"
the community should know of their business practises.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / opnsense are crooks
August 02, 2023, 10:25:31 PM
they refuse to refund an unwanted subscription, despite the lawx of the netherlands.
https://business.gov.nl/regulation/automatic-renewal-subscription/
https://business.gov.nl/regulation/automatic-renewal-subscription/
#3
General Discussion / Re: How do I find the cause & fix a rule thats blocking legit traffic?
May 06, 2022, 11:59:36 PM
oh I agree theres definitely a way around the geoip stuff. But it's a good deterrent for low effort attempts/bots. Same reason I lock my car, a car thief would easily get past the lock. The delinquent down the road will go find an easier target.
I do wonder if the ports of the sender which seem random, and never 25, only the destination is 25. Have something to do with the block?
I do wonder if the ports of the sender which seem random, and never 25, only the destination is 25. Have something to do with the block?
#4
General Discussion / Re: How do I find the cause & fix a rule thats blocking legit traffic?
May 06, 2022, 10:49:50 AM
Yes thats the default mail rule. Except exchangeDMZ_IP is labelled WAN address, as dest:
All other email is being delivered ok, and often mail from that sender does go through, but sometimes the IP comes up as blocked.
I have added a new rule to allow that known IP above the GEOIP blocking rule, so far it seems to be OK, but its outside of office hours now.
It doesn't make any sense (to me) that it would occasionally block the IP and allow it other times.
All other email is being delivered ok, and often mail from that sender does go through, but sometimes the IP comes up as blocked.
I have added a new rule to allow that known IP above the GEOIP blocking rule, so far it seems to be OK, but its outside of office hours now.
It doesn't make any sense (to me) that it would occasionally block the IP and allow it other times.
#5
General Discussion / Re: How do I find the cause & fix a rule thats blocking legit traffic?
May 06, 2022, 09:53:25 AM
Hi, Thanks for your response.
I mean the rejection of the tcp package/connection
the target mail server is exchange 2010, a seperate VM.
In the plain log I get...
2022-05-06T19:26:21 filterlog[13067] 76,,,5c7ccd2452149d4b919716ce981cd2c8,pppoe0,match,block,in,4,0x0,,56,8672,0,DF,6,tcp,125,116.50.58.190,192.168.16.3,48694,25,85,PA,2421699908:2421699993,2465203256,235,,
Which makes little sense to me.
I mean the rejection of the tcp package/connection
the target mail server is exchange 2010, a seperate VM.
In the plain log I get...
2022-05-06T19:26:21 filterlog[13067] 76,,,5c7ccd2452149d4b919716ce981cd2c8,pppoe0,match,block,in,4,0x0,,56,8672,0,DF,6,tcp,125,116.50.58.190,192.168.16.3,48694,25,85,PA,2421699908:2421699993,2465203256,235,,
Which makes little sense to me.
#6
General Discussion / How do I find the cause & fix a rule thats blocking legit traffic?
May 06, 2022, 04:59:28 AM
My firewall is the commercial OVA one, if thats important.
Anyway when I go to Firewall:Logfiles:Live View, I have made a filter to view blocked traffic.
I can see the traffic source IP, and that is coming in on port 25 (its legit email)
But I can't see why its blocked, its got no label (most blocks say "Default deny Rule")
Given that its email, I turned off clamAV
IP still gets blocked.
I then turned off Intrusion Detection
IP still gets blocked.
the Source IP is 116.50.58.190
I have checked they are not on a blacklist with mxtoolbox
EDIT: I made a firewall WAN rule (top of the chain) to allow traffic from the IP. It is still being blocked in the live view!
Anyway when I go to Firewall:Logfiles:Live View, I have made a filter to view blocked traffic.
I can see the traffic source IP, and that is coming in on port 25 (its legit email)
But I can't see why its blocked, its got no label (most blocks say "Default deny Rule")
Given that its email, I turned off clamAV
IP still gets blocked.
I then turned off Intrusion Detection
IP still gets blocked.
the Source IP is 116.50.58.190
I have checked they are not on a blacklist with mxtoolbox
EDIT: I made a firewall WAN rule (top of the chain) to allow traffic from the IP. It is still being blocked in the live view!
Pages1
