Is it possible to do so? The goal is to use an internal email address/server so that HipChat isn't reaching out to google servers on port 25 and worrying our network admins. I know there's a field to change the email address but I don't know how that would work without setting server information.
Thank you
Hi, David!
You should be able to make changes to your HipChat Server email configuration with reference to the Limiting filtering and relay rejection. By default, HipChat Server is built with Postfix email server which allows you to send email notifications through TCP port 25 according to the following documentation:
Are you currently running into any specific issues as of now? Perhaps you can share more information so that we can have a better understanding on it.
Hello, thank you for your reply.
So our emails are sending properly but our networking team is getting alerts that the Hip Chat server is getting blocked by the firewall on port 25 while trying to access google. I wanted to prevent Hip Chat from going to google on port 25 but couldn't find a way to change it to a local email server.
Our smart relay is disabled.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, David.
A couple of follow up questions from my end:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We are using the latest version of HipChat Server. I am reaching out for examples of the alerts but this is the information I have from them for now (note GHSCDISCHATLX1v is our HipChat Server Appliance): "I am observing outbound traffic from GHSCDISCHATLX1v on port 25 which is being blocked by the firewall. All the traffic is going to IP addresses owned by Google. I am unsure of the function of this server. Is this traffic normal?"
Since the emails are working with this traffic being blocked I was hoping to stop this traffic.
I'll reply again once I have examples of the alerts.
Thank you
--
I had to update this reply as it would not let me reply to myself.
Below is one sample from the firewall log. Hope this helps
Device Name | Event Date | Orig Event Date | Source IP | Source Port | Destination IP | Destination Port | Protocol | Vendor Alert | MSS Action | Logging Device IP | MSS Signature | Dest. Country | vendor_device_id | Source Interface Name | Src. Is Internal | Log Type | Translate Destination Port | Intrusion Outcome ID | Logging Device Hostname | Src. Country | ICMP Code | Event Cnt | mechanisms | Destination Interface Name | Vendor Severity | MSS Log Source UUID | Intrusion Action ID | effects | Interface Direction | Device Number | System Messages | network_protocol_id | Creation Time | Event Number | ICMP Type | Rule | Sensor Name | Dest. Is Internal | Collector Version | Collector ID | Class | Symantec Event Code | Log Type Name | Translate Source Port | resources | Message | Severity ID | Category |
GdcInternetAsa1 | 11/27/2017 0:04 | 11/26/2017 19:04 | 10.230.71.175 | 53785 | 173.194.207.26 | 25 | TCP | PIX-4-106023 | Deny | 159.240.240.106 | 5360768 | US | 7 | inside | 1 | 1044 | 0 | -1 | GdcInternetAsa1 | ZZ | -1 | 1 | -1 13 14 15 16 31 | outside | 4 | 5551fa56-a551-4bf0-bcf1-12c1bd4785b9 | -1 | 3 4 | 517101 | 351515 | syslog_confidenceScore=100|destination_ip=173.194.207.26|syslog_facility=20|log_acceptor_type=SYSLOG_SERVER|syslog_severityText=INFO|vendor_severity=4|facility=local4|syslog_parser_LogHeaderType=SYSLOG_3164_2|option17=(session) User Session|source_host_name=10.230.71.175|intrusion_vendor_name=ASA|target_resource=173.194.207.26|option17_type=Product Definition and Class|end_event_dt=1511723078000|destination_interface_name=outside|machine_num_ip=182908357|machineid=0ae6f5c5407ef35b15637caaab001004|event_detail_id=517242|machine_subnet=10.230.245.192|machine_ip=10.230.245.197|proxy_machine=159.240.240.106|network_traffic_direction=517101|symc_device_action=1|machine=ghssymlcprlx5v|event_desc=Deny tcp src inside:10.230.71.175/53785 dst outside:173.194.207.26/25 by access-group "CSM_FW_ACL_inside_1" [0xd0b67610 0x0] |parser_event_dt=Nov 20 2017 11:13:32|event_ct=1|reseq-groupId=06f1bfed-1f12-4cfb-9275-ca5eb85a66a8|proxy_machine_num_ip=-1611599766|log_acceptor_protocol=UDP|org_unit=ou=Default|destination_host_name=173.194.207.26|rule=CSM_FW_ACL_inside_1|eventclass_id=511000|product_version=7.0|logging_device_name=GdcInternetAsa1|vendor_device_id=7|create_dt=1511741141879|syslog_parser_origintype=LOGGING_SOURCE|vendor_code=ASA-4-106023|swfeature_id=34030101|proxy_machine_port=514|event_id=512001|sensor_type=SysLogSensor|collector_version=7.0|destination_port=25|reporting_sensor=Sensor_GEISINGER_ASA|machine_mac=00-50-56-9D-47-97|syslog_parser_origin=GdcInternetAsa1|home_domain=geisinger.edu|reseq-messageId=3346750568|event_dt=1511723078000|logging_device_ip=159.240.240.106|source_port=53785|collector_feature_id=34030101|origin_field=logging_device_ip|syslog_severity=6|product_id=3403|source_interface_name=inside|severity=3|source_ip=10.230.71.175|collector_product_id=3403|EventClassName=symc_firewall_network|network_protocol=tcp|category_id=30007606|proxy_machine_ip=159.240.240.106|domain=geisinger.edu|nw_protocol=TCP|origin_value=159.240.240.106|mssSourceUUID=5551fa56-a551-4bf0-bcf1-12c1bd4785b9|log_acceptor_port=514|LoggingProtocol=SYSLOG_SERVER | 6 | 2017-11-26T19:04:38 | 512001 | -1 | CSM_FW_ACL_inside_1 | Sensor_GEISINGER_ASA | 0 | 7 | 3403 | symc_firewall_network | 3947 | Generic Log Collection Device 2.5 | 0 | 7 8 14 15 23 | Deny tcp src inside:10.230.71.175/53785 dst outside:173.194.207.26/25 by access-group "CSM_FW_ACL_inside_1" [0xd0b67610 0x0] | 3 | Security |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.