SPF+BEFSR41+MailWasher

I have a problem with MailWasher saying, "Skipped automatic mail check because the was no Internet connection" when, in fact, the ADSL connection has not been interrupted. This has been happening since I installed the Linksys switch and it shows up in the Sygate log as a blocked UDP response from the IP address of the switch. I can only assume that MailWasher is expecting a response from the mail server which is being blocked by SPF. Apart from allowing all UDP polls to pass through the firewall can anyone suggest a rule that would get over this problem?

Brian

Reply to
Brian
Loading thread data ...

All you have to do is allow the UDP from the router to pass for the apps in question. Some apps are written to expect the connection first. If the packets that they are waiting for are being blocked, the apps think that there is no connection.

Reply to
Renegade

Thanks for the suggestion buy it looks like MailWasher is not waiting for the UDP poll because making an SPF rule to allow incoming UDPs for Mail Washer does not cure the problem. In fact, the log still shows incoming UDP as blocked. I guess it is reasonably safe to allow all incoming UDP as I am behind the Linksys switch so I will try that for a while.

Brian

Reply to
Brian

"Brian" wrote in news:422f7199$0$14965$ snipped-for-privacy@news.skynet.be:

Yeah, I don't know what your problem is with Mailwasher. Sygate should be set to trust the device IP of the router and should not be blocking it. Since Mailwasher is making the requests for solicited traffic from behind the router and the PFW solution, then they both should allow inbound traffic to Mailwasher. I doubt that the router is causing the blockage and you may want to drop Sygate and see what happens, since the machine is protected by the router. I use Mailwasher and have not had any problems due to the router.

Duane :)

Reply to
Duane Arnold

Could it be that the router itself is using UDP packets and they are not coming from outside? I have inbound UDP and TCP blocked on my setup, and everything works fine here. Maybe the BEFSR41 is sending "keep-alive" packets with UDP?

Reply to
Renegade

Mmm, I'm not convinced by that argument. UDP is a popular means of transporting malicious code so allowing all UDP polls, even behind a NAT router seems risky. I would prefer to have belt and braces as far as possible. A crafty hacker can always penetrate NAT. It seems that it is not MailWasher itself that is waitying for the UDP response but allowing all incoming UDP signals certainly cures the problem with MailWasher thinking the Internet connection has been lost. Presumably there is some other link that causes this to happen - but what? I'm still puzzled.

Brian

Reply to
Brian

Seems to me that the UDP flash is a response from my mail server that is readdressed by the router. Because it is blocked by SPF, MW thinks the connection is broken so gives up checking. As the response appears to come from the router, I can't see how else to define a firewall rule other than allowing all incoming UDP polls, which I think is unsafe. I have now asked my ISP to check if the response is indeed coming from their server.

Reply to
Brian

"Brian" wrote in news:42303ee4$0$28060$ snipped-for-privacy@news.skynet.be:

All I am saying is drop Sygate to make sure that it was not causing the problem with Mailwasher. You can turn Sygate back on if you needed to do that. I use to use BlackIce and IPsec to supplement my old Linksys NAT router. I did set rules with BI to trust the device IP of the router and a range of private side IP(s) issued by the router. Nothing came past BI that wasn't supposed to. Sygate is supposed to have IDS as well.

On the other hand, when I got the low-end WatchGuard (real FW) router, then I was able to dump BI and IPsec and they don't run on any machines any more supplementing anything --- not the WG. You may want to look into getting a low-end (real FW) router.

Duane :)

Reply to
Duane Arnold

Well, making a rule to allow all incoming UDP from the router is the same as dropping SPF in this instance and it does cure the MW problem, so QED. However, I would still like to know the origin and purpose of this UDP signal.

Brian

Reply to
Brian

Finally, I think I've found the solution: Analysing the SPF log I found that the UDP response is triggered by just one of the two mail servers that I use and it is addressed to Local Port 520. Research on the Internet shows that this port is the Windows RIP Listener Service and MS have a nice description of how the SP2 firewall (or any other) needs to be modified to enble incoming UDP signals to Port 520. So, I made a rule for SPF and that seems to have cured the problem. Thanks to all who offered help.

Brian

Reply to
Brian

If you have logging enabled on the linksys it sends udp 162 to the pc.

Reply to
Hippolyte Tainz

I suspect SPF allows that one by default but not UDP Port 520. Anyway, allowing UDP 520 polls from the Linksys to the PC seems to have cured the MailWasher problem.

Brian

Reply to
Brian

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.