0002389 Endian Firewall Other Services 2009-11-07 15:22 2010-09-23 15:26
bodo olschewski 
0002389: a lot of forward:drop entries when using POP3-Proxy

I have a lot of forward:DROP entries in firewall protocol like this:
FORWARD:DROP TCP (br1) <int. mailserver>:xxxx -> <ext. mailserver>:110 (eth3)

An outgoing rule for tcp 110 for the int. mailserver to red is active.
Without pop3-proxy everything looks correct, but after activating pop3-proxy, I get a lot of drop entries in firewall protocol - but emails still arrive.

Is there a way to stop this forward:drop entries in firewall protocol ? (that I can see easier real problems ...)

By the way: Endian 2.3 looks very nice!
Issue History
2009-11-07 15:22bodo olschewskiNew Issue
2009-11-25 15:08peter-endianNote Added: 0003383
2009-11-25 15:08peter-endianStatusnew => feedback
2009-11-27 15:49bodo olschewskiNote Added: 0003428
2010-09-23 15:26peter-endianStatusfeedback => acknowledged

2009-11-25 15:08   
do you have a mailserver which fetches mails from an external pop server?

not sure why you have pop3 connections in forward at all. pop3 proxy transparently intercepts those connections, so you should not have any pop3 connections anymore.
Are you sure the connections go through pop3-proxy?
bodo olschewski   
2009-11-27 15:49   

I use hMailer on orange (with pop3 proxy on orange) to load emails from external pop3-Accounts from various external servers. (the server has to lan, but only the orange LAN has a gateway, also the orange lan adress appears in the firewall list)

Sometimes I get not one entry (for pop3 traffic) for 30 minutes or even longer (after restart endian or try changing rules etc.), but lately after some hours it starts again.
So in one day I get 30-50 protocol pages full with such entries.

Receiving the emails still work all the time.