Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Michal_W_old
Participant

IPS rejects encrypted mail

Hi,

For general awareness, as this might loose you e-mail if you're not looking at your smtp logs, if you have IPS set to strict and you expect to receive SMTP with opportunistic encryption (STARTTLS), IPS will drop certain SMTP connections.

I couldn't find a knowledge base article with a few quick searches, to here are the details.

Tested on 790 GW with R77.20.87 build 3004.

The protection "SMTP STARTTLS Command" (smtp_starttls_enable)" will be enabled on strict, or custom IPS settings that include it.

set.png

The corresponding postfix log after setting the signature to detect, looks like the following

 

postfix/smtpd[25955]: Anonymous TLS connection established from XXXX[199.7.a.b]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

 

You can set the IPS signature it to detect and log manually in case you need to correlate events.

0 Kudos
1 Reply
G_W_Albrecht
Legend Legend
Legend

Again a reason to not use the Strict IPS policy - in addition to not to use Strict Firewall Policy...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events