Hi all,
I installed Comodo Firewall on Small Business Server 2003 lately. It works fine except for when I turn it on, noone in the office can receive/send any emails. We scan our emails with AVG 7.5 email scanner on Microsoft Exchange.
I read some posts on the forum how to solve the problem (“skip advanced security checks” on AVGEMC.EXE), but it seams it doesn’t work for me.
I feel like I’m missing something… Shall I skip/unblock something else?
Hope to hearing from you soon.
Tommy
Are there any entries in your log that show as being blocked?
Have you tried turning off each component(Network Monitor, etc…) one at a time to see if it works with that component turned off?
jasper
Hi,
Thanks for the reply.
I tried turning off components and it seams that mail doesn’t come through when there is Network Monitor component on. Other components don’t interfere.
I looked to logs and I have plenty of records like that:
severity: medium
reporter: network monitor
description: inbound policy violation (access denied, IP = <my.ip.address>, Port = smtp(25))
in “details” box below, it says:
description: inbound policy violation (access denied, IP = <my.ip.address>, Port = smtp(25))
protocol: TCP Incoming
Source: <random.ip.address>
Destination: <my.ip.address>:smtp(25)
TCP Flags: SYN
Reason: Network Control Rule ID = 7
We also have plenty of logs like this one above, the only change is they say “Port = 20406” instead of "Port = smtp(25)). Maybe it might be helpful.
Network Control Rule ID = 7 is the default rule 7 in network control rules (I didn’t change anything in there)
Tommy
If all of the computers sending/receiving mail are on the same LAN then you might be able to make a new Trusted Zone with the IP range for your LAN. If that doesn’t work then try making the rule below. The Trusted Zone would be the most secure as it limits what addresses can get in to your LAN range.
Use Network Monitor:
Right-click the first rule in the list and choose Add > Add Before
Write this rule:
[b]ALLOW - Check the checkbox
TCP
IN
Source IP: any
Dest. IP: any
Source port: any
Dest. IP: 25[/b]
This should help.
If there are other port numbers in your log that are getting blocked inbound then just add them to the above rule in the “Dest. IP” window using a comma(no spaces) in between the numbers(25,110).
Get the log where it is not showing any blocked ports then if it doesn’t work we can go from there. If it does start to work then we can work on getting it more secure.
jasper
jasper,
after adding rule you gave me I could receive emails, but still couldn’t send them, so I added port 110 and it works perfect! Thank you very much!
so my rule now is:
ALLOW,TCP,IN
Source IP: any
Dest. IP: any
Source port: any
Dest. IP: 25,110
Tommy
Great Tommy! Glad you got it working. (:CLP)
You might want to change the Dest. IP to the IP address of your server to make it all neat and tidy.
jasper
thanks for the this info. It was helpful to me when i could not receive email via Pegasus mail on my home computer.
Harald