> > is it modern enough to do "stateful" packet filtering? > >Nope.
ugh, junk it. there are tons of ways to get stateful filtering with low-cost commercial hardware or FreeBSD/Linux for free. > > stateful ingress access manages itself, allowing Imail to respond > > egressly > > to the connections coming from outside. > > > > Imail needs to have tcp egress from ports >1024, since Imail SMTP client > > will connect to remote servers up there. > >Right, well I didn't know that so if access through ports >1024 was being >blocked that might the problem? could be. try it and see. not being stateful/dynamic, means you have to set up explicitly both ingress and egress for each Imail service port. >Although I don't understand why that would prevent access to the >webmessaging interface for example. have to let tcp in to port 80, another rule to let tcp out from port 80. > > I assume Imail uses an internal DNS? > > > >No we don't have internal DNS which is why I allowed port 53 through which >the Imail documentation I have says is used for DNS. > > >It may be a hardware issue I suppose but the fact that it works > > witout any > > >restrictions suggests there's something else I need to allow outgoing. > > > > If it's not stateful, I suggest you donate it to Salvation FBI, CIA, NSA, > > they seem to be in need of hardware. > > > >Not a very helpful comment. wasn't meant to be. > We're a very small company and this unit, while >admittedly cheap and probably worthless to you, does the job, albeit a basic >one. well, you're already having problems setting it up, and will probably spend enough time maintaining it to pay for newer one. >When there's money available and as the company expands we will look at more >sophisticated systems. All I asked for was some help in understanding what >ports Imail makes outgoing communications on so I can try and make sure >those are left open. I'd start by allowing ingress to the Imail service ports, and allow unrestricted egress from Imail. Len www.menandmice.com/DNS-training : DNS Training BIND8NT.MEIway.com : ISC BIND for NT4 & W2K IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
