This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bllackpython
Explorer
‎2019-06-18 06:40 AM

Strange behaviour after R80.20 upgrade

Ever since upgrading our Checkpoints to R80.20 (from R80.10) we are having some issues with receiving mail from certain sources (which so far seems to be Microsoft).

For instance if I try the following test:

https://testconnectivity.microsoft.com/

I get:

Attempting to resolve the host name X in DNS.

       -The host name resolved successfully.

Testing TCP port 25 on host X to ensure it's listening and open. 

       -The port was opened successfully. 

 Analyzing SMTP Capabilities for server X:25

      -SMTP Capabilities were analyzed successfuly.


                250-X
                250-PIPELINING
                250-SIZE 26214400
                250-ETRN
                250-STARTTLS
                250-ENHANCEDSTATUSCODES
                250-8BITMIME
                250 DSN

Attempting to send a test email message to X@X using MX X.

                -Delivery of the test email message failed

The server returned status code -1 - Failure sending mail.
Exception details:
Message: Failure sending mail.
Type: System.Net.Mail.SmtpException
Stack trace:
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
Exception details:
Message: Unable to connect to the remote server
Type: System.Net.WebException
Stack trace:
at System.Net.ServicePoint.GetConnection(PooledStream PooledStream, Object owner, Boolean async, IPAddress& address, Socket& abortSocket, Socket& abortSocket6)
at System.Net.PooledStream.Activate(Object owningObject, Boolean async, GeneralAsyncDelegate asyncCallback)
at System.Net.ConnectionPool.GetConnection(Object owningObject, GeneralAsyncDelegate asyncCallback, Int32 creationTimeout)
at System.Net.Mail.SmtpConnection.GetConnection(ServicePoint servicePoint)
at System.Net.Mail.SmtpClient.GetConnection()
at System.Net.Mail.SmtpClient.Send(MailMessage message)
Exception details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond x.x.x.x:25
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)


Elapsed Time: 21010 ms

 

Microsoft seem to be the only connections coming in with the ECN,CWR flags set.

 

If we trace the external Interface we can see SYN,ECN,CWR packets come in from Microsoft:

10:28:46.056526 IP mail-oln040092068072.outbound.protection.outlook.com.52849 > x.x.x.x.smtp: SWE 3702938783:3702938783(0) win 8192

If we trace the internal interface we see a RST packet going to the Load Balancer:

10:02:52.605181 IP mail-oln040092066014.outbound.protection.outlook.com.24619 > x.x.x.x.smtp: R 3928789066:3928789066(0) ack 0 win 0

 

We do not have MTA setup

Any ideas?

 

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-06-18 07:07 AM

I would involve TAC here...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
bllackpython
Explorer
‎2019-06-18 07:09 AM
In response to G_W_Albrecht

I have but awaiting a response.

Figured I would post on here in case anyone else has experienced similar issues or has any suggestions on where to look.

0 Kudos
vinceneil666
Advisor
‎2022-12-07 04:16 AM
In response to bllackpython

Did you ever figure anything out relating to this ? I keep getting issues with misc connections, and the CWR ECE keeps popping up in my Wireshark.. allways related to Azure.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events