Yesterday i had a CFP crash, tried to send email with minidump and found that my Thunderbird can’t connect to SMTP. Turn on global block rule logging, Thunderbird block rule logging - nothing. I mean it wasn’t even on the logs. Then i turn on block rule logging for EVERY rule i had… And found what was blocking - the NOD32 kernel process ??? Then i recalled that some time ago i noticed NOD32 kernel process was trying to connect somewhere with POP3 protocol. Pretty strange for an AV, so i blocked SMTP/POP3 port set for NOD32. And now all Thunderbird connections are running through NOD32’s kernel process… I wander why, 'cos i turned off all that nasty NOD32 web and email scanners? Everything else works fine and connects directly, not through NOD32… There was no such problem with v3.0.13 and 3.0.14 beta… Will keep trying to solve.
[Topic Closed: If issue returns PM an online mod to open]
playing with NOD settings didn’t help, right now i can only see the fact that Thunderbird is accessing DNS directly but tries to connect through NOD32.
EDIT btw disabling the firewall fixes the thing
EDIT2 turned on loopback alerts and found that Thunderbird is trying to connect to loopback, port is always different. Checked Thunderbird’s proxy settings - everything’s fine… Things are becoming more and more interesting…
It’s not the Thunderbird rule who blocks the traffic, it’s the fact the Thunderbird is trying to use NOD32 Kernel Process to access email!
Anyway, my rules are:
Thunderbird:
(none, i recently deleted them to find out what’s going on, loopback alerts pop-up, no other alerts)
NOD32:
only outgoing port 80 allowed, everything else is blocked
System:
Rules for LAN traffic (NetBIOS/SNMP/SMB)
Torrent and eMule ports
Outgoing DNS access
Global rules:
Block external ICMP
Allow all outgoing
Allow incoming LAN traffic
Allow incoming eMule, uTorrent and port 82 (HTTP server)
Block unmatching
it’s pointing the right direction, it CAN connect when a firewall is turned off (thus allowing TB loopback and allowing NOD32 kernel to connect to my POP3 server).
I am not, but Thunderbird DOES. Though every single tick is removed in NOD32 settings. As a temporary solution i explicitly allowed my pop/smtp servers/ports and allowed loopback for TB. But still, why?!
Well I’m not a NOD user, but I do use tb. Normally an email client requires some configuration to recognise the AV. This may be sending/receiving to 127.0.0.1 or instructing tb to use AV under Options/AV…
problem solved. In fact this is kinda strange. It was the enabled web scanner (NOT email scanner, strange enough) that caused TB to connect using NOD kernel. However, no ports or applications were assigned to it and it was never causing problems (maybe some component updates and it suddenly started to work?).
PS i do absolutely not use email scanning, this is unnecessary for me. In fact, i never managed to configure it properly…
