What rules? The only Mail Shield settings I see are those mentioned (SSL accounts). There are no rules, like “If FROM contains then flag with ”.
What does that accomplish? That looks to have my e-mail client (Outlook) use non-SSL connects to have Avast intercept them and then Avast does non-SSL connects to the e-mail server. That won’t work because remember that Gmail will NOT accept non-SSL connects. Gmail demands SSL. So Avast won’t be able to connect and I end up erroring anyway just like I am now.
Are you insinuating that changes in Avast’s Mail Shield require a reboot for them to be effected?
Gmail requires SSL connects. Your test scenario is doomed to fail. Gmail will not accept non-SSL connects.
I have never seen that prompt. The option in the SSL accounts settings of “Automatically detect and warn about unprotected SSL connections” is enabled.
My assumption is that Avast’s Mail Shield will only intercept outbound connections, not inbound connections. Yet today when I went back into the SSL Accounts settings in Mail Shield, I see new SSL setups in there that I never added. For example, a new entry (not added by me) exists for “giganews.com, NNTP, 119, None”. That is, it is for connects to giganews.com for Usenet (newsgroups) and non-encrypted. I don’t have a Giganews account for newsgroups. My newsreader (40tude Dialog) does not have an account defined for Giganews (because it wouldn’t work since I don’t have an account at Giganews which is a paid service and requires a login that I don’t have). The only other newsreader on my host is Outlook Express (which I don’t use) and it has no NNTP (news) accounts defined in it. There may be articles in a newsgroup from someone that submitted through Giganews but that doesn’t have me connecting to there. The only NNTP servers to which I connect at Albasani, Eternal-September, and AIOE. The following new entries showed up since yesterday and I didn’t add them nor did I ever get a prompt about them:
schnuerpel.eu, NNTP, 563, SSL
cesmail.net, NNTP, 119, None
eternal-september.org, NNTP, 563, SSL
giganews.com, NNTP, 119, None
cesmail.net is for Spamcop’s NNTP server as they have their own newsgroups that aren’t peered to Usenet (i.e., they have private newsgoups). My newsreader connects to news.spamcop.net but its IP address is 216.154.195.61 for which a reverse DNS lookup gives news.cesmail.net. I understand why the Eternal-September entry got added because that server is defined in my newsreader and I’ve visited Usenet since installing Avast. I’ve done an nslookup on news.albasani.net to get the IP address and then a reverse nslookup on that IP address to see if the hostname lookup resulted in a different one. Yep, news.albasani.net = 178.63.61.145 = four.schnuerpel.eu so I understand how that entry showed up. The Giganews entry showed up because I visit the private newsgroups for Mozilla (to get help on Firefox). This is because news.mozilla.org = 216.196.97.169 = news.mozilla.giganews.com. So a problem in using Avast’s Mail Shield is that what it detects for a hostname is what I see after performing a reverse DNS lookup but users won’t know about that and not understand why an outbound connect request on a hostname results in Avast showing a different one. If I didn’t know something about DNS then I wouldn’t know why these new entries had shown up.
Probably the reason is the hostname requires a DNS lookup to get the IP address. Humans like names but computers demand numbers. The IP address gets returned as to where my computer is to connect and that is what Avast’s Mail Shield sees as the actual connection endpoint. But to be friendly, Avast does a reverse DNS lookup on the IP address to show a hostname for that endpoint. That is, Avast shows a hostname instead of an IP address but the IP address is what my host gets back for the endpoint to where it connects and Avast translates that IP address back to a hostname. A reverse DNS lookup, like what Avast is doing, often results in a different hostname or multiple hostnames. If the connection were to Akamai, well, they have worldwide load-balancing servers with multiple IP addresses and those can have multiple hostnames. Site owners that use a webhoster may show a different reverse lookup hostname (for the webhoster) than the one they registered and the DNS server points at the webhoster. I also suspect the outbound DNS request is not SSL secured so Avast isn’t going to see it to know that an outbound connection will soon appear for that hostname. Client does an outbound DNS request (non-SSL) to translate from hostname to IP address, client gets IP address, client makes outbound SSL connection to that IP address, Avast sees the outbound SSL connection and adds an entry to its SSL Accounts list. At that point, Avast only has an IP address so it does a reverse DNS lookup on IP address to get back a hostname (which may not work due to no A record at the DNS server or failed chaining upward to the next DNS server on a failed lookup, or result in a different hostname). The friendly feature of showing hostnames instead of the actual IP addresses used for the connections can bite you in the arse if you don’t know anything about DNS.
