iOs not sending or receiving

Hi,

I work for a public library system (4 total).  We have all traffic going through a Sophos UTM SG330 on version 9.700-5.  Our license is just for network and web protection.  

I received this from a staff member out in the public area...

A customer was unable to send email from an iPhone using Mail.app (configured for an iCloud account) while using LibraryMain. Disabling wifi and relying on the cell network allowed for the mail to be sent.

I have had this problem on our business network wifi with the same combination (iPhone + Mail.app + iCloud) for several months. I have to disable wifi so that I can check mail on the cell network. I then re-enable wifi. I'm not sure when this issue began for me, but I feel like it's been in the last few months. Will do a bit more digging on my iPhone to see if other clients are affected while I'm on library wifi.

We have two networks, business and public, and the issue is on both networks.  I tried adding a firewall rule that any traffic using any and all email ports and various other iCloud ports.  It did not work.  Then I thought I would simplify things and just have any traffic going from any to any just using port 993.  Still nothing is working.

I looked at the exception for Apple Update, and set it to skip everything.   Nothing seems to work.  I know just enough to get myself in trouble and I tend to not be able to see the forest for the trees.  (I am all self taught and had a terrible teacher).

I have been researching this off and on for several months, and feel like I am just going around in circles.

TIA,

Vicky

  • Which email protocol?

    Most likely, port 443 traffic is being blocked by webfilter, or you are using https inspection.

  • In reply to DouglasFoster:

     

    It is the iCloud mail.  It seems that others will work on the iPhone (like google mail, etc).  It is just the ative mail app.  From research I found this, but I have tried every configuration I can think of using this information.

    MAP information for the incoming mail server

    • Server name: imap.mail.me.com
    • SSL Required: Yes
      If you see an error message when using SSL, try using TLS instead.
    • Port: 993
    • Username: This is usually the name part of your iCloud email address (for example, emilyparker, not emilyparker@icloud.com). If your email client can't connect to iCloud using just the name part of your iCloud email address, try using the full address.
    • Password: 

    SMTP information for the outgoing mail server

    Which email protocol?

    Most likely, port 443 traffic is being blocked by webfilter, or you are using https inspection.

     
    • Server name: smtp.mail.me.com
    • SSL Required: Yes
      If you see an error message when using SSL, try using TLS or STARTTLS instead.
    • Port: 587
    • SMTP Authentication Required: Yes
    • Username: Your full iCloud email address (for example, emilyparker@icloud.com, not emilyparker)
    • Password: Use the password that you generated when you set up the incoming mail server.
  • Hi Vicky and welcome (back?) to the UTM Community!

    This is not a common problem, so I think we'll need to see what's happening in the logs when this occurs.  Check the Web Filtering, Firewall and Intrusion Prevention logs and show us any related lines.

    Cheers - Bob
    PS As a mod, I see the IP from which each post was made.  You're 160 miles north of here.  I was Heights High '68.

  • In reply to BAlfson:

    Web Filtering

    Firewall

    Intrusion Prevention

    2019:12:18-12:02:49 main snort[20384]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt" group="241" srcip="68.230.242.25" dstip="10.1.1.87" proto="17" srcport="53" dstport="59833" sid="19187" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

     

    I am not seeing anything on our end......but every user is unable to get through.

     

    p.s.  Not sure where my IP shows me, but I am in Arkansas.  

  • In reply to vmoss:

    That Web Filtering log indicates that everything is going through.  Please show us several raw loglines like you did for Intrusion Prevention.  All green and no red in the Firewall Live Log, so the traffic isn't being blocked there.  The Snort block appears to be a DNS response from a Cox name server, so that could be the issue.  You might want to adjust your DNS settings to conform to DNS best practice.

    Cheers - Bob
    PS IP2Location shows your IP in Wichita, KS.  I'm in OKC.

  • In reply to BAlfson:

    BAlfson

    That Web Filtering log indicates that everything is going through.  Please show us several raw loglines like you did for Intrusion Prevention.  All green and no red in the Firewall Live Log, so the traffic isn't being blocked there.  The Snort block appears to be a DNS response from a Cox name server, so that could be the issue.  You might want to adjust your DNS settings to conform to DNS best practice.

    Cheers - Bob
    PS IP2Location shows your IP in Wichita, KS.  I'm in OKC.

     

     

    Thanks Bob.  I am looking through the DNS best practice you sent.  I have made a couple of changes that I hope will help.  So far they have not created new problems.  Unfortunately I don't have an iPhone, so my testing is limited right now.  I am also going to be on vacation.  I will continue to research this is the new year.

     

    Vicky 

  • In reply to vmoss:

    Sorry for the delay.  I wanted to let you know that DNS was my problem. Thank you for responding.  Have a great year.

  • In reply to vmoss:

    Thanks, Vicky - I wish you a great year, too.

    Cheers - Bob
    PS IP2Location now shows your correct location.