[Declude.JunkMail] [OT] iMail 6.06 behind firewall
I know this is off-topic, but I've attempted numerous times to put our server behind a firewall, but upon doing so, the queue grows to an enormous proportion and the only way to clear it is to remove it from behind the firewall. Besides the normal ports 25, 110 and 80 (for web mail), do I also have to keep 1024-65525 open as well for iMail to work properly? Seems stupid to do since normal standardized e-mail should only use the above mentioned three ports (sendmail does). I've contacted Ipswitch about this, and get the same ol' line about upgrading to the latest version and getting full support. But since my boss is cheap and won't upgrade, it makes my life not too pleasant. Thanks for any help you may offer.. -Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [OT] iMail 6.06 behind firewall
Jeff Maze - Hostmaster wrote: I know this is off-topic, but I've attempted numerous times to put our server behind a firewall, but upon doing so, the queue grows to an enormous proportion and the only way to clear it is to remove it from behind the firewall. Some firewalls apply the same filters to both incoming and outgoing traffic, others have separate filter rules depending on direction. If the build up is outgoing messages, it sounds like you firewall is one of the latter type -- bugs check in but the can't check out Make sure that port 25 is open *outbound*. -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [OT] iMail 6.06 behind firewall
At 07:42 AM 10/6/2003, Jeff Maze - Hostmaster wrote: I know this is off-topic, but I've attempted numerous times to put our server behind a firewall, but upon doing so, the queue grows to an enormous proportion and the only way to clear it is to remove it from behind the firewall. Besides the normal ports 25, 110 and 80 (for web mail), do I also have to keep 1024-65525 open as well for iMail to work properly? Seems stupid to do since normal standardized e-mail should only use the above mentioned three ports (sendmail does). Where does your DNS server sit? If it isn't behind the firewall, you're gonna have to open up ports for DNS. I would recommend udp from mail IP src port 1024-65525 to DNS ip dst port 53. And also the opposite of that, udp from DNS IP src port 53 to mail ip dst port 1024-65525. As a side note, you won't need the reverse rule if your firewall can do UDP stateful inspection. Also, a big clue would be in your IMail logs. Post a clip of those, and I'm sure you'll find your answer. -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [OT] iMail 6.06 behind firewall
Besides the normal ports 25, 110 and 80 (for web mail), do I also have to keep 1024-65525 open as well for iMail to work properly? No -- while the ports 1024-65535 are used on the client side, the firewall only cares about the server side ports (since almost all client side ports will be in the 1024-65535 range). The problem here is probably DNS -- if the firewall doesn't allow *outgoing* DNS traffic (UDP port 53 and TCP port 53), it would account for the problem. If you set up your firewall to block all outgoing requests to non-standard ports (so that you can't reach http://www.example.com:, for example), then you would need to add DNS to its list of allowed ports. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.