# thunderbird and firewall

## brain salad surgery

Hi,

I am trying to set up thunderbird as my email client

at my new job.

The problem is that I think the firewall is specifically

blocking thunderbird (as I think that my account

and proxy settings are ok).  

Any way to avoid this ?

----------

## CoderMan

Firewalls don't block applications, they block ports. Double check your account/proxy settings and check with your sys-admin to make sure they are correct.

----------

## brain salad surgery

sometimes personal firewall can be configured to block internet access to specific softwares...

but anyways, they do block ports behind.

ok, then, probably thunderbird is not autodetecting the proxy correctly as

all connections are timed out.  firefox's autodetection does it right.

the proxy is configured via a network script, which is :

function FindProxyForURL(url,host){proxy="PROXY proxysg.hydro.qc.ca:8080";direct="DIRECT";if(isPlainHostName(host)){return direct;} ;var resolved_ip=dnsResolve(host);var ip_direct1=["131.195.0.0","255.255.0.0","10.0.0.0","255.0.0.0","172.16.0.0","255.240.0.0","192.168.0.0","255.255.0.0"];if(test_isInNet(resolved_ip,ip_direct1,ip_direct1["length"])){return direct;} ;var ip_proxie=["199.22.56.0","255.255.252.0","199.22.60.0","255.255.255.0"];if(test_isInNet(resolved_ip,ip_proxie,ip_proxie["length"])){return proxy;} ;var ip_direct2=["199.22.0.0","255.254.0.0","199.24.0.0","255.254.0.0","204.19.48.0","255.255.240.0","204.19.64.0","255.255.248.0","204.19.72.0","255.255.252.0","204.19.76.0","255.255.254.0","127.0.0.0","255.255.255.0"];if(test_isInNet(resolved_ip,ip_direct2,ip_direct2["length"])){return direct;} ;return proxy;} ;function test_isInNet(ip,arr,longueur){for(var i=0;i<longueur;i+=2){if(isInNet(ip,arr[i],arr[i+1])){return 1;} ;} ;} ;

then, what should I use as my proxy settings, when at job ?

Thanks...

----------

## brain salad surgery

also, could it have anything to do with Entrust corporate they use here ??

----------

## Rexilion

I think you should use:

proxysg.hydro.qc.ca:8080

as a proxy maybe?

Unless you specified the server as an ip that falls within one of the 'direct' blocks. Otherwise, specify no proxy and try the ip directly.

----------

## brain salad surgery

IP 10.7.14.54 answers to "ping proxysg.hydro.qc.ca"

and when I set this ip and port 8080 in the manual proxy section, it still does not work (connection timeout).

again, could they detect it's not outlook ?

as it to do with certificates like entrust ?

Thanks

----------

## brain salad surgery

how to determine what proxy I should use or that firefox (which has access to internet) uses ?

websites says I am using IP 199.22.57.2 

ipconfig says I am using the internal ip 10.4.133.201 (with gateway 10.4.133.1)

So according to the proxy script above, what should be my proxy setting ?

----------

## Rexilion

 *brain salad surgery wrote:*   

> again, could they detect it's not outlook ?
> 
> as it to do with certificates like entrust ?
> 
> Thanks

 

I highly doubt it, but it could be true. If it is the case, than perhaps changing the useragent will help?

http://kb.mozillazine.org/Resetting_your_useragent_string_to_its_compiled-in_default

I don't know what to change it TO since you don't provide much info about the Outlook (Office? Express? What version?) you use.

----------

## brain salad surgery

I can answer everything you need:

Microsoft Outlook 2003 

with Entrust/Express 7.0

----------

## Rexilion

While googling for your useragent I found this:

http://cio.energy.gov/Entrust7Outlook03.pdf

Looking at this, it seems that your client is configured to use a 'Security Extension'. I don't think you have that as a Mozilla Thunderbird plugin  :Mr. Green:  . I think that the extension authenticates with the proxy and then the proxy will allow you through (or not). I have found this:

http://forums.mozillazine.org/viewtopic.php?f=39&t=479792

Perhaps you can ask your local admin ask for some help?

----------

## brain salad surgery

This definitely has to do with entrust.

The proxy setting is ok and working, as thunderbird could communicate

with websites.

I need to import the entrust certificate in thunderbird.

Using entrust tools, I have exported .key and .p7c files.

Then what to do ?  I am not able to import the p7c file

because it only supports p12 files ... exportation of

p12 files in entrust is blocked.

Anyone knows how to help ?

----------

