Do NOT use new SSL email settings with Outlook Express if I use Avast anti-virus ????
glnzglnz
Contributor - Level 3

Is the following right?

If I use both Avast and Outlook Exoress, the Avast Mail Sield settings should be set per the new Verizon email - 995 and 465 and SSL, but the Outlook Express settings should go back to the prior 587 and 110 and NOT  SSL ??

Is that correct?

If that is correct, is it because Avast is communicating with the Vz email server and then passing the emails to and from my Outlook Express?  In other words, my Outlook Express is NOT communicating directly with the Vz email server?

Please explain, as I had complained in other forums about the lack of SSL between my Outlook Express and the Vz email server and was happy to get the new email suggesting the new SSL link.

Thanks.

0 Likes
Reply
1 Solution
Justin46
Legend

@glnz2 wrote:

Justin - Thanks for your rapid reply.  However, two related questions:

Is my Outlook Express still communicating UNencrypted with the Vz email server, or is the only connection an encrypted connection between Avast and Vz ?

If my PC is a laptop and I am using WiFi, can my emails be sniffed because OE is still using an UNencrypted link?


Sorry to be so long responding, have been out all day.

The answer to both questions is No.

I'm sorry, but I don't understand why you are asking this. I provided a link to the Avast Help page which I believe answers your questions. For completeness, here is the text from the Avast Help:

____________________________________________________

"SSL Accounts

On this screen you can enter details of how your Mail Clients communicate with the Mail Server, including, where encryption is required, the type of encryption that is used.

In order for mail to be scanned by the Mail Shield, it is necessary that encryption is turned off in your Mail Client.

If encryption is required, the information on this screen will then be used to establish a secure connection between the Mail Shield and the Mail Server. This will enable all incoming and outgoing mail to be scanned by the Mail Shield. Unencrypted connections do not need to be listed.

Outgoing Mail

The outgoing unencrypted email will first be scanned by the Mail Shield. If the type of encryption is specified on this page, a secure connection will be established and the mail will be sent encrypted to the Mail Server (if the type of encryption has been specified as "None", the mail will be sent unencrypted). If nothing is specified on this page for a particular mail account, the Mail Shield will check whether the Mail Server supports encryption. If it does, a new rule will be created automatically and the mail will be encrypted and sent to the Mail Server.

Incoming Mail

As the secure connection is established between the Mail Shield and the Mail Server, incoming mail can be unencrypted when it is received by the Mail Shield and scanned before it is delivered to the Mail Client.


If encryption is not turned off in the Mail Client, the Mail Shield will be unable to scan the content of either incoming or outgoing mail. This means that although the connection will be secure, the mail cannot be scanned by avast! and is therefore unprotected. In this case a warning message will be displayed (by default) informing you that a message has been received via an unprotected SSL connection.

If you do not want to receive this warning, uncheck the box at the bottom of page "Automatically detect and warn about unprotected SSL connection"."

____________________________________________________

I have highlighted what I think are the answers to your questions.

Keep in mind that your email client and the Mail Shield of Avast are both running in your computer, communicating with each other. So any communication between them is inside your computer, not on a wi-fi link or on the internet. Set up properly, all external email communication (outside your computer) will be encrypted.

I hope this clarifies things.

__________________________________
Justin
FiOS TV, 25/25 Internet, and Digital Voice user
QIP7232, QIP7100-P2, IMG 1.9
Keller, TX 76248

View solution in original post

0 Likes
Reply
11 Replies
Justin46
Legend

@glnz2 wrote:

Is the following right?

If I use both Avast and Outlook Exoress, the Avast Mail Sield settings should be set per the new Verizon email - 995 and 465 and SSL, but the Outlook Express settings should go back to the prior 587 and 110 and NOT  SSL ??

Is that correct?

If that is correct, is it because Avast is communicating with the Vz email server and then passing the emails to and from my Outlook Express?  In other words, my Outlook Express is NOT communicating directly with the Vz email server?

Please explain, as I had complained in other forums about the lack of SSL between my Outlook Express and the Vz email server and was happy to get the new email suggesting the new SSL link.

Thanks.


Basically yes.

If you will open the Avast User Interface, click on the Real Time Shields and then select the Mail Shield, click on SSL Accounts, and then go to the Help (? icon in lower right corner), you will find detailed information on how Avast handles SSL encryption for your email accounts.

