OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: Julien on February 20, 2017, 08:44:17 pm

Title: Intrusion Detection and google email
Post by: Julien on February 20, 2017, 08:44:17 pm
Hi Guys,
we have configured the Intrusion Detection to block both sides the next countries.
Argentina
Ukraine
Brazil
Colombia
China
Hong kong
Iran
Japan
Pakistan
Russia
Turkey
Yemen
india

Our Exchange server is running behind Opnsense, whenever a google or some Hotmail users send us a email they recieved server authentication error 550.
when we disable the Intrusion Detection the emails arriv├ęs.
can someone please advise which countries does Google/MS users to route their emails ?

thank you
Title: Re: Intrusion Detection and google email
Post by: bartjsmit on February 20, 2017, 10:07:35 pm
Examine the email headers to find out which MTA is the last hop before it hits your network. All large companies use content delivery networks that may have IP blocks overlapping country assignments, especially since the IPv4 space is getting fuller.

If you can, configure a separate route for your inbound email to by-pass Suricata or configure a whitelist.

Bart...
Title: Re: Intrusion Detection and google email
Post by: Julien on February 21, 2017, 11:10:09 am
Examine the email headers to find out which MTA is the last hop before it hits your network. All large companies use content delivery networks that may have IP blocks overlapping country assignments, especially since the IPv4 space is getting fuller.

If you can, configure a separate route for your inbound email to by-pass Suricata or configure a whitelist.

Bart...
Hi Bart,
a big thank you for your answer really appreciate it.
Can you explain more how to create a separate route inbouw for the email to by pass Suricata ?
thank you
Title: Re: Intrusion Detection and google email
Post by: bartjsmit on February 21, 2017, 10:07:33 pm
You could run a dual-homed MTA on a DMZ with a LAN interface and only run intrusion detection on the OPNsense LAN interface.

Bart...
Title: Re: Intrusion Detection and google email
Post by: Julien on February 23, 2017, 10:54:19 pm
You could run a dual-homed MTA on a DMZ with a LAN interface and only run intrusion detection on the OPNsense LAN interface.

Bart...
thank you Bart,
it did the job running it on the LAN only.
much appreciate it .