Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 3 subscribers
  • Views 1554 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connection Problem with pop3s or imaps

RemoHehlert

Hi @all,

i have some trouble with connection from internal server (ubuntu) over our Sophos Firwall to an external MSX. The MSX has 3 availble IP and connections are over one DNS Name of the MSX.

The TCP dump on Sophos shows this:

14:20:01.924040 IP internal_Srv.48336 > MSX_IP2.pop3s: Flags [S], seq 3757526706, win 29200, options [mss 1460,sackOK,TS val 40464913 ecr 0,nop,wscale 7], length 0
14:20:02.920623 IP internal_Srv.48336 > MSX_IP2.pop3s: Flags [S], seq 3757526706, win 29200, options [mss 1460,sackOK,TS val 40465163 ecr 0,nop,wscale 7], length 0
14:20:04.924565 IP internal_Srv.48336 > MSX_IP2.pop3s: Flags [S], seq 3757526706, win 29200, options [mss 1460,sackOK,TS val 40465664 ecr 0,nop,wscale 7], length 0
14:20:08.932613 IP internal_Srv.48336 > MSX_IP2.pop3s: Flags [S], seq 3757526706, win 29200, options [mss 1460,sackOK,TS val 40466666 ecr 0,nop,wscale 7], length 0
14:20:11.324954 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [S], seq 2667523278, win 29200, options [mss 1460,sackOK,TS val 40467264 ecr 0,nop,wscale 7], length 0
14:20:11.328744 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [S.], seq 3722905482, ack 2667523279, win 65535, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
14:20:11.329134 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [.], ack 1, win 229, length 0
14:20:11.329548 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [P.], seq 1:266, ack 1, win 229, length 265
14:20:11.334026 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [.], seq 1:1461, ack 266, win 65534, length 1460
14:20:11.334296 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [.], seq 1461:2921, ack 266, win 65534, length 1460
14:20:11.334321 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [P.], seq 2921:3311, ack 266, win 65534, length 390
14:20:11.334417 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [.], ack 1461, win 251, length 0
14:20:11.334556 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [.], ack 2921, win 274, length 0
14:20:11.334594 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [.], ack 3311, win 297, length 0
14:20:11.342554 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [P.], seq 266:424, ack 3311, win 297, length 158
14:20:11.346380 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [P.], seq 3311:3362, ack 424, win 65533, length 51
14:20:11.384540 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [.], ack 3362, win 297, length 0
14:20:11.387304 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [P.], seq 3362:3442, ack 424, win 65533, length 80
14:20:11.387632 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [.], ack 3442, win 297, length 0
14:20:11.387784 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [P.], seq 424:459, ack 3442, win 297, length 35
14:20:11.390333 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [P.], seq 3442:3508, ack 459, win 65533, length 66
14:20:11.396029 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [P.], seq 459:500, ack 3508, win 297, length 41
14:20:11.398523 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [P.], seq 3508:3541, ack 500, win 65533, length 33
14:20:11.398813 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [P.], seq 500:563, ack 3541, win 297, length 63
14:20:11.411319 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [.], ack 563, win 65533, length 0
14:20:11.566965 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [P.], seq 3541:3608, ack 563, win 65533, length 67
14:20:11.567492 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [P.], seq 563:598, ack 3608, win 297, length 35
14:20:11.570713 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [P.], seq 3608:3705, ack 598, win 65533, length 97
14:20:11.571129 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [P.], seq 598:633, ack 3705, win 297, length 35
14:20:11.575140 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [P.], seq 3705:3743, ack 633, win 65533, length 38
14:20:11.575630 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [P.], seq 633:668, ack 3743, win 297, length 35
14:20:11.578850 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [P.], seq 3743:3784, ack 668, win 65533, length 41
14:20:11.594602 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [P.], seq 668:703, ack 3784, win 297, length 35
14:20:11.597839 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [P.], seq 3784:3874, ack 703, win 65532, length 90
14:20:11.598232 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [P.], seq 703:734, ack 3874, win 297, length 31
14:20:11.598233 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [F.], seq 734, ack 3874, win 297, length 0
14:20:11.598315 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [F.], seq 3874, ack 703, win 65532, length 0
14:20:11.598587 IP internal_Srv.43126 > MSX_IP1.pop3s: Flags [.], ack 3875, win 297, length 0
14:20:11.600761 IP MSX_IP1.pop3s > internal_Srv.43126: Flags [R.], seq 3875, ack 734, win 0, length 0
14:20:16.956487 IP internal_Srv.48336 > MSX_IP2.pop3s: Flags [S], seq 3757526706, win 29200, options [mss 1460,sackOK,TS val 40468672 ecr 0,nop,wscale 7], length 0

Same time on Sophos Firewall Log:

after some failed and retreis i get the connection and also the data.

Is that something what i can do on my site or is that mybe a problem on MSX?

The MSx is located on AWS and i have no access to the server only get and send mails.

Thank you very much for helping

wrbrgds

TBC



This thread was automatically locked due to age.
Unfiltered HTML