topic Re: SMTP over 587 in General Topics

SMTP over 587

sajin — Wed, 07 Aug 2019 12:15:27 GMT

One of our server is trying to access the domain "smtp.office365.com" with port 587. We configured Domain object and could see there are some intermittent drop in the firewall by the CLEAN UP RULE.

In the port 587, protocol SMTP is selected and after that we couldn't see drop but the traffic being bypassed.

Please explain by adding the protocol why the traffic is being bypassed.

Re: SMTP over 587

G_W_Albrecht — Wed, 07 Aug 2019 12:27:43 GMT

I would suggest that you should:

- Explain the first configuration including defined objects, their definition and the used rule(s)

- explain how you have changed what where for the second configuration

-. explain the differences in behavior of both configurations and what you mean with bypassed traffic ?

Re: SMTP over 587

sajin — Wed, 07 Aug 2019 13:24:35 GMT

Hi,

PLz see the attachment

In the attachment, server needs to reach Domain Objects with port 587 and there were drops in the logs.

As the port 587 is SMTP, we added the protocol SMTP in the corresponding port.

After that the traffic is bypassed in the logs its showing.

In the attachment you can understand whats going on.

Re: SMTP over 587

G_W_Albrecht — Wed, 07 Aug 2019 14:42:49 GMT

As i do not see the drop logs i can not assume a reason for the drops - but what is meant with bypass ? I only know bypass behavior from TP, an access rule can only accept, reject or drop...

Re: SMTP over 587

Wolfgang — Wed, 07 Aug 2019 20:09:29 GMT

I think the bypass action comes from applicationcontrol. SMTP on Port 587 is Encrypted SMTP. And I think the firewall is smart enough to detect the first connection on standard port 25 and then after seeing a StartTLS command moving to port 587.But doing a bypass because the connection is encrypted and can‘t be inspected without MTA on the gateway.

If you could show us more from the log we can see more needed details.

Wolfgang

Re: SMTP over 587

sajin — Thu, 08 Aug 2019 07:04:59 GMT

The drop is happening in the Final Clean UP RULE and in "fw ctl zdebug drop"it show only the clean up rule block.

Removing the Domain Object in the rule and when giving the resolvable IP in the destination there is no drop.

So is something happening with the the Domain Object or the port 587.

Re: SMTP over 587

_Val_ — Thu, 08 Aug 2019 07:49:24 GMT

@sajin Much more likely, your domain object cannot be resolved on your FW. Did you check if it is there?

Re: SMTP over 587

sajin — Thu, 08 Aug 2019 08:20:46 GMT

The drop is not happening regularly its intermittent. Among 7-10 accept packet we getting two drop packets.

Tried "fw up_execute" command and the IP is matching with the corresponding rule.

nslookup is working from the firewall.

Re: SMTP over 587

PhoneBoy — Mon, 12 Aug 2019 01:11:36 GMT

The drops with Domain Objects points to intermittent DNS lookup failures, as we do look it up periodically.
Recommend opening up a TAC case.

Re: SMTP over 587

yemiokubule — Thu, 04 Jan 2024 15:50:37 GMT

Hi All,

I have a similar issue, does anyone has a solution handy.

Regards