Windows defender firewall IP blocking is not working in version 5.7

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
ehii
New user
New user
Posts: 6
Joined: 2020-10-10 04:21

Windows defender firewall IP blocking is not working in version 5.7

Post by ehii » 2020-10-10 04:43

Hello everyone :D

I used hmailserver 5.6.8 on windows server 2019
and recently upgraded 5.7(GitHub Actions).

All settings are the same between 5.6.8 and 5.7.

In 5.6.7 and 5.6.8, windows defender firewall IP blocking is working well,
but 5.7 is not.

Does anyone have the same problem as me?
What am I missing? :(

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by mattg » 2020-10-10 10:40

What script are you using for Defender Firewall IP blocking?

(This really should be in ALPHA discussions)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

ehii
New user
New user
Posts: 6
Joined: 2020-10-10 04:21

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by ehii » 2020-10-10 11:09

I have no hmailserver script. I input some remote IP manually.
Other programs such as IIS work well, but hmailserver does not.

(Oh! I'm sorry about posting wrong place.)

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by palinka » 2020-10-10 16:06

Hmailserver does not do firewall blocking. What do you think was happening with 5.6?

ehii
New user
New user
Posts: 6
Joined: 2020-10-10 04:21

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by ehii » 2020-10-11 06:15

I now realize that it happens on Windows server 2019.

1) windows defender firewall IP blocking(all programs, any protocol, all ports) on windows server 2019 - 110.70.47.142(test ip)

hmailserver 5.6.8 --> 110.70.47.142 cannot access the hmailserver

hmailserver 5.7 --> 110.70.47.142 can(!) access the hmailserver :!:

2) windows defender firewall IP blocking on windows 10 - 110.70.47.142(test ip)

hmailserver 5.6.8 --> 110.70.47.142 cannot access the hmailserver

hmailserver 5.7 --> 110.70.47.142 cannot access the hmailserver

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by mattg » 2020-10-11 08:38

yes, windows default firewall on ALL windows systems by default blocks incoming connection to hMailserver

You shouldn't add exceptions for the program
you SHOULD only add exceptions for the ports that you will use, ie some of 25,110, 143, 485, 587, 993 and 995 in a typical install
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

ehii
New user
New user
Posts: 6
Joined: 2020-10-10 04:21

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by ehii » 2020-10-11 11:38

Image

Image

Thank you for replies.

But I don't understand why the IP which I blocked can access my hmailserver. (screenshot)
Is the firewall setting wrong? If then, why these setting works well on windows 10 or hamilserver 5.6.8?
On windows 10 or hamilserver 5.6.8, the IP which I blocked cannot access my hmailserver. So the IP never logged.

Also I try blocking test IP for 25,465,587,993 ports, but it can access.

User avatar
johang
Senior user
Senior user
Posts: 348
Joined: 2008-09-01 09:20

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by johang » 2020-10-11 19:24

ehii wrote:
2020-10-11 11:38
Image

Image

Thank you for replies.

But I don't understand why the IP which I blocked can access my hmailserver. (screenshot)
Is the firewall setting wrong? If then, why these setting works well on windows 10 or hamilserver 5.6.8?
On windows 10 or hamilserver 5.6.8, the IP which I blocked cannot access my hmailserver. So the IP never logged.

Also I try blocking test IP for 25,465,587,993 ports, but it can access.
can you reach the ftp as well from 175.223.45.9 ?
___________________________________________________________end of the line

ehii
New user
New user
Posts: 6
Joined: 2020-10-10 04:21

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by ehii » 2020-10-11 20:12

johang wrote:
2020-10-11 19:24
can you reach the ftp as well from 175.223.45.9 ?
No, 175.223.45.9 cannot access iis webserver, ftp, etc.
But it can access only the hmailserver.

