I'll take a shot, also willing to learn more if I am missing something: I would try to find the IP of the email provider if you are using a VM for email, e.g. Tutanota's IP address is: 81.3.6.162(no IMAP wit them), therefore my firewall settings for that VM would be:
IP: 81.3.6.162 Service: https (or port 443) Protocol: TCP Things I have learned about the firewall include: 1) You can type a port number into the service field vs just using whats in the "Services" dropdown selection 2) MXToolbox is a good tool to find an IP address of a website 3) I created a print VM that only allows access to my networked printer IP and the network printer's port. With this VM I can access only the printer. Maybe your vault uses this VM as its DVM. I don't trust printers in general but at least its restricted For web only 443(https) and 80(http) are all that is needed for the most part. I believe ICMP(pings) and port 53(DNS) are allowed automatically. Open to being corrected? It would be nice to control the DNS more (Quad9 DNS resolver or OpenDNS). Not sure how to do this with ease. For Thunderbird, you could research your email providers IP and change the "*"/ANY for the specific IPs or IP. Google, Apple and others generally publish the ports needed for a service to work. Qubes team I would agree this latest update is working like a charm and has improved Qubes Manager and the Fedora/Pulse Audio update problem I was having. Thank you again for the work! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ac5095b-a77a-449d-b6b4-60b4b20cd6b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.