I’m wondering if there is a way to totally disable the avast listening of port 25 (smtp) because I have disabled all options in the SMTP tab but avast still listen the port 25 so I can’t launch my local smtp server …
I don’t know if it is possible to totally disable the listening on your smtp port (25) short of totally disabling protection for smtp (if you have more than one smtp account, they would ALL be disabled).
There may be something else here that you need to do, reset your email account smtp settings (for your local smtp server), back to what they were prior the Email Protection setup by avast. See http://forum.avast.com/index.php?board=2;action=display;threadid=4501 which mentions Step two: modifying the account properties in your mail program. It would be possible for you to reverse these steps.
However, I believe it should be possible to configure the settings to be able to protect your local smtp. It would need someone more knowledgable than I to explain if this is possible.
As a matter of interest, something I have noticed is that avast also listens on pop3 port (110) and imap port (143). I noticed this when I did a ShieldsUp check (grc.com) on my firewall (Outpost), it shows these ports as closed, whilst the remaining ports show as stealth.
HTH - David
One from me?
I would like to know why it is necessary to listen permenantly to these ports (giving an indication to port scanners that there is a computer present on that IP, so lets take a closer look). Surely it is only necessary to monitor/listen to the port when the email program initiates the connection (I am on dial-up connection).
You need to edit avast4.ini file to disable SMTP listening. Insert this line under [MailScanner]:
StartSmtp=0
The mail scanner is listening permanently because it doesn’t know when the mail program begins to download mail.
I think the firewall should be able to “stealth” these ports too.
I added the following lines to my avast4.ini [MailScanner] StartSmtp=1 StartPop=1 StartImap=0 and checked the ShieldsUp site again and as expected it didn’t show the Imap port closed as before, which is one down two to go.
Unfortunately if the other two are set to =0, you can’t send or receive email (protected by Avast Internet mail), but the ports are in “Stealth” mode, shame about not being able to send or receive email.
I had a thought about adding the lines below in the hope that this my have them listening locally and not effest the “stealth” of the external ‘Inbound’ ports.
PopListen=127.0.0.1:110
SmtpListen=127.0.0.1:25
ImapListen 127.0.0.1:143
This exercise failed miserably, no “stealth” on these ports, I have obviously misunderstood the purpose of this localizing 127.0.0.1 of the Listening ports.
Every firewall must be capable of stealthing such listened ports.
The only one (or in fact two) which failed our tests were Kerio Firewall and in some cases Outpost firewall 1.0. All other firewalls can easily hide these ports. Most probably you are using Kerio right? I recommend that you get yourself some other (better) firewall like Sygate 5.5 (there is also a free version).
This is the default setting, adding these lines does not change the default behavior. The purpose of specifying an address for listening is the possibility to optionally “open” the ports. The mail scanner does not offer the “stealth” mode because this functionality is not supported by Winsock at the application level, which is the level of the mail scanner. I think it should be no problem for a firewall.
I’m using Outpost 1.0.1817 (see sig), I tried Sygate’s free version not long ago (not sure which version#).
I uninstalled Outpost, rebooted, installed Sygate Personal Firewall (SPF) and rebooted, BAM, no boot total shut out. Got back in with Rescue Disk of PQ’s Drive Image 2002 and restored the dirve image pre SPF. That didn’t fill me full of confidence in Sygate.
@ CharleyO
I used ZoneAlarm (free) and didn’t like it, it’s great for the novice user, easy interface, limited functionality and worst it fails the grc.com’s Leak Test on outbound connections.
If I remember rightly it also couldn’t “stealth” ports 25 and 110 when I used Benign’s email protection program (that was the reason I uninstalled B9) and looked elsewhere for another firewall.
I think it has three or more processes running at startup (too many resources for what it does).
Edit - This was some time ago and things could have changed in the current version.
@ vojtech
Thanks for that, for me ignorance used to be bliss, now I know better, I can remove the defaults options I placed in avast4.ini.
I guess my Firewall is one of those that can’t “stealth” the listening ports, looks like my hunt for a good configurable Firewall goes on.
If I understand right the “Trust” line will prevent all other IPs from using the avast! mail server (avast team: does this mean that as standard others can use avast! to relay mail if they know my IP adress and I have a flaky firewall !!?!??!)
@ CharleyO
I used ZoneAlarm (free) and didn’t like it, it’s great for the novice user, easy interface, limited functionality and worst it fails the grc.com’s Leak Test on outbound connections.
I just ran shields up and leak detector on my zonealarm firewall. Once again it passed with flying colors. Zonealarm is the only firewall that passed the original leak tester. Maybe you didn’t have something set correctly.
If you use the default listen settings, only connections from 127.0.0.1 are accepted, so setting Trust=127.0.0.1 provides no additional security. Setting the Trust is meaningful if you “open” the port (with PopListen=:110).
If you are going to quote, please read all the text, I realised that it had been some time since my experience, so I added the comment below. I said it had limited functionality, basically you couldn’t change much so any settings that could enhance protection I would have set.
[b]Edit [/b] - This was some time ago and things could have changed in the current version.
We are obviously talking about different versions which is pointless, other than to say the latest version? does provide stealth on the listening ports.
This was my comment in reply to @ CharleyO, however from your post it looks like @ CharleyO made the comment.
To quote the post you are going to comment on, click on the ‘Quote’ Icon on the top right corner of post in question. This opens the Post window and copies the whole post and contains it within the shaded box and refers to the person who posted it. If you don’t want to quote the complete post, you can delete the bits you don’t want.
If you want to cut and paste text from the post and comment on it, click on the ‘Quote’ Icon in the add post window you will see the quote and /quote each contained within square brackets, position the mouse cursor between the pairs and paste your text.
I had a quick look but couldn’t find a detailed Forum Guide, but if you click on the ‘?Help’ Icon at the top of the page, next to the Home icon, there is some general useful stuff.