Outlook Express and Kerio

Discussion in 'other firewalls' started by FireDancer, Aug 1, 2003.

Thread Status:
Not open for further replies.
  1. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Hi,

    I am haveing a problem with my firewall and outlook express. all seems to be working well with firewall rules are all good and mail is working properly in and out.

    Some certain spam mail I have recieved (nothing serious)
    when I click on it to delete it it trys to connect to the net via IE and I have to keep denying it. If this is not enough
    info I am sorry as I am in a big hurry if you have any ideas there greatly appreciated.

    I will post back later with more info if needed. BTW al the mail I have refered to is junk(advertisments mostly)

    do I need to recheck my rules as I have looked and find nothing wrong at this time

    mail rules are as follows:

    OE inbound mail TCP/out local 1024-5000 xxx.xxx.xxx.xxx (110)
    OE outbound mail TCP/out local 1024-5000 xxx.xxx.xxx.xxx (25)

    Very Best Regards,
    FireDancer ;)
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Think about it, your using a rule based firewall, you can block just that port... ;)
     

    Attached Files:

  3. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    What is happening is the email you are deleting gets highlighted during the delete and is previewed in the preview pane. When this happens, an image or some other crud that is linked from the email to a webserver is requested and outlook will try to download it.

    This is bad because spammers use this to uniquely identify you (the url is slightly different for each email address).

    So, the thing to do is as our esteemed collegue BlitzenZeus recommended in his thought provoking way:

    create a rule to deny Oulook access to port 80.

    perhaps even better:

    Allow only the email ports you need, and only to the mail servers you access, deny outlook access to everything else and bob is your uncle ;) Since order matters with kerio (and most other FWs) the fisrt rule that matches wins. So we can safely have a "deny all" for outlook express after we have allowed the few connections we want it to make.

    This kinda stuff is what really sets a rules based FW ahead of the application based ones.

    - narrowed the image margins - LWM
     

    Attached Files:

  4. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Hi Unicron,

    Thanks so much for the reply. As far as my rules ... Yes I made a block all rule about 20 seconds after I wrote the first post!! I have Inbound mail to 110, Outbound to 25
    and a block all rule 3rd. On another note :) I am very new to rule based firewalls and have struggled with them for a bit, and even though our esteemed collegue,
    Blitz made the suggestion it was changed before he even started typing a reply to this post Thanks for kindness and patcience Unicorn.

    I do respect Blitz for his knowledge, and he has helped me quite a bit, but I guess I am glad he is not my family doctor... as bedside manner would of went right out the window!!! (wink Blitz) btw hi to you too!!! :)

    Very Best Regards to both of you,
    FireDancer
     
  5. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    LOL, if I came off as sweet, and kind you must not have been talking to me :cool:

    I would rather see a person helping themselves first than running to ask others a question to which they could find the answer themselves with a little research on google. In the early days when personal software firewalls were far, and few there wasn't that much information about configuring them available. However in the years there is tons of information now if people would just seek it out.

    I've been using a rule based firewall before Zone Alarm was even in development. I still remember logging every packet to see how things worked, and figuring out which traffic I needed to allow to make certain things work correctly.
     
  6. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Blitz,
    Although that would be nice, this site would be pretty much useless if that were the the case.


    FD,
    glad you got things workin' and it's UNICRON (evil planet sized transformer robot) not UNICORN (white cute mistical goat like creature with a horn on its nose, able to be riddin only by virgins.)
     
  7. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Hi,

    Well I guess I will just tell it like I see it.
    I asked for help in a help forum and what I got to start off with was a sarcastic answer, which seems to be the way of the person that gave the answer. In as much as BlitzenZeus is probably very good at firewalls, .. but not very good at people skills.... geeesh you cant even type Hello, Kiss my butt ,or Go to H**l when you reply.


    What you should type is Hey STUPID! cus thats how you come off! How would you feel if someone did that to you when you needed help? Not very good I bet
    I admit I am not very computer savy but I am learning
    and I dont need a guy like you reminding me of that

    Its like taking a step forward after learning something and being proud of it and along comes Ol' BlitzenZeus
    to kick you two steps back. Yes I took offence to your remark but being the person that I am it will be left in this post and go no further for me as I have more importaint things to do then let someone like you get the best of me :)

    And I aggree with Unicron(smirk got it right that time)
    If we all just went to google what would be the use of this board?

    You dont need to be sarcastic and rub it in that you know better then others. That is why we come here because we dont know.. in hopes of learning something from someone who does and is willing to be a bit patient and even more importaint.. POLITE!

    If you dont want to do that maybe you should just refrain from posting here.. or at least posting to me. I am sure there are many others here that are willing to take the time here to help in a polite way and not be condescending. See I can use a search bar LOL

    con·de·scend·ing ( P ) Pronunciation Key (knd-sndng)
    adj.
    Displaying a patronizingly superior attitude:

    I would ask that if you choose to reply to my posts please... get off your high horse or just dont reply.

    Very Best Regards,
    FireDancer
    ;)
     
  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,873
    Location:
    New England
    I'd just like to remind people that when communicating in this type of medium it is very easy to take and give offense. Many times offense is not meant at all. Sometimes people are joking but the way they phrase something might just be a little off, and it is hard to tell when you can't see facial expressions, hear the tone, or use any of the other indicators we usually have when we communicate face to face.

    Giving the benefit of the doubt is preferrable in these situations.

    Here's a little thread that is recommended reading for people who are on either side of the offense issue - giving or getting.

    No offense?! Yes, really!!
     
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi FireDancer

    Take heart and try not to take offense.
    We are all here to help and learn from each other :).

    Regards,

    CrazyM
     
  10. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    I am using kerio rc 3 and want to check my mail with oe6 - get errors all the time. No problem with Internet itself.

    I am using avast AV and they changed my pop server to 127.0.0.1 and the smtp too - what shall I do??

    Ruben
     
  11. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    tosbsas, It appears you don't understand how to use rule based firewalls, and your also running a beta version which has many bugs. I suggest you run 2.1.5, and not the buggy beta version at least until you know what your doing.

    Do you have a loopback rule?
    Name: Loopback
    Program: Any
    Logging: off
    Alerting: off
    Protocol: Any
    Local: Any
    Remote:
    Remote address 127.0.0.1
    Both directions
    Permit communication

    Put that rule on the top of your ruleset.

    Next what port does the program listen on? You need to block that port so nobody else can use it since even though its listening on the localhost it is considered listening on the internet.

    Avast Block
    Program: Avast
    No logging, or alerting.
    Local:
    Protocol X - The protcol its listening on
    Port X - The ports its listening on
    Remote: any
    Direction: inbound
    Block the connection.

    Running betas while learning a program is not something that is suggested by any means since they don't always run correctly. Only expeirenced users should run beta programs as they are trying to help debug the program, not figure it how it works.

    I'm current testing the Kerio Betas, and I don't even trust them to protect my computer as many features unfinished. I have also reported many bugs so far too, and have already gotten confirmations on a couple problems that I have repoted have been fixed that were unique to my reports. Hell, their logging isn't even working 95% of the time yet...

    Kerio Personal Firewall 4.0.0 beta is for testing purposes only. Please send your comments and bug reports to kpf_bugs@kerio.com .
    This address is NOT a technical support contact, we don't provide any technical support of beta versions.

    tosbsas Do not IM me after I have replied to you with the same question, if you don't understand the information, then you don't understand the program enough to use it.
     
Thread Status:
Not open for further replies.