Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 2923 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS blocking email

jlbrown
Legitimate email is being blocked by the IPS:

Message........: SMTP Content-Transfer-Encoding overflow attempt
Details........: Snort ::
Time...........: 2012:11:23-11:41:00
Packet dropped.: yes
Priority.......: high
Classification.: Attempted Administrator Privilege Gain
IP protocol....: 6 (TCP)

Source IP address: 192.168.1.2 (astaro1)


The email is stuck in the SMTP Spool, and keeps trying to resend it.

Any suggestions on how to fix this?

Should I just put an exception in for this rule?

Doesn't sound like a safe solution, long-term.

Running 8.307 (waiting for HA version of release 9!)

Thanks,

James.


This thread was automatically locked due to age.
Parents
  • 0
    I'm not seeing this anywhere else, James.  I'd be surprised if your server is one of the unpatched Sendmail versions mentioned, so you probably could turn that rule off.  Can you confirm that your mail server is listed on the 'Advanced' tab?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I'm not seeing this anywhere else, James.  I'd be surprised if your server is one of the unpatched Sendmail versions mentioned, so you probably could turn that rule off.  Can you confirm that your mail server is listed on the 'Advanced' tab?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Cookie Information Banner