Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 4 subscribers
  • Views 27911 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP port 25 outbound being dropped

Al Dempsey

I couldn't find a specific answer to this. So, sorry in advance if it is already answered.

Our UTM is dropping outbound TCP port 25 without any information on where the DROP is defined (logs don't have DEFAULT DROP, etc after time, before protocol). I do not have any automatic rules defined, all firewall rules have been manually created. I put a test rule at the top allowing TCP port 25 from a specific local IP to a specific external IP, no dice, initial SYN packet dropped. I even created a new service definition for TCP/UDP port 25 and set the rule to log initial packets. No logged packet in the logs, just the log about the packet being dropped by some unknown rule. Something is filtering the packets before they get to the defined (user or auto) firewall rules.

I read about SMTP proxy creating a hidden rule. Our UTM is only licensed for Network and Webserver Protection. We want to send SMTP emails from specific internal hosts to specific external hosts. 



This thread was automatically locked due to age.
  • 0 in reply to Al Dempsey

    If you do, phone them. I once tried to do it via email and it took months. They have improved massively in the last year or so and the two occasions I have called them, they have resolved straight away. One of them was a rule in the application filter. They will remote in via 123rescue.com and want CLI access so best to get that prepped beforehand to save time.

  • 0 in reply to Louis-M

    Louis-M,

    Thanks for the insight! 

  • 0 in reply to Al Dempsey

    Al, can you confirm that you're not violating #3 in Rulz?  Show us a picture of your existing firewall rule.  Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post one line corresponding to a blocked line above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML