Connect to your server should't require NEW packet incoming
Posted: Fri Jul 08, 2016 4:18 am
Hello,
This week, I tried using MailWasher Enterprise Server for Ubuntu/Linux and I noticed I must set iptables to allow "new" incoming packet connection on port 4051 in order to get the system check of MailWasher passed to OK for connecting to FirstAlert server. Simply put, I needed to set the following command to iptables : so MailWasher can finally establish connection to FirstAlert server.
In my opinion, MailWasher requiring to open incoming port (eg. 4051) to "new" packet connection in iptables means to create deliberately a vulnerability to the system.
This looks like a security flaw and a software design flaw. Well-known browsers, FTP clients, SSH clients, etc. don't require to open ports in such way in order to work.
Hope the developers will make the corrections soon.
This week, I tried using MailWasher Enterprise Server for Ubuntu/Linux and I noticed I must set iptables to allow "new" incoming packet connection on port 4051 in order to get the system check of MailWasher passed to OK for connecting to FirstAlert server. Simply put, I needed to set the following command to iptables :
Code: Select all
iptables -A INPUT -p tcp --sport 4051 -m state --state ESTABLISHED,NEW -j ACCEPTIn my opinion, MailWasher requiring to open incoming port (eg. 4051) to "new" packet connection in iptables means to create deliberately a vulnerability to the system.
This looks like a security flaw and a software design flaw. Well-known browsers, FTP clients, SSH clients, etc. don't require to open ports in such way in order to work.Hope the developers will make the corrections soon.