yodaa
asked on
Sonicwall Security massage
Hello
I have noticed on my sonicwall security services- Debug Received Blacklisted Directive from - sbl-xbl.spamhaus.org for source xxx.xxx.148.255 marked as 127.0.0.4 response time 44849 usecs [1]
Security Services - SMTP server found on RBL blacklist - Source xxx.xxx.148.255 dest 127.0.0.4
Security Services - Inbound connection from RBL-listed SMTP server dropped - xxx.xxx.148.255 , 36763, X1 dest "My external IP"
Should I worry ?
I have noticed on my sonicwall security services- Debug Received Blacklisted Directive from - sbl-xbl.spamhaus.org for source xxx.xxx.148.255 marked as 127.0.0.4 response time 44849 usecs [1]
Security Services - SMTP server found on RBL blacklist - Source xxx.xxx.148.255 dest 127.0.0.4
Security Services - Inbound connection from RBL-listed SMTP server dropped - xxx.xxx.148.255 , 36763, X1 dest "My external IP"
Should I worry ?
ASKER
So this is only information not attack?
It is informational, but you should check out your server and find the root cause as to why your server came up on a black list. Other mail servers that reference the lists that you are in will not accept mail from your server and you will get bounce backs if your not getting them already.
ASKER
We dont have on-site exchange we have office365
Ok, you should be ok then, your firewall is just alerting you that device assigned xxx.xxx.148.255 is blacklisted
ASKER
xxx.xxx.148.255 but this IP address is from China
Right, then alert is letting you know that ip is being blocked. Your spam filter blocked it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
WOW thank you diverseit for this.
We don't have exchange onsite we use exchange online 365 in cloud from Microsoft.
So diverseit are you saying that I should disable these anti spam function on my firewall ans I dont have exchange on premise?
We don't have exchange onsite we use exchange online 365 in cloud from Microsoft.
So diverseit are you saying that I should disable these anti spam function on my firewall ans I dont have exchange on premise?
You're welcome!
I know that your email server is Exchange Online. Exchange Online is the mail server of Office 365. When I was referencing your Exchange server I was referring to a generic Exchange server (Exchange Online, Hosted Exchange or Exchange On-Premise). In the context of what I was saying it doesn't matter but irrespectively, I reworded what I said above to further clarify this for you but nothing changes in terms of my recommendations.
I hope it helps!
I know that your email server is Exchange Online. Exchange Online is the mail server of Office 365. When I was referencing your Exchange server I was referring to a generic Exchange server (Exchange Online, Hosted Exchange or Exchange On-Premise). In the context of what I was saying it doesn't matter but irrespectively, I reworded what I said above to further clarify this for you but nothing changes in terms of my recommendations.
I hope it helps!
ASKER
Today I have notice on my Firewall
Security Services- Alert- TCP Xmas Tree dropped Source xxx.xxx.148.198, 3497, x2 Destination My external IP address, IP Protocol TCP, Notes TCP Flags PSH SYN
Could you kindly explains this to me please
Security Services- Alert- TCP Xmas Tree dropped Source xxx.xxx.148.198, 3497, x2 Destination My external IP address, IP Protocol TCP, Notes TCP Flags PSH SYN
Could you kindly explains this to me please
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The main Question is that We got hacked or this attack was dropped ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Diverseit, you are the best.
I will check our Exchange.
I will check our Exchange.
ASKER
Probably stupd question but why 255/32 ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad I could help and thanks for the points!
http://mxtoolbox.com/SuperTool.aspx?action=blacklist%xxx.xxx.148.255 +&run=toolpage