user claims blocking yahoo! mail

**carboncow** · 08-30-2011, 01:17 PM

Please look at the screenshot and tell me this is not what I would see if Untangle is blocking a site. I've seen the proxy page that comes up if someone tries to view banned content.

This user claims he cannot send Yahoo! webmail since the new Firewall went live last week. As you can see form my screenshot I have little blocked in the Web Filter and I"m not even flagging webmail!

Is there anywhere else I should look in a log or is this clearly a Yahoo! issue of sorts?

You guys will get a kick out of the request I got from one of my users...

Subject: Computer Performance Issues Need Fixed!
Body: Cannot send email

1. The user sent me an email from this account just fine!
2. We'll assume he met cannot get the email outside our LAN, which I remote'd into his PC and tested just fine to my personal account, check.
3. While I remote'd in I saw the error message from his Yahoo! webmail account...so we'll assume this is the issue he's talking about. So I'm not sure what this has todo with "computer performance" as he noted in the subject.

hahahaha! but I digress...

**hlarsen** · 08-30-2011, 01:26 PM

it's probably Intrusion Prevention, look at the Event Log.

**jcoehoorn** · 08-30-2011, 01:28 PM

I've seen this first hand when using protocol control to block socks 5 proxys. Something in Yahoo mail is flagged as a false-positive for SOCKS5.

If you want to block socks 5 and still allow yahoo mail, you have to use the bandwidth control app to throttle SOCKS5 links down to speed that are unusable for actual traffic, and leave just enough bandwidth there for the single request in yahoo that trips the socks 5 filter as a false positive to finish.

**dmorris** · 08-30-2011, 01:28 PM

The rule interfering with yahoo was removed from everyone in 9.0.2

edit: jcoehoorn may be onto something:
http://forums.untangle.com/protocol-...l-control.html

**carboncow** · 08-30-2011, 01:29 PM

Yep you nailed it!

Can you explain why one PC can send from Yahoo! Mail and another cannot?

It's #8734 Web-Php Pajax arbitrary command execution attempt

Could be the difference in browsers versions executing different codes?

**carboncow** · 08-30-2011, 01:34 PM

Originally Posted by dmorris

The rule interfering with yahoo was removed from everyone in 9.0.2

edit: jcoehoorn may be onto something:
http://forums.untangle.com/protocol-...l-control.html

I got 9.02 running.

I loaded chrome and firefox on his system to test and they both worked fine, it's IE8 that is triggering the rule.

he needs chrome anyways as IE prevents some webcams he needs to see for our resort, so this work around will suffice.

thanks all!

**carboncow** · 08-30-2011, 01:41 PM

OK found it, should I just turn it off?

if it's removed or getting removed then it's been found to be invalid? Or should I keep and tell the user to try his alternate browser for his personal stuff?

**hlarsen** · 08-30-2011, 01:46 PM

yeah just uncheck 'block' and it should be fine.

**sky-knight** · 08-30-2011, 06:34 PM

Heck just turn off the module. You shouldn't be running an IDS unless you're ready to deal with it anyway. A real working IDS is almost as much work as a block all firewall policy... it's constant management.

**dmorris** · 08-30-2011, 09:23 PM

Originally Posted by sky-knight

Heck just turn off the module. You shouldn't be running an IDS unless you're ready to deal with it anyway. A real working IDS is almost as much work as a block all firewall policy... it's constant management.

Yep. Agreed.

Protect

Filter

Perform

Connect

Manage

Add-Ons

Thread: user claims blocking yahoo! mail

LinkBack

Thread Tools

user claims blocking yahoo! mail

Posting Permissions