Selected "Browser" as Predefined Policy for Opera and now Mail's blocked -solved

The last 4-6 years ComodoFW has been my standard firewall as well as Opera for mail and browsing. And I am very satisfied with ComodoFW! Two weeks ago I reinstalled W7-64, and reinstalled Comodo and Opera.

4-5 days ago I could still downoad fresh mails but no sending… And I am rather sure this is because I made som changes under >Firewall, >Network Security Policy at that time. I changed the settings from “Use a Custom Policy” over to “Use a Predefined Policy” and selected “Web Browser”. After that I was not able to send mail. Today if I define Opera as “Email Client” (under >Network Security Policy) then I am able to send mail again. The problem is that I can not select both at the same time. And if I select “Use Custom Policy” then all the former settings are gone.

When I look at the rules for “Email Client” in relation to “Web Browser” under >Predefined Policies I can see that one line is missing for Web Browser; “Allow Outgoing POP3/SMTP Requests”. This must be the reason.

What’s optimal for security; make a complete copy of the settings for this point and add it as a general rule for “Web Browsers”? Or is it best to delete all settings for Opera under >Network Security Policy and define new rules by restarting Opera? Or what do you recommend?

If I were you, I had made a new predefined policy for opera in which I had copied the predefined policy for web browser and add :
description : allow outgoing POP3/SMTP requests
allow TCP out
source address : any
destination address : any
source port : any
destination ports : type : a set of ports
Ports : POP3/SMTP Ports

Thank you Boris! Your recommendation led me to a trial. When I pressed “Use a Custom Policy” the list was empty, but then I had to use my own brain and not just disturb you. I selected “Copy From”, “Web Browser”, and I got the same Custom list for Opera spesific as for browsers generally. Then I added the last policy - as you describe it. (And as we all can see as a spesific rule for Email Clients. Quite logical.) Now I can send email as normal. Thanks to you and the others that spend hours daily to help others!

This was my first fundamental changes within Comodo. I had to break the barrier. And it was caused by LibreOffice. After the installation I recognized that all the Dlls, Exe’s, etc. of LibreOffice occupied more than half of my list of application rules (more than 100 lines). On another of my computers OpenOffice list was just a few! Strange…

I don’t use the mail client in Opera. I made a specific rule for Opera browser with adaptations for Unite based on the Browser policy.

About the list of application rules for LibreOffice. Are you using the same version of LibreOffice on both computers? Where do your CIS settings on your computer differ from the other?

The long list of rules for LibreOffice was for >Trusted Files (Defence+). And I can see that the long list, where I now have deleted most of them, is for the latest beta release, version 3.4.rc1 Perhaps that’s the reason. Now I am not home and have no acceess to the other computer but the other version was installed 4-6 months ago, and it was one of the first ordinary releases.

I just installed OpenOffice 3.4 rc2 (released yesterday) on another computer and the installation made 385 lines of rules in the list of >Trusted Files! 98% dll’s and a few exe files. By one installation my list of Trusted files was doubled!

This was a bit special. 10 days ago I reinstalled windows7-64. Copied all Opera settings to the new user-folder as before. And once again I face problem to use Opera Mail and Comodo settings. As long as Opera is also my browser (old version) I shouldn’t give Opera “open door”. I searched by Google this words: “COMODO settings opera mail” and the 1st link was to this forum - made by myself - when I faced similar problem in a similar situation 3 years ago! A coincidence? No, mysterious!

Anyhow this time I can’t make the same settings because I am using an IMAP account. I am using the settings you can see at step 3: https://vivaldi.net/en/blogs/entry/how-to-move-your-email-from-my-opera-to-vivaldi-mail?start=20 Port 993 and 465. When I make exact the same settings as in 2011 I still can’t send/receive. When I switch off Comodo then it’s no problem. I am using the email check software POP Peeper with the same ports etc. and this program can go online. Any idea what settings is optimal for Opera ver 12.01 (included mail)?

Finally I am also using Comodo ver 5.10. Old yes, but I didn’t like the new style that came last year.

Today my settings look like:
Allow Access to Loopback zone
Allow outgoing HTTP Requests
Allow outgoing FTP Requests
Allow outgoing FTP+PASV Requests
Allow outgoing DNS Requests
Block and log all unmatching requests
Allow outgoing POP3/SMTP requests

For POP Peeper my settings looks like this:
Allow IP from MAC Any to MAC Any where protocol is any

Isn’t it a bit too risky to open up the browser with this last permission?

