Hi,
i use Outlook 2010 x64 trial, have 2 mail accounts in there - Gmail and Hotmail. For syncing Hotmail i use outlook connector x64 enabling the MAPI protocol which doesn’t seem to be handled with the predefined Email client profile in Comodo firewall. Everytime i start Outlook, Comodo FW pops me out many times about outgoing TCP connections to remote HTTP ports 80 and 443. Now several of the remote adresses belongs to Microsoft IP ranges 65.52.0.0 - 65.55.255.255, 94.0.0.0 - 94.255.255.255, 207.46.0.0 - 207.46.255.255, 64.4.0.0 - 64.4.63.255. Some IPs from these ranges have subdomains like “.mail.services.live.com" and ".calendar.live.com” so I gues these are safe to connect to because of checking mails and calendars but majority of IPs from these ranges are domainless (at least i didn’t find any using the WHOIS db, but I’m new to this whole stuff). Other connections are established to m.webtrends.com and verisign.com (why??). I’m attaching captured screen with piece of FW log, I wanted to attach the whole exported log but it shows totally wrong source/destination ports for each action (a bug?).Please review it, tell me what to block or allow, explain me what these connections mean or eventually give me some default ruleset for Hotmail with MAPI, because everything i have found on this forum related to hotmail were rules considering POP3 or IMAP email protocols which unfortunately isn’t my case since i use MAPI. Thanks.
[attachment deleted by admin]
I am using Outlook with POP/SMTP mail only. I get these alerts for ports 80 and 443. I simply tell it to allow and remember. Does that do the trick for you?
Of course it does, this was the first thing i did. But I’m not sure if it is a good idea allowing all outgoing http trafic. Port 80 is widely abused by many pieces of malware: GRC | Port Authority, for Internet Port 80 , some spams using http for informing the sender that the target email account is “alive” so other little spammies can continue testing my patience. My idea about the http port is allow it just for outlook update checker, rss and hotmail, nothing else, that means specifying remote hosts. I did a little research and found this thread: https://forums.comodo.com/firewall-help-cis/in-and-out-t51137.0.html;msg367166#msg367166. So i’ve created network zone comprehending all of these M$ sites and added some other ms site i found blocked in the log and it seems ok, no sync error but I still get these m.webtrends.com and verisign.com domains blocked, wonder what they are. And I still would like to create special rules for rss, outlook updates and hotmail though, but struggling through all MS IPs is hell as they use plenty of mirror sites, cooperate with 3rd party servers, vary them on the basis of geographic location and change them all the time. So I guess you can consider this topic locked if anybody doesn’t have a better idea about the rules and verisign and webtrends domaines…
Webtrends sounds like a site that tracks user behaviour for advertising: Webtrends - Wikipedia . You may want to block that.
Verisign is a certificate authority; a company that sells the padlock for https connections. Since you report traffic at port 443 which is for https traffic, I would suggest to allow it.
Alright, i will definitely keep blocking webtrends since i requested no advertising at all. But the verisign connections establishes through the port 80 - you can see them in my log: 199.7.57.72, 199.7.51.190, whois give me different top level domains: OCSP.TKO2.VERISIGN.COM, CRL.VERISIGN.NET. I will keep them blocked since i didn’t buy any padlocks nor certificates. Thanks for your time anyway.
p.s. am i supposed to lock the topic or should i leave it on forum admins?
We usually leave them open.
In case we would closed it and you would like it reopened simply send a pm to any moderator that is online.