User avatar
johang
Senior user
Senior user
Posts: 348
Joined: 2008-09-01 09:20

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by johang » 2020-10-11 20:40

ehii wrote:
2020-10-11 20:12
johang wrote:
2020-10-11 19:24
can you reach the ftp as well from 175.223.45.9 ?
No, 175.223.45.9 cannot access iis webserver, ftp, etc.
But it can access only the hmailserver.
very strange
but you are sure there is not other rules that apply as well to this case? like you added special rule to:
c:\Program Files (x86)\hMailServer\Bin\hmailserver.exe .. and something else to
c:\Program Files \hMailServer\Bin\hmailserver.exe
and they are in separate dir ? or something similar ..
___________________________________________________________end of the line

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by mattg » 2020-10-11 23:40

ehii wrote:
2020-10-11 11:38
But I don't understand why the IP which I blocked can access my hmailserver. (screenshot)
Because you have allowed the hMailserver PROGRAM through your firewall

Block PORTS not programs
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

ehii
New user
New user
Posts: 6
Joined: 2020-10-10 04:21

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by ehii » 2020-10-12 05:43

mattg wrote:
2020-10-11 23:40
Because you have allowed the hMailserver PROGRAM through your firewall

Block PORTS not programs
Image

Is this right your suggestion?
If right, I already did it. But same result.
ehii wrote:
2020-10-11 11:38
Also I try blocking test IP for 25,465,587,993 ports, but it can access.
There are not other rules, only two custom rules in above screenshot.

User avatar
johang
Senior user
Senior user
Posts: 348
Joined: 2008-09-01 09:20

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by johang » 2020-10-12 10:54

sometimes it is really hard to figure out why a microsoft software does the thing it does ...
And since it is not clear to me how microsofts firewall prioritizes.. ( because it does not go flow as for instance iptables .. as from what i have understood )
personally i have an IP BLOCK LIST in my Windows Defender Firewall
firewall-ask.jpg
i put all non wanted IPs in that list...
___________________________________________________________end of the line

User avatar
jim.bus
Senior user
Senior user
Posts: 521
Joined: 2011-05-28 11:49
Location: US

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by jim.bus » 2020-10-12 11:21

The reason the Windows Defender Inbound Rule for hmailserver_test is not blocking the IP Address 175.223.21.196 is because the Rule is not ENABLED. It needs to have a Green Check Mark next to the Rule Name on the left which indicates the Rule has been Enabled. Your Inbound Rule does not have the Green Check Mark so no IP Blocking is done.

User avatar
johang
Senior user
Senior user
Posts: 348
Joined: 2008-09-01 09:20

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by johang » 2020-10-12 11:25

jim.bus wrote:
2020-10-12 11:21
The reason the Windows Defender Inbound Rule for hmailserver_test is not blocking the IP Address 175.223.21.196 is because the Rule is not ENABLED. It needs to have a Green Check Mark next to the Rule Name on the left which indicates the Rule has been Enabled. Your Inbound Rule does not have the Green Check Mark so no IP Blocking is done.
the "red ring" to the left is a graphical view for "action=BLOCK" ( the "green check mark is a graphical view for "Action= Allow" )
the 4th coulmn is enabled= yes/no
___________________________________________________________end of the line

User avatar
jim.bus
Senior user
Senior user
Posts: 521
Joined: 2011-05-28 11:49
Location: US

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by jim.bus » 2020-10-12 11:59

Sorry about the Green Check Mark but a Tutorial I read said that. I haven't used Windows Defender Firewall in years.

However, I don't believe he has told us how his hmailserver_test program is attempting to connect. I see in his earlier screen prints his hmailserver_test blocks 'any' Protocols and then his last Screen Print shows his hmailserver_test rule blocks only the one IP Address when it uses 'TCP' protocols. If his hmailserver_test program attempting to connect actually uses 'UDP' Protocols then the hmailserver_test Rule wouldn't block the IP Address attempting to connect. Don't know if this is the situation but there is this difference from what he showed earlier.

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by mattg » 2020-10-12 16:13

See 'rules store' here >> https://docs.microsoft.com/en-us/previo ... dfrom=MSDN

Rules are run from the top down
the Hmailserver rule take precedence to the block single IP rule

(In saying that, when I create a test block IP rule, with all ports, all programs, just a single IP address - it is auto listed at the top)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by palinka » 2020-10-12 17:19

mattg wrote:
2020-10-12 16:13
See 'rules store' here >> https://docs.microsoft.com/en-us/previo ... dfrom=MSDN

Rules are run from the top down
the Hmailserver rule take precedence to the block single IP rule

(In saying that, when I create a test block IP rule, with all ports, all programs, just a single IP address - it is auto listed at the top)
Screenshot 2020-10-12 111721.png
Ban those suckers programmatically! :D

User avatar
johang
Senior user
Senior user
Posts: 348
Joined: 2008-09-01 09:20

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by johang » 2020-10-12 17:52

mattg wrote:
2020-10-12 16:13
See 'rules store' here >> https://docs.microsoft.com/en-us/previo ... dfrom=MSDN