You can do what you did before, i.e use custom ruleset and then Copy From > Web Browser, and then add a new rule for POP3 and SMTP ruleset as you did last time as well, but then when that is done, also make a rule that states to allow Source IP Any to Destination IP Any Where Source Port is Any and Destination Port is 993 (do the same for 465)

OR you can edit the portset “POP3/SMTP Ports” to also include the ports for IMAP, I can’t tell you how to do that in version 5.10 though as I can’t remember much of it.

Thanks for helping me, Sanya IVL

I tried to make one more rule for Opera. But I didn’t have the opportunity to select Destign.Port with

IP Any >Designation IP Any >Source Port Any - and then find any alternative to select Destination Port. The alternative is: Custom (yes, then I got a field to write something (is this a field for port number?) or
Any, TPC, UDP, ICMP, IGMP, RAW IP, PUP, GGP, GRE, RSVP, ICMPv6.

I tried “Any” as Destignation port - and then yes I could send/receive mail by IMAP. But isn’t this too risky; IP, any, any, any?

When I locked at the details for Predefined Policies, Email Client then I found (as for Opera)
Access to Loopback Zone, Outgoing POP3/SMTP Requests,
Plus one more permission: Allow Outgoing DNS Requests
Details: Allow UDP Out to Any, Destignation IP Any, Source Port Any, Designation A Singel Port 53.

What If i select UDP instead of IP and then select port 993+465?

I tried this; First I defined a new group/set of ports; “IMAP”, no 993+465
Then one more rule for Opera (than copied from web browser):
Allow UDP Out from MAC Any to MAC Any where Source Port is Any and Destignation Port is A set of Ports, IMAP

When this line was added at the bottom I still couldn’t send/receive m. but when I moved it above Block all Unmatching Requests (of course) then yes, I was able to send/receive mail by my IMAP account (and the others).

Isn’t this last alternative a bit more “safe” than; IP, any, any, any? Perhaps I could try to move this permission down 1-2-3 steps and see if I still can send/receive by IMAP…
Or is this “empty field” (as mentioned first) for >Custom to write in manually “993, 465” or something like this?

Sorry, I’m just getting more and more confused right now…

I guess we could make it a bit more simple (or at least a bit more organized) by doing this:

  • Go to Port Sets and make sure the POP3/SMTP Ports port set has 993 and 465 in the list.
  • Go to the application rules and select the rule for Opera and then edit it.
  • Remove all rules and then choose Use a Custom Policy and then Copy From > Web Browser
  • Select Add…
  • Set these settings:
    Action: Allow
    Protocol: TCP or UDP
    Direction: Out
    Description: Leave blank or call something like “Allow Outgoing EMAIL Requests”

Source Address: Any Address
Destination Address: Any Address
Source Port: Any
Destination Port: A Set of Ports (Choose POP3/SMTP Ports)

  • Click Apply on the rule.
  • Make sure the new rule is NOT below the Block rule.
  • Click OK/Apply on all relevant windows and try if Opera can connect to mail.

Go to Port Sets and make sure the POP3/SMTP Ports port set has 993 and 465 in the list. (Yes, they have been all the time)
Go to the application rules and select the rule for Opera and then edit it.
Remove all rules and then choose Use a Custom Policy and then Copy From > Web Browser (Yes, I’ve done this)
Select Add…
Set these settings:
Action: Allow
Protocol: TCP or UDP (here I’ve selected only UDP)
Direction: Out (Yes)
Description: Leave blank or call something like “Allow Outgoing EMAIL Requests” (this is not on this old Comodo Version)

Source Address: Any Address (Yes)
Destination Address: Any Address (Yes)
Source Port: Any (Yes)
Destination Port: A Set of Ports; Choose POP3/SMTP Ports (I selected only the two ports 993+465 i called “IMAP” - this is more safe, isn’t it?- as long as it works)
Click Apply on the rule.
Make sure the new rule is NOT below the Block rule. (1st step above the block rule)
Click OK/Apply on all relevant windows and try if Opera can connect to mail. (yes, now my IMAP and two other acc. work)

By this I have done it exactly as you recommend - except that I link this rule to only two instead of all the ports.
Only two ports are more narrow rule.
Only UDP instead of TCP or UDP are also more narrow.

"…Port Sets are handy, predefined groupings of one or more ports that can be re-used and deployed across multiple Application Rules and Global Rules… (further down) To add a new port set: "Define a name for the set… Select the port numbers…

Now it works and I just want to say thank yiou very much. Welcom to northern Norway. The time is 7 pm and sunshine. This time of the year it is midnight sun. It’s sunshine 24 hours a day. And now my email works and my face is also “shining” - thanks to you Sanya IV Litvyak