SMTP Packets appearing to come from VCSA picked up...

TwinTurboRob · ‎09-03-2018

VCSA 6.5u2

I have noticed our main firewall is discarding packets DST port "25" appearing to come from our VCSA. the destination address IP's would appear to belong to our cloud main sanitisation service.

I have done a PCAP on the firewall and the packets are seemingly empty, so I can't work out what they possibly may be.

Is there anyway on VCSA to work out what may be trying to send this data? and why is it coming from the VCSA IP address???

Cheers

Rob

TwinTurboRob · ‎09-04-2018

Ok solved...

VCSA is using DNS "MX" lookup instead of plain DNS "A"

Our VCSA was configured with a DNS name rather than IP so it tries to get MX which returms the external mail server!

Changed to IP instead. although there is an option to disable the MX lookup.

https://kb.vmware.com/s/article/2124423

All

SMTP Packets appearing to come from VCSA picked up by firewall.