Results 1 to 3 of 3

Thread: IMAP emails

  1. #1
    Untanglit
    Join Date
    Sep 2016
    Location
    Arlington, Texas, USA
    Posts
    18

    Default IMAP emails

    Hello,

    My internet access is via a standard residential service which blocks everything coming in except for specific port forwarding I have configured. This means there is no incoming SMTP traffic at all.

    I have an in-house email server where all my PCs and mobile devices get their email from (postfix and dovecot).

    The email server runs fetchmail to pop email from several domains every minute. For email, this setup works well. All my outgoing email is on port 2525 and using firewall rules is locked down to my external SMTP gateway.

    Fetchmail gets my external email via IMAP4 protocol on port 143.

    What I do not understand is that email activity does not show up on any reports or any applications.

    I am running a Z4 appliance Build: 16.3.2.20210603T121845.d3309eb6a9-1buster
    Kernel: 4.19.0-11-untangle-amd64
    with the free versions of applications such as
    Virus Blocker Lite
    Spam Blocker Lite
    Phish Blocker
    Application Control Lite
    Captive Portal
    Firewall
    Ad Blocker
    Service Apps
    Reports
    OpenVPN
    Intrusion Prevention.

    Why is there no email activity indicated?
    Last edited by digisyn; 08-28-2021 at 12:46 AM. Reason: Change trackback

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,731

    Default

    Spam and Phish blockers will only scan port 25. You should see the traffic in Firewall if the traffic is going through the Untangle. Do you see other traffic to the same device in Firewall app?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    Sep 2016
    Location
    Arlington, Texas, USA
    Posts
    18

    Default

    Hello,
    Thank you for your reply.

    Yes, I see traffic to every device I have.
    In Application Control Lite the following is used for SMTP
    ^220[\x09-\x0d -~]* (e?smtp|simple mail)

    Here, no port is specified and yet it still does not trigger.

    This is used to search for HTTP sessions
    http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9]|post [\x09-\x0d -~]* http/[01]\.[019]
    and in Application Control Lite it works.

    Using telnet I discovered that my dovecot server initially responds with
    * OK [CAPABILITY IMAP4
    upon opening a connection. Again no port is specified. If I used
    ^\* OK \[CAPABILITY IMAP4
    then it should trigger regardless of what port is used.

    **Update**
    After using the IMAP signature above I now see IMAP sessions.

    I telneted into my external SMTP gateway and discovered enough difference so that the SMTP rule was not matching. I changed the rule to match what I actually get and I'm now getting triggers on SMTP.

    For email activity I'll just have to look at Application Control Lite instead of spam and phish blockers.

    Thank you for the spam and phish clarification. You may consider this matter closed unless you have any other words of wisdom.
    Last edited by digisyn; 08-28-2021 at 09:29 AM. Reason: Clarification

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2