Intrusion Detection and google email

[Julien]

Hi Guys,
we have configured the Intrusion Detection to block both sides the next countries.
Argentina
Ukraine
Brazil
Colombia
China
Hong kong
Iran
Japan
Pakistan
Russia
Turkey
Yemen
india

Our Exchange server is running behind Opnsense, whenever a google or some Hotmail users send us a email they recieved server authentication error 550.
when we disable the Intrusion Detection the emails arrivés.
can someone please advise which countries does Google/MS users to route their emails ?

thank you

[bartjsmit]

Examine the email headers to find out which MTA is the last hop before it hits your network. All large companies use content delivery networks that may have IP blocks overlapping country assignments, especially since the IPv4 space is getting fuller.

If you can, configure a separate route for your inbound email to by-pass Suricata or configure a whitelist.

Bart...

[Julien]

Examine the email headers to find out which MTA is the last hop before it hits your network. All large companies use content delivery networks that may have IP blocks overlapping country assignments, especially since the IPv4 space is getting fuller.

If you can, configure a separate route for your inbound email to by-pass Suricata or configure a whitelist.

Bart...

Hi Bart,
a big thank you for your answer really appreciate it.
Can you explain more how to create a separate route inbouw for the email to by pass Suricata ?
thank you

[bartjsmit]

You could run a dual-homed MTA on a DMZ with a LAN interface and only run intrusion detection on the OPNsense LAN interface.

Bart...

[Julien]

You could run a dual-homed MTA on a DMZ with a LAN interface and only run intrusion detection on the OPNsense LAN interface.

Bart...

thank you Bart,
it did the job running it on the LAN only.
much appreciate it .