>Which is what I've had running successfully for a while now and I've only
>recently had time to look into the aspect of restricting outgoing ports -
>obviously unsuccessfully in this case although the access rules are working
>fine for the other systems on the network.
The problem is that since your firewall is not stateful, it doesn't know
whether an outgoing packet is one from a connection that IMail started (an
outgoing connection), or one that a remote computer started (an incoming
connection).
For example, if I connect to your IMail server, my requests to you will
come from port 1080 (a "random" number over 1024) to your port 25. When I
initially make the connection, a stateful firewall will see that I am
connecting to your server, and it will let you send packets back to me to
my port 1080.
However, on your firewall which isn't stateful, it just sees IMail trying
to send a packet to port 1080. Since it doesn't know that I started the
connection, it thinks you are trying to connect to port 1080 on another
computer, which you have not allowed.
So it is impossible to do what you want (block certain types of outgoing
traffic), because your firewall is stateless, and would have to either
block all outgoing packets (which would block all traffic) or block no
outgoing packets (which would allow all outgoing traffic). You could block
outgoing packets to ports <1024, but most trojans send to ports >1024, so
it wouldn't be that beneficial.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit the Knowledge Base for answers to frequently asked
questions: http://www.ipswitch.com/support/IMail/
