> > > > is it modern enough to do "stateful" packet filtering? > > > >Nope. > > ugh, junk it. there are tons of ways to get stateful filtering with > low-cost commercial hardware or FreeBSD/Linux for free.
It'll get replaced at some point although there's more critical things need upgrading first if I can get the money...which is unlikely. > > > > stateful ingress access manages itself, allowing Imail to respond > > > egressly > > > to the connections coming from outside. > > > > > > Imail needs to have tcp egress from ports >1024, since Imail > SMTP client > > > will connect to remote servers up there. > > > >Right, well I didn't know that so if access through ports >1024 was being > >blocked that might the problem? > > could be. try it and see. > > not being stateful/dynamic, means you have to set up explicitly both > ingress and egress for each Imail service port. All the imcoming ones were set up correctly before. I'm only having problems getting the outcoming ones right. > > >Although I don't understand why that would prevent access to the > >webmessaging interface for example. > > have to let tcp in to port 80, another rule to let tcp out from port 80. Yeah, that's already done although Imail uses 8383 by default as the incoming port. Incoming port 80 is redirected to our webserver. > > We're a very small company and this unit, while > >admittedly cheap and probably worthless to you, does the job, > albeit a basic > >one. > > well, you're already having problems setting it up, and will > probably spend > enough time maintaining it to pay for newer one. Maybe. A better system will be needed at some point but at the time it was bought, we couldn't afford anything more. > > >When there's money available and as the company expands we will > look at more > >sophisticated systems. All I asked for was some help in > understanding what > >ports Imail makes outgoing communications on so I can try and make sure > >those are left open. > > I'd start by allowing ingress to the Imail service ports, and allow > unrestricted egress from Imail. > Which is what I've had running successfully for a while now and I've only recently had time to look into the aspect of restricting outgoing ports - obviously unsuccessfully in this case although the access rules are working fine for the other systems on the network. Guess I'll have to leave it for now. - Howard Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
