Hi everyone,
Our email setup hasn't changed. The exchange server uses the Astaro as a smart host which relays outgoing mail. No outgoing scanning is turned on.
While looking through our Astaro today to solve other issues, I can across some interesting messages in the IPS Live Log showing that my exchange server is attempting to communicate with my Astaro (I assume it is relaying emails as normal) and IPS is dropping these connections.
Here is the error from the IPS log (I've placed x for privacy):
2011:01:20-13:27:41 main snort[5240]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="" reason="(smtp) Attempted response buffer overflow: 963 chars" group="0" srcip="***.***.***.***(Mail Server)" dstip="***.***.***.***(Astaro)" proto="6" srcport="25" dstport="35342" sid="0" class="Attempted User Privilege Gain" priority="1" generator="124" msgid="1"
This error message seems to happen every 1-2 minutes in the log. Mail seems to be coming in and going out as normal so it's not crucial but I don't like seeing my logs fill up with constant errors for the same thing.
Has anyone come across this before? If no fix, should I just disable yet another IPS rule?
Thanks in Advance.
This thread was automatically locked due to age.
