New user. I am trying to understand how the mail proxy ports are used in Avast 4.6 so that I can make correct rules in the firewall.
TCPview and Kerio don’t ever show any activity on these ports even with Outlook actively receiving and sending mails. I only see Outlook (2000) connecting to the ISP mail servers.
Are they used for connection to the mail server or is it just a cache type of setup, but if so, I’d think I’d see some loopback type of activity on 12025 and 12110 as well as some alerts from the firewall.
Avast is appending a bit of text to the messages, so there’s no question that Avast somehow handled the mails.
The generic mail scanner listens on ports 12025 etc., but avast uses special plugin for Outlook 2000, so Outlook connects directly to the mail servers.
avast 4.6, a typo I hope as 4.8.1368 is the latest version.
The local ports can’t be used to connect, they are for intercepting the normal email ports so that email can be scanned before being sent or before being saved into the inbox.
Allow ashMaiSv.exe internet access in Kerio. This is for standard pop3 email clients which use the Internet Mail provider, not MS Outlook, see below.
However, all that said, it amounts to nothing as your using MS Outlook 2000, the avast Outlook/Exchange is the avast provider used with MS Outlook and that loads a plug-in for Outlook, so it is essentially working inside Outlook.
I say that, but I don’t use MS Outlook, so I don’t know if Outlook 2000 uses the avast plug-in. If Outlook uses plug-ins (which is confirmed by vojtech), then check and ensure that it is enabled within Outlook.
Oh, yes, Avast 4.8.1368 it is. yes it was a typo, good catch.
I checked and see that Outlook has the avast plugin and is enabled, SSM also reports avast DLLs in Outlook properties when Outlook runs.
So, if I understand your two replies correctly, in Kerio (2.1.5) I should keep the local host listening rules even though I don’t ever see activity there?
And I am not sure if I really need to allow ashMaiSv.exe internet access since the plugin doesn’t look like it needs any connection. Or are you, DavidR, saying that it is for something called “standard pop3 client”, and Outlook is not one of them, right?
Today I did allow it internet access. The rule did not log. So I really don’t think I need any rules for the mail scanner.
If true, I love it, makes my life simple, since I don’t suppose I have to write “tunnel” blocking rules against those ports.
The connection for ashMaiSv.exe isn’t required for the MS Outlook plug-in to do its business as that is down to MS Outlook.
If the Internet Mail provider is enabled then that will be listening on the localhost redirects for any other connection on the email ports (other than MS Outlook). So in effect it will be idle unless you use a different email client or some spam bot with its own SMTP client tries to send out email.
So far from terminating the Internet Mail provider I would leave it enabled and even increase the Sensitivity to High, that way it can detect multiple emails in a time period (spam) being sent from your system. This could be the first indication of a hidden/undetected trojan spambot.
I don’t know if the not setting up anything for ashMaiSv.exe in the firewall would make any difference in the above points, e.g. not work in relation to intercepting outbound spam.
Got it. MS Outlook needs nothing, not even local host. I don’t have/use any other mail client.
Wouldn’t dream of shutting off internet mail provider, and it’s been on High since day1. I understand what you’re saying.
No. I even made a rule in Kerio to totally block those ports and ashMaiSv.exe blocked from roaming the internet. Makes no difference. So it’s clearly, totally within Outlook.
Thanks for clarifying, and if you think I got some thinking wrong in here, please let me know.