Does the prompt that Avast found a new SSL connection evaporate? If so then it’s very likely I wasn’t at the computer and the prompt was gone by the time I got back. Prompts that don’t stick means they are worthless when the user isn’t at the computer. Yet the prompt should’ve shown up at the time when I loaded my newsreader and it connected to the various NNTP servers. Never saw the prompt.
So Avast is detecting the outbound connections but not only for SSL but also for non-SSL. After all, two of the new entries were “None” (non-encrypted) and those are accounts defined in my newsreader that don’t use SSL (I don’t know if those NNTP servers support SSL connects). I have yet to see a prompt from Avast telling me it found an “unprotected SSL connection”. Because Avast never installed the add-on to Outlook to interrogate e-mails from within, I had to go through this SSL Accounts setup where the Mail Shield intercepts e-mail traffic (as it would for other e-mail clients). Note that the setup works for getting my e-mail client to connect to my ISP’s e-mail servers. For my e-mail accounts at my ISP, I configured Outlook to not use SSL. That is, each account at my ISP defined in Outlook is using non-SSL connects. Avast is configured to intercept those non-SSL connects from Outlook and then it does the SSL connect to the server. Those accounts work. However, because I see no logging within Avast’s Mail Shield as to when it intercepting the e-mail connects and what was the status or logging of its connect to the server, I really cannot tell if Mail Shield is working at all. After all, my ISP will accept both non-SSL and SSL connections to their e-mail server. So it could be Outlook is connecting when using non-SSL to the server and Avast isn’t even involved. Just because I configure Outlook to use non-SSL connects and configure Avast to intercept those connects and then use SSL on its side to the server doesn’t mean it is really working that way. There’s no way for me to peer into the working of the Mail Shield to see (1) That a client connected via non-SSL to Mail Shield, and (2) That Avast followed with an SSL connection to the e-mail server. There’s no logging of its operations! This is one major reason why I’ll probably dump Avast’s Mail Shield. If there are problems then I can’t tell if it’s with the e-mail client, with its connect to Mail Shield, if there ever was a connection to Mail Shield, or if Mail Shield had problems connecting to and transfer with the server.
For the SSL accounts that work (where Outlook is configured for non-SSL connects and Avast is configured for those e-mail servers to have it use SSL), the reverse DNS lookups result in getting back the same hostname. That is:
pop.comcast.net = 68.87.26.158, 76.96.40.158 = pop3.westchester.pa.mail.comcast.net, pop3.emeryville.ca.mail.comcast.net
smtp.comcast.net = 76.96.40.155 = omta.emeryville.ca.mail.comcast.net
There is no change in domain although the hostname changes. However, for Gmail, I get:
pop.gmail.com = 74.125.133.108, 74.125.133.109 = ia-in-f108.1e100.net, ia-in-f109.1e100.net
So there is a change in hostname after doing a reverse DNS lookup. While the 1e100.net domain’s leasee is Google, it is a different domain than the original one (that would’ve spurred the DNS lookup to get an IP address), plus the DNS lookup results in more than one IP address. Maybe this is what causes Avast to fail when trying to get my e-mail client to connect to Gmail. That’s just a guess. Do YOU have Avast’s Mail Shield working with a Gmail account (which demands SSL connects)?
[Due to the 10K character limit in posts, the remainder of my response continues in the next post.]