Rules are run from the top down
the Hmailserver rule take precedence to the block single IP rule

(In saying that, when I create a test block IP rule, with all ports, all programs, just a single IP address - it is auto listed at the top)
ehh ( i didnt read the entire microsoft link, so perhaps thats why i dont understand ) sooo.. :shock:
if i do a sorting on first column by name ... it will run the rules in alfabetic order ? ( how do i know which one is added latest )
___________________________________________________________end of the line

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by mattg » 2020-10-12 23:43

Rules Store

A rules store contains the list of rules used by a firewall to determine whether unsolicited incoming traffic is allowed or blocked. A typical rules store is created around the notion of “implicit deny,” which means that all unsolicited incoming traffic is blocked (denied) unless there is an explicit rule allowing the traffic through the firewall. Furthermore, a typical rules store is processed sequentially from top to bottom: that is, the firewall compares the characteristics of unsolicited incoming traffic against each rule, one at a time, until a rule is found that allows the traffic (in which case, the traffic passes through the firewall) or the end of the rules list is reached (in which case, the traffic is blocked). Creating and maintaining this type of rules store can be difficult because the order of the rules is important and it is relatively easy to create a rule that inadvertently allows all traffic through the firewall.

Windows Firewall uses the notion of implicit deny, but it does not use a strictly sequential or ordered rules store. When you turn on Windows Firewall in its default configuration, all unsolicited incoming TCP and UDP traffic is blocked. In other words, you must create explicit rules to allow unsolicited incoming traffic to pass through Windows Firewall. However, you do not need to create the rules in any particular order because the rules are not processed sequentially.
I think this is about 'rules stores' not necessarily the same as display.

Add a new block rule. Where does it go?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
johang
Senior user
Senior user
Posts: 348
Joined: 2008-09-01 09:20

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by johang » 2020-10-13 08:10

mattg wrote:
2020-10-12 23:43
Rules Store

A rules store contains the list of rules used by a firewall to determine whether unsolicited incoming traffic is allowed or blocked. A typical rules store is created around the notion of “implicit deny,” which means that all unsolicited incoming traffic is blocked (denied) unless there is an explicit rule allowing the traffic through the firewall. Furthermore, a typical rules store is processed sequentially from top to bottom: that is, the firewall compares the characteristics of unsolicited incoming traffic against each rule, one at a time, until a rule is found that allows the traffic (in which case, the traffic passes through the firewall) or the end of the rules list is reached (in which case, the traffic is blocked). Creating and maintaining this type of rules store can be difficult because the order of the rules is important and it is relatively easy to create a rule that inadvertently allows all traffic through the firewall.

Windows Firewall uses the notion of implicit deny, but it does not use a strictly sequential or ordered rules store. When you turn on Windows Firewall in its default configuration, all unsolicited incoming TCP and UDP traffic is blocked. In other words, you must create explicit rules to allow unsolicited incoming traffic to pass through Windows Firewall. However, you do not need to create the rules in any particular order because the rules are not processed sequentially.
I think this is about 'rules stores' not necessarily the same as display.

Add a new block rule. Where does it go?


yes.. where does it go.. and read the text ( that i also marked red above ):
"However, you do not need to create the rules in any particular order because the rules are not processed sequentially"
eeeeeeehh ??? .. so not processed sequentially .. ok - got it..

so the OP put in a "block" firewall rule that will be blanked out by his "allow" rule, because windows defender Firewall is built around “implicit deny,” all is good.. now we think we understand.. ( but i can assure you my "IP block list" rule works, but according to above it shouldnt,, cause i also have a rule saying to allow SMTP traffic.. but my IP Block list rule does its job.. just saying :D :D :D )

sometimes for me.. . this is not entirely clear
___________________________________________________________end of the line

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Windows defender firewall IP blocking is not working in version 5.7

Post by palinka » 2020-10-13 12:49

Maybe the OP should simply delete the block rule, then recreate it.

I just had a look at my rules list. My firewall ban project adds rules many times a day, then consolidates the previous day's rules, then at the bribing of the month consolidates the previous month's rules. So they're constantly being added, deleted, modified.

Anyway, as they appear when you first open the console, the sort order is alphabetical, but split into two levels: user created rules alphabetically at the top and windows default rules at the bottom. User created rules are sorted alphabetically by rule name no matter when the rule was created.

I don't know if this is pertinent to anything. Just an observation.

Post Reply