Rule is ignored - my fault?

Mozilla Thunderbird sometimes wants to connect to port 80 (http) to any of these IPs (46.29.101.83, 46.29.101.81, 46.29.101.84, 46.29.101.82) which all resolve to emig.ocsp.telesec.de:

http://abload.de/thumb/15.12.20154iuu3x.png

I’ve added an application rule for Thunderbird that allows access to the host name “emig.ocsp.telesec.de” at port 80. However, Comodo Firewall still asks me each time whether access is allowed. Maybe I’m overlooking something, but I don’t think so. These are the rules:

Thunderbird:

http://abload.de/thumb/15.12.20151kwj48.jpg

Global:

http://abload.de/thumb/15.12.201525ys0r.jpg

Alle of the scrambled allow and block rules do not match, but even if any of them would, they should not lead to CIS asking me each time whether access is allowed. The readable lines are the only matching rules. I was thinking the first matching rule from top to bottom is applied, which is the “allow” rule. Consequently, the “ask” rule at the bottom should not play a role anymore. Am I wrong?

The rules haven’t changed lately, and here is the log from 30 minutes ago:

http://abload.de/thumb/15.12.20153nts0w.png

You see the “asked” entry.

Am I overseeing anything?

Comodo doesn’t work well with hostnames on external networks where the ip resolved can change rapidly as the hostname is only resolved once per session.

Your better off using an IP mask converted from the CIDR block. There are tools & tables on the internet that assist in doing that.

Hmm… ok… but the topmost screenshot shows that a list of IPs is returned for reverse DNS, and the outgoing IP does always belong to that list, so it should be captured.
But if this is a limitation, I will do as you’ve suggested. Thanks.
Strange though…

If its always the same 3 IPs you could also make a network zone with a list of the ips instead.

Not quite understandable, but I’ll do so. Thanks.