I have several external POP accounts with many email service providers. I use the Outlook desktop app to check email on all of those accounts. I use port 995 to check email on all accounts. The Outlook client is behind the Sophos UTM which has a firewall rule to allow traffic out on port 995. I do not currently have any Sophos UTM Email Protection settings specified for any of these POP accounts.
I installed Mail-In-A-Box (MIAB) on an external server to be used primarily for server monitoring emails. It seems to be working fine. I can send and receive emails but why is it that only MIAB tries to initiate a separate connection back to me, from port 995, each time I check email? These separate connections are being dropped by Sophos UTM.
2021:06:25-02:13:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="56" srcport="995" dstport="58354" tcpflags="RST" 2021:06:25-02:13:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="56" srcport="995" dstport="58354" tcpflags="RST" 2021:06:25-02:15:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="55" srcport="995" dstport="58594" tcpflags="RST" 2021:06:25-02:15:21 gateway ulogd[600]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="22:f7:c0:c9:06:55" dstmac="a2:ba:db:e6:cd:54" srcip="<public IP of MIAB server>" dstip="<public IP of Outlook client>" proto="6" length="40" tos="0x00" prec="0x20" ttl="55" srcport="995" dstport="59151" tcpflags="RST"
So every time I use Outlook to check email on the MIAB server, Sophos blocks connections from port 995 of the MIAB server. I do not see this type of behavior from any other external email server that I connect to.
I'm guessing MIAB is simply responding to the connections I establish. Should I ignore, create a Sophos UTM firewall rule just to stop logging these events or should Sophos not be dropping this traffic?
This thread was automatically locked due to age.
