Announcement

Collapse
No announcement yet.

IMAP emails

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    IMAP emails

    Hello,

    My internet access is via a standard residential service which blocks everything coming in except for specific port forwarding I have configured. This means there is no incoming SMTP traffic at all.

    I have an in-house email server where all my PCs and mobile devices get their email from (postfix and dovecot).

    The email server runs fetchmail to pop email from several domains every minute. For email, this setup works well. All my outgoing email is on port 2525 and using firewall rules is locked down to my external SMTP gateway.

    Fetchmail gets my external email via IMAP4 protocol on port 143.

    What I do not understand is that email activity does not show up on any reports or any applications.

    I am running a Z4 appliance Build: 16.3.2.20210603T121845.d3309eb6a9-1buster
    Kernel: 4.19.0-11-untangle-amd64
    with the free versions of applications such as
    Virus Blocker Lite
    Spam Blocker Lite
    Phish Blocker
    Application Control Lite
    Captive Portal
    Firewall
    Ad Blocker
    Service Apps
    Reports
    OpenVPN
    Intrusion Prevention.

    Why is there no email activity indicated?
    Last edited by digisyn; 08-28-2021, 12:46 AM. Reason: Change trackback
    Tags: email, spam blocker lite, z4 appliance
  • #2
    Spam and Phish blockers will only scan port 25. You should see the traffic in Firewall if the traffic is going through the Untangle. Do you see other traffic to the same device in Firewall app?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

    Comment

    • #3
      Hello,
      Thank you for your reply.

      Yes, I see traffic to every device I have.
      In Application Control Lite the following is used for SMTP
      ^220[\x09-\x0d -~]* (e?smtp|simple mail)

      Here, no port is specified and yet it still does not trigger.

      This is used to search for HTTP sessions
      http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9]|post [\x09-\x0d -~]* http/[01]\.[019]
      and in Application Control Lite it works.

      Using telnet I discovered that my dovecot server initially responds with
      * OK [CAPABILITY IMAP4
      upon opening a connection. Again no port is specified. If I used
      ^\* OK \[CAPABILITY IMAP4
      then it should trigger regardless of what port is used.

      **Update**
      After using the IMAP signature above I now see IMAP sessions.

      I telneted into my external SMTP gateway and discovered enough difference so that the SMTP rule was not matching. I changed the rule to match what I actually get and I'm now getting triggers on SMTP.

      For email activity I'll just have to look at Application Control Lite instead of spam and phish blockers.

      Thank you for the spam and phish clarification. You may consider this matter closed unless you have any other words of wisdom.
      Last edited by digisyn; 08-28-2021, 09:29 AM. Reason: Clarification

      Comment

      Previous template Next
      Working...
      X
      😀
      🥰
      🤢
      😎
      😡
      👍
      👎