Results 1 to 5 of 5
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    oregon,il
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have a Westel Versalink modem\router that has a firewall, and have had it set to "highest" setting for over a year, with no problems.

    I recently I could not send mail (recieve was fine), so through troubleshooting with my host, I changed the outgoing port to 587, per their suggestion. Still couldn't send mail, until I lowered the FW to lowest setting.

    There is settings for, highest, medium, lowest, none, & custom. For h,m,l setting, there is the ability to "edit", where it takes you to a window to see & edit the "user defined rules". Here are the rules for the medium setting
    [ Security Level Medium OUT rules ]

    begin
    # Protocol Match conditions
    RulesPass
    pass to port 80 >> done
    pass from port 80 >> done
    pass protocol udp, to port 53 >> done
    pass to port 20 >> done
    pass from port 20 >> done
    pass to port 21 >> done
    pass to port 23 >> done
    pass to port 110 >> done
    pass to port 119 >> done
    pass to port 143 >> done
    pass to port 220 >> done
    pass to port 25 >> done
    pass to port 443 >> done
    pass to port 500 >> done
    pass to port 587 >> done...Line I added
    pass protocol 50 >> done
    pass protocol tcp, from addr %LANADDR% >> state, done

    # Failed to match
    RulesDropNETBIOS
    drop to port >= 135, to port <= 139 >> done, alert 4 [Dropping NETBIOS Traffic]
    RulesDrop
    drop all >> alert 1 [ Packet to be dropped unless Service enabled ]

    end
    I tried adding the line in red above, hoping that would allow me to send mail, but that did not work either.

    Is there a "rule" that I could insert to allow sending mail, with a higher level for the FW?

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    I don't recognize this syntax. Have you found any documentation for how these rules work?

    The fact that the port 25 rule worked until it suddenly stopped working, and that the equivalent port 587 rule doesn't work, points toward other issues. Does your firewall offer logging? You could do a send/receive and view both directions of the connections with the mail server to see whether there are any unexpected ports being used. If the firewall doesn't do logging, you could use WireShark (try to minimize other internet traffic during your capture or there's a lot of sift/filter).

  3. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    You can easily test the ports from your machine.
    1. Open a Command Prompt.
    2. Type: telnet mail.messaging.microsoft.com 25
    This will connect you to microsoft's mail server
    3. Type: helo me.com
    You should see a response.
    4. Type: quit
    These commands test your ability to connect to mail servers on port 25.

    Next you need to test this with the SMTP server you use to send mail.
    To test port 587, replace the 25 with 587.

    cheers, Paul

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    oregon,il
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I couldn't see anything in the FW log that offered any solutions, BUT, I got it to work by changing "pass to port 25" to "pass to port 587". Before I just added a new line to port 587 which didn't work. Here's the user defined rule now:
    title [ Security Level High OUT rules ]

    begin
    # Protocol Match conditions
    RulesPass
    pass to port 80 >> done
    pass from port 80 >> done
    pass protocol udp, to port 53 >> state, done
    pass to port 20 >> done
    pass from port 20 >> done
    pass to port 21 >> done
    pass to port 110 >> done
    pass to port 119 >> done
    pass to port 143 >> done
    pass to port 220 >> done
    pass to port 587 >> done
    pass to port 443 >> done
    pass to port 500 >> done
    pass protocol 50 >> done
    pass protocol tcp, from addr %LANADDR% >> state, done

    # Failed to match
    RulesDrop
    drop all >> done, alert 4 [Unsupported High Application]

    end
    Mail is going both ways now with the highest FW settings...I like that!

    Question: Will eliminating "pass to port 25" cause other problems that don't have to do with mail?

    Paul, I tried your tip using the command prompt...very cool trick!

    Thanks for the feedback!

  5. #5
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    Port 587 is the SMTP port of choice for ISPs who are trying to limit spam bots. Normal SMTP, including spam bots, uses port 25.

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •