Announcement

**jcoffin** · 01-27-2021, 01:30 PM

VB Lite does not look at HTTPS. What protocol is the TLS 'handshake' issue on?

**powdermnky007** · 01-27-2021, 02:03 PM

It's an Exchange server, sending emails so I'm pretty sure it's just port 25. Our spam filter does the TLS/SSL, but I'm not certain if it changes ports to 443 do that or not.

I do know it's missing the majority of them. VB Lite has scanned 99 messages today but we've received 1300+. Edit: I think the only reason it was 99 is because I was working on updating our email servers TLS cert today, so it was going up and down. Should usually less than 99.

**jcoffin** · 01-27-2021, 02:50 PM

VB will abandoned TLS connections on port 25. I have seen issues with malform TLS SMTP and VB. I would just bypass port 25 traffic and do the virus and spam scanning on the server.

**powdermnky007** · 01-27-2021, 03:20 PM

Sounds good, how should I bypass port 25? Thank you in advance.

**sky-knight** · 01-27-2021, 03:39 PM

I wouldn't bypass TCP 25, I'd use policy rules to shove it into its own policy. That policy would have apps that are useful for SMTP monitoring, like the firewall app, and perhaps the intrusion prevention module.

The firewall app alone for the logging is essential for troubleshooting.

**powdermnky007** · 01-28-2021, 05:42 AM

I definitely want it going through the firewall app. I block all IPs coming from China. Maybe that only stops 10% of spam, but I'll take it. We have zero clients over there.

**sky-knight** · 01-28-2021, 07:16 AM

Originally posted by powdermnky007 View Post

I definitely want it going through the firewall app. I block all IPs coming from China. Maybe that only stops 10% of spam, but I'll take it. We have zero clients over there.

Then use the policy manager! I do this for ingress EVERYTHING, because if you don't it goes through the same insanity as random web requests going out. That's generally BAD for all sorts of reasons.

**powdermnky007** · 01-28-2021, 11:25 AM

Thank you for your help sky-knight! I appreciate it, but is there any way to do it besides the policy manager? The only app we've purchased is the web filter and I won't be able to make any purchases at work for a few months.

**sky-knight** · 01-28-2021, 11:25 AM

If you don't have policy manager then your only recourse is bypass.

**powdermnky007** · 01-28-2021, 11:47 AM

Thank you, I'll go start reading up on that.

**jcoehoorn** · 01-29-2021, 09:02 AM

Originally posted by jcoffin View Post

I would just bypass port 25 traffic.

Or you could go the other way, and block the port completely.

Literally NOTHING should be using unencrypted SMTP over the internet anymore. It's all ports 465 or 587 now. Anything on 25 is bad news. Port 25 is blocked on my network, and no one has complained about it in years. In fact, it's the only port here right now that's blocked outright for outbound.

**sky-knight** · 01-29-2021, 12:39 PM

TCP 25 is still the primary connection point to an email server. If you're hosting one yourself, most traffic is there.

But I agree, authenticated sessions have no place on it. And as much as is possible, TCP 25 even is happening with TLS now.

**powdermnky007** · 01-29-2021, 01:33 PM

Already doing both of those suggestions. I have outbound port 25 blocked for all IPs on the network except for the email server.

**sky-knight** · 01-29-2021, 05:05 PM

Originally posted by powdermnky007 View Post

Already doing both of those suggestions. I have outbound port 25 blocked for all IPs on the network except for the email server.

On behalf of the rest of the Internet that will see that much less spam, I thank you.

Announcement

Is Virus Blocker Lite still useful?

Is Virus Blocker Lite still useful?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment