IPS - lots of "Reject Receiver" on mail servers communication

Przemek
Przemek Posts: 20  Freshman Member
edited January 14 in Security
Some users message me that not all emails coming in and out.

I found that in logs have alot of:
signature ID 111646  - Ipswitch IMail Server List Mailer imailsrv.exe Buffer-Overflow Vulnerability with action Reject Receiver on communication between my local mail server and ISP mail server when receiving emails.

Also found some signature id 119233 Microsoft Media Services DoS -3 when sending emails.

I think its false alarm.
Is there any way to exclude these servers from IPS checking?






All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 844  Zyxel Employee
    Hi @Przemek,
    You can add IP exception in "CONFIGURATION > Security service > IP Exception" or bypass signature ID at "CONFIGURATION > Security service > IPS > Allow list".
    Can you send me packets capture in PM when it hit rule ID 111646 or 119233.
    We would like to check if it is false positive.

Security Highlight