ME020503 - PRB: The Windows Firewall has detected an application listening for incoming traffic.


SYMPTOMS

The Windows event log viewer for the "Security" events may display the following "Failure Audits":

The Windows Firewall has detected an application listening for incoming traffic.
 
Name: -
Path: c:\program files\Mail Enable\bin\MESMTPC.exe
Process identifier: 3796
User account: IME_SYSTEM 
User domain: (example: domain.com)
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 1075
Allowed: No
User notified: No

NOTE: The user account for the "Failure audit" can also be logged as the windows "localsystem" account if MailEnable is not locked down. EG: the account that you are logged into the server as.

More inormation in regards to MailEnable lockdown can be found within the following link: http://www.mailenable.com/security/lockdown.asp

NOTE: port number may vary

CAUSE

The security failure audits displayed within the Windows event log viewer are SMTP queries that the service is performing for DNS resolution when using SMTP "Reverse DNS blacklisting". The failure audits are being logged because of a local server auditing policy that has been enabled within the local security settings. The failure audits can be ignored, as this is normal behaviour for the SMTP service when performing DNS queries.

RESOLUTION

In order to reduce the size of the security event log it is suggested to disable the following local security settings.

  • Click "Start", click "Control Panel" and then click "Administrative Tools".

  • In "Administrative Tools" window, double-click "Local Security Policy" shortcut.

  • In the console tree of the "Local Security Settings" snap-in, click "Local Policies", and then click "Audit Policy".

  • In the details pane of the "Local Security Settings" snap-in, double-click "Audit policy change". Untick "Failure", and then click OK.

  • In the details pane of the "Local Security Settings" snap-in, double-click "Audit process tracking". Untick "Failure", and then click OK.

  • Close the "Local Security Settings" snap-in.

MORE INFORMATION

Troubleshooting Windows Firewall in Microsoft Windows XP Service Pack 2: http://technet.microsoft.com/en-us/library/bb457029.aspx



Product:MailEnable (All Versions)
Category:Environment
Module:SMTP
Keywords:Windows firewall port listening TCP UDP
Class:PRB: Product Problem or Issue
Revised:Wednesday, May 4, 2016
Author:
Publisher:MailEnable