signature"

2018-05-08 09:58:35
messageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="" out_interface="" src_mac="" src_ip="121.40.146.87" src_country="" dst_ip="27.166.242.150" dst_country="" protocol="TCP" src_port="40899" dst_port="25" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Invalid TCP RST." appresolvedby="Signature"

Hi,

you do not have a rule allowing the 163.com to send you emails. You only have rule that says you can initiate a request for mail to be sent to you.

Do you have a mail server or just your PC?

Ian

Yes, I have a rule allowing the 163.com, But it is not working, I deleted it.

I have mail server Microsoft Exchange , I checked the rules and even reset the firewall. The fault remains.

I don't know why, maybe SOPHOS bug?

If you have a firewall mailbox with SOPHOS, I can try to send an email to you to see if it is normal.

Thank you for your help.

Hi,

you will need a business mail rule setup to allow incoming traffic to your server. You could try them MTA in stead of a business rule.

Ian

I try this,It is not working.The fault is still

I seem to find that the firewall has no record.

I think it's the Sophos that's incompatible with them? 

the rules and the hidden rules I've adjusted,

there's nothing wrong with it,

and I've found that it's like the firewall doesn't have a record,

You need to check your DNS and what it shows for 163.com because the checking i have done does not show any of those addresses in your posts.

Ian

I checked, DNS is correct

I checked, DNS is correct