Sonicwall Security massage

It telling you that mail server xxx.xxx.148.255 came up on some RBL SPAM Blacklist, check the link below,

http://mxtoolbox.com/SuperTool.aspx?action=blacklist%xxx.xxx.148.255 +&run=toolpage

So this is only information not attack?

It is informational, but you should check out your server and find the root cause as to why your server came up on a black list. Other mail servers that reference the lists that you are in will not accept mail from your server and you will get bounce backs if your not getting them already.

We dont have on-site exchange we have office365

Ok, you should be ok then, your firewall is just alerting you that device assigned xxx.xxx.148.255 is blacklisted

xxx.xxx.148.255 but this IP address is from China

Right, then alert is letting you know that ip is being blocked. Your spam filter blocked it.

WOW thank you diverseit for this.

We don't have exchange onsite we use exchange online 365 in cloud from Microsoft.

So diverseit are you saying that I should disable these anti spam function on my firewall ans I dont have exchange on premise?

You're welcome!

I know that your email server is Exchange Online. Exchange Online is the mail server of Office 365. When I was referencing your Exchange server I was referring to a generic Exchange server (Exchange Online, Hosted Exchange or Exchange On-Premise). In the context of what I was saying it doesn't matter but irrespectively, I reworded what I said above to further clarify this for you but nothing changes in terms of my recommendations.

I hope it helps!

Today I have notice on my Firewall

Security Services- Alert- TCP Xmas Tree dropped Source xxx.xxx.148.198, 3497, x2 Destination My external IP address, IP Protocol TCP, Notes TCP Flags PSH SYN

Could you kindly explains this to me please

The main Question is that We got hacked or this attack was dropped ?

Thank you Diverseit, you are the best.

I will check our Exchange.

Probably stupd question but why 255/32 ?

Glad I could help and thanks for the points!