Results 1 to 5 of 5
  1. #1
    Newbie
    Join Date
    Nov 2016
    Posts
    11

    Default Untangle blocking my mail server

    Hi,

    I'm seeing an odd situation where Untangle is blocking access to my public mail server behind it. It is indicating it is in the Phishing/Fraud category. No idea why.

    I exported the log file as a csv file but don't see a way to attach a few entries from it, so I'm copying/pasting here:

    request_id,time_stamp,policy_id,session_id,client_intf,server_intf,c_client_addr,c_client_port,s_client_addr,s_client_port,c_server_addr,c_server_port,s_server_addr,s_server_port,username,hostname,domain,host,uri,method,referer,s2c_content_length,c2s_content_length,s2c_content_type,web_filter_lite_blocked,web_filter_lite_flagged,web_filter_lite_reason,web_filter_lite_category,web_filter_blocked,web_filter_flagged,web_filter_reason,web_filter_category,ad_blocker_action,ad_blocker_cookie_ident,virus_blocker_lite_clean,virus_blocker_lite_name,virus_blocker_clean,virus_blocker_name
    9.7433E+13,49:14.8,1,9.74332E+13,1,2,104.175.142.241,64715,104.175.142.241,64715,10.0.2.16,80,10.0.2.16,80,,Smailnew,webworldinc.com,mail.webworldinc.com,/Services/svcRealTimeService.asmx/GetUpdates,P,http://mail.webworldinc.com/,,29,,,,...Phishing/Fraud,,,,,,
    9.7433E+13,49:04.6,1,9.74332E+13,1,2,104.175.142.241,64714,104.175.142.241,64714,10.0.2.16,80,10.0.2.16,80,,Smailnew,webworldinc.com,mail.webworldinc.com,/Services/svcRealTimeService.asmx/GetUpdates,P,http://mail.webworldinc.com/,,29,,,,...Phishing/Fraud,,,,,,
    9.7433E+13,48:54.4,1,9.74332E+13,1,2,104.175.142.241,64713,104.175.142.241,64713,10.0.2.16,80,10.0.2.16,80,,Smailnew,webworldinc.com,mail.webworldinc.com,/Services/svcRealTimeService.asmx/GetUpdates,P,http://mail.webworldinc.com/,,29,,,,...Phishing/Fraud,,,,,,

    The file it is referring to (.../svcRealTimeService.asmx) hasn't been modified in a year and a half. Any suggestions on how to track this down? FWIW, the https://... variant doesn't throw the error.

    Thanks!

    --Ben

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,024

    Default

    just add mail.webworldinc.com to the pass site list

    although i'm not sure why they even allow you accessing your mail over HTTP at all...


    these get flagged a lot because there IS a lot of malware and phishing on them, because of the mail the contain. similar to file share sites etc.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,311

    Default

    If I were you I'd bypass ingress TCP 80 and 443, or use policy manager to push the traffic into its own rack and ensure you don't have web filter, or either of the virus blockers. Those modules don't care what direction the traffic is flowing, they'll process it. And do you really want to be providing Untangle's power of filtration to the entire world on the content you're serving?

    In my experience that's a wonderful way to overload an Untangle.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    Nov 2016
    Posts
    11

    Default

    Hm. Good point. The same thing it returned 20 minutes ago is the same thing it is returning now, especially on the outbound side.

    I wouldn't mind filtering inbound 80 & 443, but not outbound. Are the bypass filters able to specify direction?

    --Ben

  5. #5
    Newbie
    Join Date
    Nov 2016
    Posts
    11

    Default

    Oh! Good point. Yes, I should probably disable http access to it or at least redirect it to https. In the interim I will 'bless' the site so it doesn't cause grief.

    Thanks!

    --Ben

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2