__________________________________
Justin
FiOS TV, 25/25 Internet, and Digital Voice user
QIP7232, QIP7100-P2, IMG 1.9
Keller, TX 76248

glnzglnz
Contributor - Level 3

Justin - Thanks for your rapid reply.  However, two related questions:

Is my Outlook Express still communicating UNencrypted with the Vz email server, or is the only connection an encrypted connection between Avast and Vz ?

If my PC is a laptop and I am using WiFi, can my emails be sniffed because OE is still using an UNencrypted link?

0 Likes
Reply
tonygh
Enthusiast - Level 1

glnz2,

Thank you very much for asking this question. I am annoyed that Verizon sent instructions for reconfiguring my Windows Mail (I am using Vista) account for verizon.net in a way which would have cut AVAST out of the security loop entirely, and did not even mention that that was what following the instructions would do. When AVAST reported that those settings made it impossible for AVAST to scan incoming e-mail, I started mulling over how to accomplish exactly what you have figured out. Thanks for saving me the trouble of figuring it out for myself.

To any Verizon agent who is reading this: Surely you people know that users use other antivirus services for e-mail. It's nice that your company has decided to beef up the antivirus services it offers, but you should be a lot more clear about the implications of the changes you advise. Somewhere, there should be at least a mention that an alternative to your recommended settings is to continue using another antivirus program by changing port settings in that program instead of in the e-mail client.

tonygh

glnzglnz
Contributor - Level 3

DEAR KNOWLEDGEABLE PEOPLE:  I would like to have the answer to my questions.  If I follow Justin's and Avast's instructions, set Avast Mail Scan Expert Settibgs with your new ports and SSL but leave Outlook Express with the old ports and UNencrypted, ARE MY EMAILS ENCRYPTED OR NOT?

If that is the setup on my WiFi laptop and I'm using Outlook Express in a WiFi hot spot at an airport, CAN A BAD GUY SNIFF AND READ MY EMAILS OR ARE THEY ENCRYPTED?

Please answer this question.

0 Likes
Reply
ElizabethS
Moderator Emeritus

Hi glnz2

This is a peer to peer support forum. If you need assistance from Verizon, you need to contact them directly through one of the options on this page:


http://www.verizon.com/contactus

0 Likes
Reply
Justin46
Legend

@tonygh wrote:

glnz2,

Thank you very much for asking this question. I am annoyed that Verizon sent instructions for reconfiguring my Windows Mail (I am using Vista) account for verizon.net in a way which would have cut AVAST out of the security loop entirely, and did not even mention that that was what following the instructions would do. When AVAST reported that those settings made it impossible for AVAST to scan incoming e-mail, I started mulling over how to accomplish exactly what you have figured out. Thanks for saving me the trouble of figuring it out for myself.

To any Verizon agent who is reading this: Surely you people know that users use other antivirus services for e-mail. It's nice that your company has decided to beef up the antivirus services it offers, but you should be a lot more clear about the implications of the changes you advise. Somewhere, there should be at least a mention that an alternative to your recommended settings is to continue using another antivirus program by changing port settings in that program instead of in the e-mail client.

tonygh


While I understand your concern, I think you are greatly oversimplifying things. There are many anti-virus programs and many email clients, there is no way for Verizon to anticipate all combinations and test and document all of them, that is not their job. Instead, it is up to users to understand the tools they are using (as it should be). If you are an Avast user, you should have already known about the Avast functions available; that is your responsibility, not Verizon's.

Now I do think the Verizon email was poorly written, too vague, and no clear description of the what, why, and when. And the pages linked to should have included screen captures of the settings, such as I have provided for Outlook Express, Windows Live Mail, and Mozilla Thunderbird in threads here on the Forums (those are the email clients I have installed on my systems so I can easily document them). But I really think it is unreasonable to expect Verizon to document the effects of all of the various anti-virus programs on the use of SSL for email.

And I wish some users of Outlook would document their settings here, as well as users of some of other anti-virus programs that might have some effect on the use of SSL.

_____________________________

Justin
FiOS TV, 25/25 Internet, and Digital Voice user
QIP7232, QIP7100-P2, IMG 1.9
Keller, TX 76248

Justin46
Legend

@glnz2 wrote:

Justin - Thanks for your rapid reply.  However, two related questions:

Is my Outlook Express still communicating UNencrypted with the Vz email server, or is the only connection an encrypted connection between Avast and Vz ?

