上星期五從公司Server寄出一封信到Gmail被退信,本來不以為意,今天發現Mail Server Queue住了一堆要寄到Gmail的信件
查了一下Mail Server的Log (我們公司是用Notes)
==================================================================
2012/03/19 上午 08:40:16 Router: No messages transferred to GMAIL.COM (host GMAIL.COM) via SMTP: The server is not responding. The server may be down or you may be experiencing network problems. Contact your system administrator if this problem persists.
2012/03/19 上午 08:40:21 Router: Failed to connect to SMTP host GMAIL.COM because The server is not responding. The server may be down or you may be experiencing network problems. Contact your system administrator if this problem persists.
==================================================================
Mail Server的主機上 Tracert Route Gmail的IP也沒問題,所以就懷疑Firewall在作怪
在Cisco ASA的Log中發現有一些奇怪的Log,而這些Source IP是Google的IP,Port是80或443
==================================================================
2 Mar 19 2012 10:50:04 106001 74.125.31.121 80 IP_xxxxxx 4990 Inbound TCP connection denied from 74.125.31.121/80 to IP_xxxxxx /4990 flags FIN ACK on interface outside
2 Mar 19 2012 13:07:28 106001 74.125.31.193 443 IP_xxxxxx 2336 Inbound TCP connection denied from 74.125.31.193/443 to IP_xxxxxx /2336 flags PSH ACK on interface outside
==================================================================
查了Cisco的Log 訊息說明
Cisco System Log message
要怎麼解呢?
後記:
晚上把Mail Server重開就解決了....無言!!
而Cisco ASA上的Log還是持續發生....
查了一下Mail Server的Log (我們公司是用Notes)
==================================================================
2012/03/19 上午 08:40:16 Router: No messages transferred to GMAIL.COM (host GMAIL.COM) via SMTP: The server is not responding. The server may be down or you may be experiencing network problems. Contact your system administrator if this problem persists.
2012/03/19 上午 08:40:21 Router: Failed to connect to SMTP host GMAIL.COM because The server is not responding. The server may be down or you may be experiencing network problems. Contact your system administrator if this problem persists.
==================================================================
Mail Server的主機上 Tracert Route Gmail的IP也沒問題,所以就懷疑Firewall在作怪
在Cisco ASA的Log中發現有一些奇怪的Log,而這些Source IP是Google的IP,Port是80或443
==================================================================
2 Mar 19 2012 10:50:04 106001 74.125.31.121 80 IP_xxxxxx 4990 Inbound TCP connection denied from 74.125.31.121/80 to IP_xxxxxx /4990 flags FIN ACK on interface outside
2 Mar 19 2012 13:07:28 106001 74.125.31.193 443 IP_xxxxxx 2336 Inbound TCP connection denied from 74.125.31.193/443 to IP_xxxxxx /2336 flags PSH ACK on interface outside
==================================================================
查了Cisco的Log 訊息說明
Cisco System Log message
106001
Error Message %PIX|ASA-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name
Explanation This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by your security policy. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the security appliance, and it was dropped. The tcp_flags in this packet are FIN and ACK.
The tcp_flags are as follows:
•
ACK—The acknowledgment number was received.
ACK—The acknowledgment number was received.
•FIN—Data was sent.
FIN—Data was sent.
•PSH—The receiver passed data to the application.
PSH—The receiver passed data to the application.
•RST—The connection was reset.
RST—The connection was reset.
•SYN—Sequence numbers were synchronized to start a connection.
SYN—Sequence numbers were synchronized to start a connection.
•URG—The urgent pointer was declared valid.
URG—The urgent pointer was declared valid.
Recommended Action None required.
要怎麼解呢?
後記:
晚上把Mail Server重開就解決了....無言!!
而Cisco ASA上的Log還是持續發生....
留言
張貼留言