OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Intrusion Detection and google email
« previous next »
  • Print
Pages: [1]

Author Topic: Intrusion Detection and google email  (Read 2977 times)

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Intrusion Detection and google email
« on: February 20, 2017, 08:44:17 pm »
Hi Guys,
we have configured the Intrusion Detection to block both sides the next countries.
Argentina
Ukraine
Brazil
Colombia
China
Hong kong
Iran
Japan
Pakistan
Russia
Turkey
Yemen
india

Our Exchange server is running behind Opnsense, whenever a google or some Hotmail users send us a email they recieved server authentication error 550.
when we disable the Intrusion Detection the emails arrivés.
can someone please advise which countries does Google/MS users to route their emails ?

thank you
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

bartjsmit

  • Hero Member
  • *****
  • Posts: 1538
  • Karma: 166
    • View Profile
Re: Intrusion Detection and google email
« Reply #1 on: February 20, 2017, 10:07:35 pm »
Examine the email headers to find out which MTA is the last hop before it hits your network. All large companies use content delivery networks that may have IP blocks overlapping country assignments, especially since the IPv4 space is getting fuller.

If you can, configure a separate route for your inbound email to by-pass Suricata or configure a whitelist.

Bart...
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: Intrusion Detection and google email
« Reply #2 on: February 21, 2017, 11:10:09 am »
Quote from: bartjsmit on February 20, 2017, 10:07:35 pm
Examine the email headers to find out which MTA is the last hop before it hits your network. All large companies use content delivery networks that may have IP blocks overlapping country assignments, especially since the IPv4 space is getting fuller.

If you can, configure a separate route for your inbound email to by-pass Suricata or configure a whitelist.

Bart...
Hi Bart,
a big thank you for your answer really appreciate it.
Can you explain more how to create a separate route inbouw for the email to by pass Suricata ?
thank you
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

bartjsmit

  • Hero Member
  • *****
  • Posts: 1538
  • Karma: 166
    • View Profile
Re: Intrusion Detection and google email
« Reply #3 on: February 21, 2017, 10:07:33 pm »
You could run a dual-homed MTA on a DMZ with a LAN interface and only run intrusion detection on the OPNsense LAN interface.

Bart...
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: Intrusion Detection and google email
« Reply #4 on: February 23, 2017, 10:54:19 pm »
Quote from: bartjsmit on February 21, 2017, 10:07:33 pm
You could run a dual-homed MTA on a DMZ with a LAN interface and only run intrusion detection on the OPNsense LAN interface.

Bart...
thank you Bart,
it did the job running it on the LAN only.
much appreciate it .
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Intrusion Detection and google email
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2