SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004279: snort and incoming emails - MantisBT
MantisBT - Endian Firewall
View Issue Details
0004279Endian FirewallIntrusion Preventionpublic2012-02-10 11:462012-02-24 11:59
elitug 
 
normaltweakalways
feedbackopen 
2.5 
 
0004279: snort and incoming emails
When snort is active (report only), transactions with email server delay 30+ seconds and some emails senders cannot connect, timeout for transaction? because snort make delay ?.

Shutting down snort, transaction time is 2-3 seconds and works fine.

Sorry for my bad English.
Using mxtoolbox.com for smtp test

Test 1 Snort ON
OK - xxx.xxx.xxx.xxx resolves to xxxxxxxxxxxxxxxxx
 OK - Reverse DNS matches SMTP Banner
 0 seconds - Good on Connection time
 Not an open relay.

 37.674 seconds - Not good! on Transaction time

Test2 Snort OFF

 OK - xxx.xxx.xxx.xxx resolves to xxxxxxxxxxxxxxxxx
 OK - Reverse DNS matches SMTP Banner
 0 seconds - Good on Connection time
 Not an open relay.
 3.042 seconds - Good on Transaction time
No tags attached.
Issue History
2012-02-10 11:46elitugNew Issue
2012-02-24 09:14christian-endianNote Added: 0007727
2012-02-24 09:14christian-endianStatusnew => feedback
2012-02-24 11:59elitugNote Added: 0007730

Notes
(0007727)
christian-endian   
2012-02-24 09:14   
Have you tried disabling some snort rules? There are rules that are known to slow down traffic...
By disabling one ruleset after another you should be able to find out which are the rules that slow down your system.
(0007730)
elitug   
2012-02-24 11:59   
Thanks for response, some rules has been disabled (including email rules)but same result.

Rules disabled:
auto/emerging-imap.rules
auto/emerging-pop3.rules
auto/emerging-smtp.rules

No proxy smtp o pop3 enabled on endian.

Uplink: 2 mbits upload/download
Hardware: Intel e5200 2 cores + 1 gb ram + wd 320gb