SEF error mesage

[tmt7734]

Hi all,

I had to rebuild my Symantec SEF v 7.0.4 firewall due to a hard drive failure (I know I really need to get a hardware raid for this).

Everything works, but I am getting this error message logged every 30 seconds or so from different hosts:

Warning: Denied access to command 'EHLO xxxxx.xxxxxxx.com' from [192.168.214.91]

I have Enable ESMTP checked already on my mail rules

Anyone know what I need to open up to allow the SMTP EHLO messages out?
Do I need to worry about it?


Thanks in advance

 

[SefLogic]

If you have enabled EHLO on all of the rules that are passing SMTP then the only other thing it can be is DNS.

Most of the time I have seen this with outbound messages where the mail server that the email is being sent to cannot do a MX record lookup on the domain of you email being sent.

Alot of the time this is because people setup a redirect from an ip address to the internal mail server that is not the firewall IP. But when the mail is being sent out through the firewall it is coming from the firewall IP address which does not match up to the MX record.

For example:
MX = x.x.10.2
firewall IP = x.x.10.1
SMTP redirect = x.x.10.2

So when mail is arriving it is being sent to your redirect ip (x.x.10.2) then the firewall is redirecting it to your internal mail server, the default GW for the mail server is the internal IP of the SEF and when the mail leaves the SEF it is coming from (x.x.10.1). So if the remote mail server has spam checks for (MX Address = IP that the mail came from) it does not match and throwing you an error.

In summary.
Check your DNS MX records and make sure mail is being sent from that IP address.

tips on fixing any problem in the world
1. Check google / google-groups
2. check the vendor support page
3. get a book on the topic