cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Enabling SMTP port for mail security appliance in the DMZ

Is there a reason why a mail security appliance that's located at the DMZ cannot send mail to outside of my organization? Port 25 is enabled on the firewall. SmartView tracker does not show dropped smtp traffic from the host. Even a simple telnet from the appliance on port 25 is dropped.

Any suggestion would greatly be appreciated.

Thanks

0 Kudos
5 Replies
Admin
Admin

Re: Enabling SMTP port for mail security appliance in the DMZ

Does a tcpdump show the traffic even entering the Security Gateway?
0 Kudos

Re: Enabling SMTP port for mail security appliance in the DMZ

It does not look like the traffic is leaving the firewall. All I see on the tcpdump is TCP Retransmission error to the destination SMTP server. 

Ex.

6 30.999253 21.168.1.101 173.194.204.26 TCP 74 [TCP Retransmission] 34749 → 25 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1483731605 TSecr=0 WS=4

0 Kudos

Re: Enabling SMTP port for mail security appliance in the DMZ

What about the access policy rule for DMZ with service SMTP ?

0 Kudos
Admin
Admin

Re: Enabling SMTP port for mail security appliance in the DMZ

This probably needs some fw ctl debug to see where it's getting dropped in the process.
Something like fw ctl debug -m fw + drop with all the other necessary commands.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Dale_Lobb
Nickel

Re: Enabling SMTP port for mail security appliance in the DMZ

Check SmartLog for Anti-Bot blade entries calling out possibly malicious e-mail or SPAM from your DMZ appliance. 

The situation sounds somewhat similar to another community discussion we are having:  "Having issues with firewall dropping mail as spam"  https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/Having-issues-with-firewall-droppin...

 

0 Kudos