Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Untangler
    Join Date
    Oct 2016
    Location
    Left Coast
    Posts
    34

    Default I had to shut this off- too many bounced emails

    Normally I get a number of emails every day from nvmexpress.org, pcisig.com, flashmemorysummit.com, seattletechstartups.com and snia.org. They have all been unable to access my mail server since this feature was added. I have now disabled and removed it and restarted the reflector accounts so that I can get these mails again.

    Whatever you have for a filter does not work for me. I can do better by adding a DNSBL to my SpamAssassin settings.

  2. #2
    Newbie
    Join Date
    Nov 2008
    Location
    Chicago, IL
    Posts
    10

    Default

    Same here. I recently upgraded my license to the complete package, and I enabled this new app I've never seen before (leaving the default settings). I've been getting tons of complaints from people saying they can't email us anymore, and their delivery failure notices just say "Connection timed out" or "It has been in queue too long and will not attempt delivery again." I don't see any connection attempts on our actual email server logs. I don't have tarpitting or greylisting enabled.

    I disabled the app yesterday, and mail is coming through fine now. I just got a flood of emails myself that I was expecting several days ago. Very upsetting.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,186

    Default

    Untangle modules do not care about direction. Services hosted behind Untangle require special consideration as a result. Anyone that's operating a Web Server, or an Email Server behind Untangle will be well advised to use policies to push ingress traffic to those services into a dedicated rack with a specifically configured set of rack modules. Otherwise, you will have this problem.
    Sam Graf likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    Nov 2008
    Location
    Chicago, IL
    Posts
    10

    Default

    So if I only have one default rack, I shouldn't use Threat Prevention?

    When I do a "Threat Lookup" on the IP addresses of the email servers that are being delayed on inbound connection attempts, all of them are coming up as trusted or low risk. Why would they be blocked or delayed?

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,186

    Default

    Quote Originally Posted by timbo View Post
    So if I only have one default rack, I shouldn't use Threat Prevention?

    When I do a "Threat Lookup" on the IP addresses of the email servers that are being delayed on inbound connection attempts, all of them are coming up as trusted or low risk. Why would they be blocked or delayed?
    That I cannot tell you, I can say that module is designed for a very different purpose and I'd expect it to continue to be an issue forever and more in this circumstance. A dedicated rack for email processing is the only way to stabilize the situation.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Nov 2008
    Location
    Chicago, IL
    Posts
    10

    Default

    Quote Originally Posted by sky-knight View Post
    That I cannot tell you, I can say that module is designed for a very different purpose and I'd expect it to continue to be an issue forever and more in this circumstance. A dedicated rack for email processing is the only way to stabilize the situation.
    The help page specifically mentions that it's intended to protect servers:
    Threat Prevention blocks potentially harmful traffic from entering or exiting the network. This app can prevent cyber attacks to your servers (e.g. web, VoIP, and email). It is also useful to prevent data loss in case users mistakenly try to connect to a phishing site or other type of malicious host.
    I think I understand what you're saying, though. As a workaround, I can make a dedicated rack for my servers that excludes this module, but my default rack can still include it to protect regular office users. I've never considered multiple racks before, and I'm going to read more about this because it sounds interesting.

    For the time being, I'm just going to leave this module disabled though. It seems broken, and I don't trust that it won't cause other issues.

  7. #7
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    928

    Default

    Quote Originally Posted by timbo View Post
    The help page specifically mentions that it's intended to protect servers...
    Since the update is still rolling out at least some of us have no practical experience with the Threat Prevention app yet, but from your description of its effect and from so many others, while this app may be next of kin to Web Filter it behaves more like Intrusion Prevention. Unless the app is truly broken in some way, the guidance for using Threat Prevention is going to have to start sounding more like guidance for Intrusion Prevention, it seems to me. Just an observation.

  8. #8
    Newbie
    Join Date
    Nov 2008
    Location
    Chicago, IL
    Posts
    10

    Default

    Quote Originally Posted by Sam Graf View Post
    Since the update is still rolling out at least some of us have no practical experience with the Threat Prevention app yet, but from your description of its effect and from so many others, while this app may be next of kin to Web Filter it behaves more like Intrusion Prevention. Unless the app is truly broken in some way, the guidance for using Threat Prevention is going to have to start sounding more like guidance for Intrusion Prevention, it seems to me. Just an observation.
    What's your guidance for Intrusion Prevention?

  9. #9
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    928

    Default

    I meant the wiki content, but as a user of Intrusion Prevention, that app is one of the only at-your-own-risk apps in the Untangle arsenal (the other being Ad Blocker). Intrusion Prevention requires care because it can break stuff and will break stuff if not used with real deliberateness and care.

    From my look at the Untangle demo, I at first thought Threat Prevention was indeed sort of an Intrusion Prevention Lite. That seems not to be the case in terms of the app's architecture, but it does seem to be the case, at times at least, in terms of the app's effect.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,186

    Default

    Quote Originally Posted by timbo View Post
    What's your guidance for Intrusion Prevention?
    Don't use it unless you want gray hair? That module is VERY time intense on the admin to operate.

    As for Threat Prevention, it's a .0 release I wouldn't put it in front of servers willingly at this point. It needs time to cook.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2