I have not been able to get my mail in SeaMonkey since I installed the new version of Comodo! Now I see in the firewall events, it is blocking seamonkey.exe with a destination port of 995, which is the port used by the mail program. So, assuming, this is what’s going on, is there a way to change it so I can use my mail program again?
Can you show a screenshots of the Firewall logs (View Firewall Events) and the Application Rules (Network Security Policy → Application Rules)?
Is there an easier (quicker) way, like maybe a log file or something that I could use instead of a screenshot?
Are you getting alerts, or is it just not connecting and you see the blocks in the firewall log? make sure there are no blocked IP rules for seamonkey.
Otherwise seamonkey.exe needs a rule TCP out from [src IP] to [dest IP] from src port any to dest port [995]
If seamonkey.exe does DNS lookup, then you’ll need an additional rule:
UDP out from [src IP] to [DSN IP] from src port any to dest port [53]
If he makes connection via ssh, then you may need additional rules TCP out [src IP] to [dest IP] from port any to dest port [443]
SRC IP can be tricky if you’re using DHCP (instead of static IP).
If you make youre alert setting in firewall behavior to ‘very high’ when you click ‘allow’ and ‘remember this’, then a rule with the specific IP address and ports will automatcally gets created. Eventually there’ll be enough IP address rules created CIS wil stop bothering you.
No, I am afraid not.
Did you make a custom rule for SeaMonkey?
Ok, then, here are the screenshots…hopefully this works ok. And no, as far as I am aware, I did not make a custom rule for SeaMonkey. I don’t even know how to do that, unfortunately.
[attachment deleted by admin]
WxMan1:
No alerts. Just not connecting and I see the blocks in the firewall log. (Alerts would have been nice, at least then I would have had a clue where to start troubleshooting!) Where would I check for blocked IP rules for seamonkey?
Sorry, I’m not understanding most of this stuff much. Where are these rules to be made?.. Network Security Policy > Application Rules?
DNS lookup, ssh, DHCP: Unfortunately I do not know about these. I do know that I do not have a static IP. When I set my alert setting in firewall behavior to ‘very high’, I still get no alerts…nothing whatsoever, just still the same old nonconnection issues! Any idea why no alerts would be coming up still?
Hmmm…I wonder, is there any chance it could work to make an additional entry in Network Security Policy > Application Rules and set up seamonkey.exe as an e-mail client?
Thanks much for your help.
Well, I managed to get my mail coming in again, but only by removing the SeaMonkey.exe web browser rule in Network Security Policy > Application Rules. This makes me a little nervous…not sure if it should or not, but anyway… Also, I have the Firewall Behaviour Settings > Alert Settings set to Very High, and still no alerts are coming up! What gives? I thought it would ask again!
When you remove the Seamonkey rule CIS will use the default policy. That policy allows all outgoing traffic. That’s why it works. The browser rule you were using does not allow mail traffic.
The best thing to do is to make a dedicated rule for Seamonkey. In Network Security Policy → Application Rules choose Add. First select Seamonkey in Application Path.
Choose Use a custom policy and select the Web Browser policy. Next step is to add a rule for your email. Choose Add and fill in:
Action: Allow
Protocol: TCP
Direction: Out
Description: Outgoing mail
Source Address: Any
Destination Address: Any
Source Port: Any
Destination Port: 995 or use the POP3/SMTP port set
Then choose Apply.
Now drag and drop the new rule to a place above the block rule at the bottom. Then Apply and OK your way back to the main screen.
Thank you EricJH! Looks like that’s going to work.
Now, what about Firefox? How come I have no rule for it? Do I need one? Why did Comodo never ask about it?
The default Outgoing only rule is good enough. The Web Browser Policy is fine tuned to exactly browsing. It’s up to your preferences if you want tightly knit or more generic rule
Why did Comodo never ask about it?Ask about what? Not giving you the option to choose a policy when a program enters the web for the first time when using default settings.
The default settings are set up to make the firewall as quiet as possible for not advanced user while still maintaining a good protection.
Using a default policy for trusted applications is also coupled with not making rules in D+ Rules and Application Rules (Firewall) to have as little as possible rules stored in the registry. This is to prevent a huge rulesets in the registry which will make storing of new rules a slow experience.
If you want more control you can edit the settings. You can set the firewall to Custom Policy Mode and change your configuration to Proactive.