Re: SPF+BEFSR41+MailWasher

From: Duane Arnold (notme_at_notme.com)
Date: 03/10/05


Date: Thu, 10 Mar 2005 17:45:17 GMT


"Brian" <flackb@hotmail.com> wrote in
news:42303ee4$0$28060$ba620e4c@news.skynet.be:

>
> "Duane Arnold" <notme@notme.com> wrote in message
> news:Xns9614B62D63E5Enotmenotmecom@204.127.204.17...
>> "Brian" <flackb@hotmail.com> wrote in
>> news:422f7199$0$14965$ba620e4c@news.skynet.be:
>>
>>>
>>> "Renegade" <inv@lid.net> wrote in message
>>> news:CQGXd.110247$pc5.47385@tornado.tampabay.rr.com...
>>>> On Wed, 09 Mar 2005 14:31:32 +0100, Brian wrote:
>>>>
>>>>> I have a problem with MailWasher saying, "Skipped automatic mail
>>>>> check because the was no Internet connection" when, in fact, the
>>>>> ADSL connection
>>>>> has not been interrupted.
>>>>> This has been happening since I installed the Linksys switch and
>>>>> it shows up
>>>>> in the Sygate log as a blocked UDP response from the IP address of
>>>>> the switch.
>>>>> I can only assume that MailWasher is expecting a response from the
>>>>> mail server which is being blocked by SPF.
>>>>> Apart from allowing all UDP polls to pass through the firewall can
>>>>> anyone suggest a rule that would get over this problem?
>>>>>
>>>>> Brian
>>>>
>>>> All you have to do is allow the UDP from the router to pass for the
>>>> apps in question. Some apps are written to expect the connection
>>>> first. If the packets that they are waiting for are being blocked,
>>>> the apps think that there is no connection.
>>>
>>> Thanks for the suggestion buy it looks like MailWasher is not
>>> waiting for the UDP poll because making an SPF rule to allow
>>> incoming UDPs for Mail Washer does not cure the problem. In fact,
>>> the log still shows incoming UDP as blocked. I guess it is
>>> reasonably safe to allow all incoming UDP as I am behind the Linksys
>>> switch so I will try that for a while.
>>>
>>> Brian
>>>
>>>
>>>
>>
>> Yeah, I don't know what your problem is with Mailwasher. Sygate
>> should be set to trust the device IP of the router and should not be
>> blocking it. Since Mailwasher is making the requests for solicited
>> traffic from behind the router and the PFW solution, then they both
>> should allow inbound traffic to Mailwasher. I doubt that the router
>> is causing the blockage and you may want to drop Sygate and see what
>> happens, since the machine is protected by the router. I use
>> Mailwasher and have not had any problems due to the router.
>>
> Mmm, I'm not convinced by that argument. UDP is a popular means of
> transporting malicious code so allowing all UDP polls, even behind a
> NAT router seems risky. I would prefer to have belt and braces as far
> as possible. A crafty hacker can always penetrate NAT.
> It seems that it is not MailWasher itself that is waitying for the UDP
> response but allowing all incoming UDP signals certainly cures the
> problem with MailWasher thinking the Internet connection has been
> lost. Presumably there is some other link that causes this to happen -
> but what? I'm still puzzled.
>
> Brian

All I am saying is drop Sygate to make sure that it was not causing the
problem with Mailwasher. You can turn Sygate back on if you needed to do
that. I use to use BlackIce and IPsec to supplement my old Linksys NAT
router. I did set rules with BI to trust the device IP of the router and
a range of private side IP(s) issued by the router. Nothing came past BI
that wasn't supposed to. Sygate is supposed to have IDS as well.

On the other hand, when I got the low-end WatchGuard (real FW) router,
then I was able to dump BI and IPsec and they don't run on any machines
any more supplementing anything --- not the WG. You may want to look into
getting a low-end (real FW) router.

Duane :)

 



Relevant Pages

  • Re: SPF+BEFSR41+MailWasher
    ... I don't know what your problem is with Mailwasher. ... >> set to trust the device IP of the router and should not be blocking it. ... >> and you may want to drop Sygate and see what happens, ... > transporting malicious code so allowing all UDP polls, ...
    (comp.security.firewalls)
  • Re: SPF+BEFSR41+MailWasher
    ... >> All you have to do is allow the UDP from the router to pass for the ... Some apps are written to expect the connection ... I don't know what your problem is with Mailwasher. ... set to trust the device IP of the router and should not be blocking it. ...
    (comp.security.firewalls)
  • Re: SPF+BEFSR41+MailWasher
    ... UDP is a popular means of ... >> NAT router seems risky. ... >> It seems that it is not MailWasher itself that is waitying for the UDP ... You can turn Sygate back on if you needed to do ...
    (comp.security.firewalls)
  • Re: Sygate doesnt seem to be updating anymore
    ... I believe it does have an NAT built in. ... check your NAT router. ... check the Sygate traffic log. ... isn't blocking unauthorized inbound attempts. ...
    (alt.comp.anti-virus)
  • Re: Wallwatcher problem
    ... > your LAN could get the router info). ... > You could start with Sygate allowing WallWatcher full access and if it's ... Remote Server Ports TCP and UDP - they are now blank ... NOTE - there are long drop-down menus for the Remote server ports ...
    (comp.security.firewalls)