Messaging Gateway

 View Only

  • 1.  Question about requests from Symantec messaging gateway

    Posted Mar 28, 2017 02:58 AM

    Hello. We found in our firewall, that Messaging Gateway sending a lot of requests on different IP-adresses through port 25. Yes, you can say its normal, but this requests happens every hour and i cant find any information about it in log. For example at 11PM when no one sends email we have tons of requests from Symantec and some requests can be send for several days every hour on one IP but i cant find any information in logs about it. Can anyone say what it can be?



  • 2.  RE: Question about requests from Symantec messaging gateway

    Broadcom Employee
    Posted Mar 28, 2017 03:23 AM

    which IP does the traffic is detined?



  • 3.  RE: Question about requests from Symantec messaging gateway

    Posted Mar 28, 2017 03:52 AM

    You need exact IP?



  • 4.  RE: Question about requests from Symantec messaging gateway

    Broadcom Employee
    Posted Mar 28, 2017 04:56 AM

    It would be useful to know to which IP address the SMG is initiating the traffic.



  • 5.  RE: Question about requests from Symantec messaging gateway

    Posted Mar 28, 2017 05:03 AM

    Ok. For couple days we observing two adresses. 

    54.72.9.51

    and

    93.170.123.66

     

     



  • 6.  RE: Question about requests from Symantec messaging gateway

    Broadcom Employee
    Posted Mar 28, 2017 07:46 AM

    one of the IP is amazon AWS, and another one is neopolet.ru.

     

    You can check if the traffic is configured for Amazon AWS, if not capture the network traffic to understand the protocol and the traffic its sending.