firewall rule does not seem to work all the time (still get popups)

I have rules set up to allow my email program to connect to my outgoing and incoming servers. There are several accounts, but for comcast, the rule is set to allow connections to host name “mail.comcast.net” at port 110. The SMPT server uses port 995, so that rule is set to allow connections to smtp.comcast.net at port 995. Despite these rules, I still get popups for the application asking permission to connect to an IP address. This does not always happen. Sometimes it seems to work fine and other times I get the popups. I have checked the IP address that the app is connecting to, and it is a comcast IP. Since mail.comcast.net, etc, is all the is entered into the email server configuration page, I presume it goes to a domain server to find what IP the domain is pointed to. I don’t see why CIS isn’t allowing the connection some of the time.

Can anyone let me know why this isn’t working all of the time. There isn’t much point in configuring rules if I still have to respond to popups all the time.

LMHmedchem

It’s likely you haver the ports wrong for SMTP. Port 995 is encrypted POP, whereas port 587 is encrypted SMTP.

This wouldn’t explain why it works some of the time and not others. I may have written up my explanation incorrectly. After looking at it again, it looks as if I have the rule set to allow connections to smtp.comcast.net at port 465 and mail.comcast.net at port 110 for the pop server. This matches what is on my server configuration page. I was not using the encrypted connections for comcast. A while ago, I was suddenly not able to connect to my SMTP comcast server. I fixed the issue by changing to the port 465 connection, which I think is encrypted. It would be nice if comcast would let you know when the make a change in how you will connect, but they don’t seem to care much if you suddenly have problems. They want everyone to use webmail anyway. Yahoo did the same thing a year ago or so.

I’m not in a comcast account right now, so I will switch accounts and check my mail settings against the logs and see what is happening. Still, it works most of the time, which is odd.

LMHmedchem

Well I went into my comcast account and changed to the encrypted connection. I don’t see any reason to not use that even though it hasn’t been set up like that for a while now. My pop connection is to mail.comcast.net at port 995 and my smtp is to smtp.comcast.net at port 465. My yahoo is set up the same way. The CIS firewall rules are set to allow those connections. We will see if that changes the firewall behavior.

My yahoo has been set up for ports 995 and 465 for a while now and I get the popups there as well. My app gives 465 as the default port for SMTP on SSL/TLS. I don’t seem to have any issues with the mail working, just the firewall alerts.

LMHmedchem

If you continue to receive alerts, try to capture as much information as possible, port, address etc. The name of the email client may also help. As far as ports are concerned, most large email providers will support SMTP 465 and 587, the main difference being mandatory SSL with 465.

http://customer.comcast.com/help-and-support/internet/email-port-25-no-longer-supported/

I have cleared my firewall logs so it will be easier to find the new alerts and match them up.

I use seamonkey for both my email and browser. It is a continuation of the old mozilla and is more or less firefox and thunderbird in a single app. The main reason I keep using it is that I like its account management features. You can have different accounts (you pick which one you want to log into on startup) and you can keep all of your account information in a folder of your choosing. This makes daily backups and restoring of accounts pretty easy. One of my seamonkey accounts if from my comcast email and another is for yahoo email. I have had this issue for both sm accounts. The yahoo has been set to 995 and 465 for quite a while.

I have also noticed alerts for an application called AAM Updates Notifier.exe, which looks like it is part of my adobe CS5 install. The problem is that when the alert comes up, I look in the process manager and there is no such application called AAM Updates Notifier.exe that is running. How can an application request internet access when it is not running? I don’t have any adobe software running that I can find. None of my installs are set to automatic update anyway, so I don’t know why it would be connecting on its own anyway.

LMHmedchem

I used Mozilla Suite for a time but I’m not really a fan of all-in-one type applications.

I have also noticed alerts for an application called AAM Updates Notifier.exe, which looks like it is part of my adobe CS5 install. The problem is that when the alert comes up, I look in the process manager and there is no such application called AAM Updates Notifier.exe that is running. How can an application request internet access when it is not running? I don't have any adobe software running that I can find. None of my installs are set to automatic update anyway, so I don't know why it would be connecting on its own anyway.

LMHmedchem

Some Adobe updater applications use a Windows service called BITS (Background Intelligent Transfer Service) which is a hosted application that runs under svchost, However, I’d have to install a CS suite/application to confirm if that’s happening here.

I have changed my BITS service to disabled and I will if that stops the alerts.

The main reason I still use seamonkey is the ability to store everything related to a profile in a single folder that I choose. I dislike having data of that kind stored on the OS partition where it could be lost if a re-install is needed. I think that applications that don’t allow you to configure where you want application data stored are poorly designed. I also back up that data every night and so having it all in one place makes backup convenient. I have never understood why all email applications don’t support a profile location where you can just point to a folder to import and use a profile. Of all the data on my computer, my email and some of my web data is amongst the most important, so I prioritize the ability to backup and restore that data easily.

My firewall log now has a list of attempted outbound TCP connections from my computer to 98.138.82.28 at port 995. This is a yahoo account and I have a rule set up to allow connections to pop.bizmail.yahoo.com at port 995. My pop server settings are to pop.bizmail.yahoo.com at port 995, so I don’t understand why I am getting a request for connection permission.

These connection requests happened in the middle of the afternoon over a two minute period. My client checks for new messages every 10 minutes, but there are no other alerts after that. Most of the time, the request goes through without triggering an alert, but occasionally it does.

Let me know if you want any additional information. I can post my configurations if that would help.

LMHmedchem

It’s possible there’s still a bug with the way CIS handles domain/host names, when used as place holders in rules/zones. From what I can see pop.bizmail.yahoo.com has numerous IP addresses associated with the domain name, the same may also be true of Comcast. If CIS is not resolving the domain name correctly - which it’s had problems with in the past - it may be causing the problems you’re seeing now.

What you could do is change the destination address from a domain name to the IP address and see what happens. It may also be useful to post specific details of the rules you’ve created along with the relevant log entries.