Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 10633 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AOL Desktop Mail (SMTP)

samdu
How would I go about configuring the firewall to allow a user to send and receive AOL mail (yeah, I know...) without causing issues with the internal mail server? He's getting this message:

"cannot connect to SMTP Host" "Error ML0024"

From AOL.


This thread was automatically locked due to age.
  • 0
    News to me that you can send and receive AOL mail through anything other than their America Online application or webmail.
  • 0 in reply to jjohnston62

    Indeed it does, my wife uses Thunderbird to access it and also on her phone.

    Last week I setup Sophos UTM on a R210 to play around with as I've been looking for something more robust (and keep my wife from checking out malware emails)

    Today she tried to send an email and smtp.aol.com was unreachable, so I sent a test SMTP email from one of my other accounts and it worked fine.

    If I tracert it, it stops at the UTM, if I tracert it from the tools menu, it finds the endpoint.

     

    Tracing route to smtp-cs.egslb.aol.com [64.12.88.165]
    over a maximum of 30 hops:

    1 <1 ms <1 ms <1 ms utm [10.1.1.1]
    2 * * * Request timed out.
    3 * * * Request timed out.
    4 * * * Request timed out.
    5 * * * Request timed out.
    6 * * * Request timed out.

    traceroute to smtp.aol.com (64.12.88.165), 30 hops max, 40 byte packets using UDP

    1 *-*-*-*.uvs.bcvloh.sbcglobal.net (*.*.*.*) 0.803 ms 0.639 ms 0.624 ms

    2 162-199-176-1.lightspeed.bcvloh.sbcglobal.net (162.199.176.1) 30.876 ms 29.946 ms 29.196 ms

    3 71.151.85.112 (71.151.85.112) 20.113 ms 19.266 ms 18.920 ms

    4 75.25.192.90 (75.25.192.90) 19.417 ms 18.713 ms 18.450 ms

    5 75.25.192.153 (75.25.192.153) 19.365 ms 18.984 ms 19.132 ms

    6 75.25.192.99 (75.25.192.99) 19.951 ms 21.742 ms 19.477 ms

    7 12.83.69.5 (12.83.69.5) 21.670 ms 12.83.69.29 (12.83.69.29) 23.136 ms 12.83.69.5 (12.83.69.5) 19.624 ms

    8 cgr1.cgcil.ip.att.net (12.122.132.157) 29.295 ms 28.414 ms 30.402 ms

    9 bb2-chi-xe-5-2-0.atdn.net (66.185.136.109) 27.400 ms 27.378 ms 27.162 ms

    10 bb1-vie-xe-0-2-1.atdn.net (66.185.152.217) 41.370 ms 41.308 ms 40.906 ms

    11 dar1-mtc-ae2.atdn.net (66.185.152.88) 41.045 ms 40.547 ms 40.784 ms

    12 gear1-mtc-po1.net.aol.com (66.185.144.58) 41.996 ms 41.564 ms 41.617 ms

    13 edge4-mtc-ae0.net.aol.com (149.174.48.226) 40.784 ms edge3-mtc-ae0.net.aol.com (149.174.48.10) 41.083

     

    According to the firewall log, it is being dropped by rule "60002"

    2016:11:20-19:36:48 utm ulogd[4848]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="00:00:00:00:00:00" dstmac="00:26:b9:7e:79:45" srcip="10.1.1.10" dstip="64.12.91.197" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="61905" dstport="587" tcpflags="SYN"

    I added a outbound rule to no effect, I also tried some other suggestions involving similar problems, but no luck.

    Powered up my old router, and email went out without a hitch, since I'm very green with Sophos, I'm asking here.

    Regards,

    Steven

  • 0 in reply to Steven Arness

    Hi, Steven, and welcome to the UTM Community!

    If you are using Email Protection, how is your setup different from Basic Exchange setup with SMTP Proxy?

    If you aren't, please insert a picture of the outbound rule open in Edit with the source object also open in Edit with 'Advanced' showing.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    I haven't set up any scanning or filtering of SMTP email, only my POP so far, been a little busy.

    I have been able to send email out from my other SMTP accounts without an issue, it's only my wife that still uses AOL, I don't have any internal email servers.

    The endopoint is unpingable, but I can tracert it from my phone over GSM, but not over WIFI through the UTM.

    Steven

  • 0 in reply to Steven Arness

    I tried to traceroute to it from a UTM in the Amazon cloud and from centralops.net. In both cases, the trace dies inside the AOL network before it reaches the IP.  Look on the 'ICMP' tab of 'Firewall' to see how to change the behavior you're seeing.

    60002 is a default drop out of the OUTPUT chain.  For some reason, your rule isn't seeing the port 587 packets.  Does it work if you change the Traffic Selector to 'Any -> AOL SMTP -> Any'?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Heya Bob,

    I changed the ICMP settings and I can now tracert to smtp.aol.com from my internal network, haven't looked into all the settings.

    I didn't see an 'Any' option for the internal network, 'Internal (Network)' I thought would cover it.

    Still can't send email, server unreachable.

    Tech support is going to give me a call tommorow on this.

     

    Steven

  • 0 in reply to Steven Arness

    Well of course it started working before tech support called, not sure why, turned the rule off and it failed, turned it on and it worked, go figure.

    Tech support called, went through the settings, said everything looked fine and not sure why it didn't work earlier.

    Give me some wires, I can tell you that there broken!

    Steven

Unfiltered HTML