Hello,

Trying to debug a SMTP server that I am installing in a hosting center, I got a strange behavior when willing to connect to my server using port 587 (for authentication).

As I am using Wireshark for analyzing the connection from my mail client, I was stunned by the fact that the connection was always made using port 25, whatever I configure my mail client for using port 25 or port 587.
I spent a lot of time thinking that my mail client (actually Outlook Express) had misconfiguration or was broken, and I was most surprised again by the fact that even using telnet (that is, by the command “telnet myserver 587”, which is a common mean of testing connections), the connection was also made using port 25.
Actually, whatever I was doing, I was absolutely unable to have Wireshark showing any TCP packet sent using port 587:
If I type “telnet myserver 586”, or “telnet myserver 588”, I effectively get (unsuccessful, of course) packets sent to port 586 or 588, but if I type “telnet myserver 587”, all packets are sent using port 25!

After having spent a lot of time looking about why this happens, I tried the same commands on another computer, and found that on that computer, it works properly: packets are correctly sent using port 587.

One of the main difference between these computers is that the second does not have Avast installed like in the first one.
So I tried to stop Avast on the first computer, and the result was that things reverted to normal behavior: after stopping, packets are also correctly sent to port 587.

This means that, for an unknown reason, Avast (5.0.545) intercept TCP packets to port 587 and replaces them by packets sent to port 25!!!

This is a very odd behavior which is very likely to make users unable to send mails if they need to send them using port 587, as requested by many servers or ISPs, especially if they are roaming, and this is a so big problem that I will very need to completely uninstall Avast and replace it by another Antivirus.

Gingko

??? ??? ???

You can edit the port in mail shield settings on a per-account basis.

Maybe I can edit the port that Avast is protecting.

But it is absolutely not normal and unacceptable that Avast (silently) changes the port used by any other software, especially knowing that there are very few means to actually know that it happens.

You are very likely to think that you are connecting using port 587 while you are actually connecting using port 25!

Gingko

You seem to be heavily confused here. No, not the port Avast is protecting, I mean the port used for sending email - separately for every account shown there. In mail shield advanced settings - SSL accounts.

Avast does not have to change the port in TCP connections.

If an application connects to port 25, packets must stay in port 25.
If an application connects to port 587, packets must stay in port 587.

I actually use several mail accounts on the same email client, some using port 25 an some using port 587, I cannot accept that connections to port 587 are redirected to port 25.

Gingko

Yeah, so change it back to 587 as instructed above and move on. And yeah, avast needs to change the ports, such as in this example:

client:143 ↔ 143:Avast:993 ↔ 993:mailserver IMAP/S
client:110 ↔ 110:Avast:995 ↔ 995:mailserver POP3/S

otherwise it cannot scan encrypted traffic

Had the same problems myself. After updating to latest version of Avast program OE6 couldn’t send email via any of our Hotmail.

SWMBO happened to mention last night that a couple of days ago she’d clicked yes to allow Avast anti virus (free version) to update itself (the program, not just AV definitions). So this morning I did some tests with the laptop, which hadn’t been used for a few days and still had the previous version of Avast on it, said no to the upgrade when it asked, and lo and behold all the OE hotmail accounts worked ok. Updated Avast and they stopped working.

My previous Hotmail and Avast settings (which had been working for months) were:

OE
settings advanced tab - Outgoing Mail (SMTP) port 587, the server requires a secure connection (SSL) = ticked.

Avast
Real time shields, Mail Shield, Expert settings, SSL accounts, live.com SSL 587 TLS

All I’ve done now is to untick the “server requires a secure connection (SSL)” box in OE, (which resets the port to 25), apply the setting then OK. All now seems to work.

So the latest version of Avast is certainly working differently to the previous one.

David

It is different as it can now handle the SSL transmission of email unlike 4.8 which couldn’t and as such wasn’t scanned.

The problem you had was that by having OE account settings SSL checked, you were effectively blocking avast from scanning it (it was encrypted before avast intercepted it. Since avast detected that this account needed SSL it to was set for that and you would get duplicate StartTLS commands.