Connect to your server should't require NEW packet incoming

Suggestions for changes/features
blitzter47
It begins with a single step
Posts: 1
Joined: Fri Jul 08, 2016 3:49 am

Connect to your server should't require NEW packet incoming

Fri Jul 08, 2016 4:18 am

Hello,
This week, I tried using MailWasher Enterprise Server for Ubuntu/Linux and I noticed I must set iptables to allow "new" incoming packet connection on port 4051 in order to get the system check of MailWasher passed to OK for connecting to FirstAlert server. Simply put, I needed to set the following command to iptables :

Code: Select all

iptables -A INPUT -p tcp --sport 4051  -m state --state ESTABLISHED,NEW -j ACCEPT
so MailWasher can finally establish connection to FirstAlert server.

In my opinion, MailWasher requiring to open incoming port (eg. 4051) to "new" packet connection in iptables means to create deliberately a vulnerability to the system. :nono This looks like a security flaw and a software design flaw. Well-known browsers, FTP clients, SSH clients, etc. don't require to open ports in such way in order to work.

Hope the developers will make the corrections soon.
User avatar
nick.bolton
The Big Cheese
Posts: 2468
Joined: Thu Aug 28, 2008 4:02 pm

Re: Connect to your server should't require NEW packet incoming

Fri Jul 08, 2016 3:44 pm

Why do you think this is a vulnerability? It's outgoing and FirstAlert uses its own protocol. We'll update our docs to say 4051 is outgoing.

Return to “Suggestions”