If my PC is a laptop and I am using WiFi, can my emails be sniffed because OE is still using an UNencrypted link?


Sorry to be so long responding, have been out all day.

The answer to both questions is No.

I'm sorry, but I don't understand why you are asking this. I provided a link to the Avast Help page which I believe answers your questions. For completeness, here is the text from the Avast Help:

____________________________________________________

"SSL Accounts

On this screen you can enter details of how your Mail Clients communicate with the Mail Server, including, where encryption is required, the type of encryption that is used.

In order for mail to be scanned by the Mail Shield, it is necessary that encryption is turned off in your Mail Client.

If encryption is required, the information on this screen will then be used to establish a secure connection between the Mail Shield and the Mail Server. This will enable all incoming and outgoing mail to be scanned by the Mail Shield. Unencrypted connections do not need to be listed.

Outgoing Mail

The outgoing unencrypted email will first be scanned by the Mail Shield. If the type of encryption is specified on this page, a secure connection will be established and the mail will be sent encrypted to the Mail Server (if the type of encryption has been specified as "None", the mail will be sent unencrypted). If nothing is specified on this page for a particular mail account, the Mail Shield will check whether the Mail Server supports encryption. If it does, a new rule will be created automatically and the mail will be encrypted and sent to the Mail Server.

Incoming Mail

As the secure connection is established between the Mail Shield and the Mail Server, incoming mail can be unencrypted when it is received by the Mail Shield and scanned before it is delivered to the Mail Client.


If encryption is not turned off in the Mail Client, the Mail Shield will be unable to scan the content of either incoming or outgoing mail. This means that although the connection will be secure, the mail cannot be scanned by avast! and is therefore unprotected. In this case a warning message will be displayed (by default) informing you that a message has been received via an unprotected SSL connection.

If you do not want to receive this warning, uncheck the box at the bottom of page "Automatically detect and warn about unprotected SSL connection"."

____________________________________________________

I have highlighted what I think are the answers to your questions.

Keep in mind that your email client and the Mail Shield of Avast are both running in your computer, communicating with each other. So any communication between them is inside your computer, not on a wi-fi link or on the internet. Set up properly, all external email communication (outside your computer) will be encrypted.

I hope this clarifies things.

__________________________________
Justin
FiOS TV, 25/25 Internet, and Digital Voice user
QIP7232, QIP7100-P2, IMG 1.9
Keller, TX 76248

0 Likes
Reply
glnzglnz
Contributor - Level 3

Thanks, Justin.  I have accepted your reply as the solution.  Much obliged!

FOLLOW-UP:  How can I test to confirm independently that in fact Avast is using only 995 465 and SSL?

(By the way, you might advise the Verizon folks who administer this forum that:

1)  It is impossible to sign in on this forum in Firefox - sign-in for this forum works only in IE.

2)  Many pages of this forum try to run scripts that even IE rejects.

3)  This forum is slow and unresponsive with each change of page.)

0 Likes
Reply
Justin46
Legend

@glnz2 wrote:

Thanks, Justin.  I have accepted your reply as the solution.  Much obliged!

FOLLOW-UP:  How can I test to confirm independently that in fact Avast is using only 995 465 and SSL?

(By the way, you might advise the Verizon folks who administer this forum that:

1)  It is impossible to sign in on this forum in Firefox - sign-in for this forum works only in IE.

2)  Many pages of this forum try to run scripts that even IE rejects.

3)  This forum is slow and unresponsive with each change of page.)


To verify that all communication between your PC and the Verizon email server is encrypted you would need some kind of traffic sniffer that would capture all of the packets sent and received and let you view them. There are tools available to do that if you want to pursue this. But I think that is unnecessary, the worst that can happen is that your traffic is unencrypted, which is what it was before you changed the settings. About the only reasonable thing I think you can do is go to the Avast page I referenced earlier and make sure that it shows that email to and from the Verizon email servers is using the 995 and 465 ports and SSL. Here is what my Avast display looks like:

image

As long as the Verizon servers are in the list with the right ports and SSL, I believe you are good. If you are still in doubt, maybe if you contact Avast they can give you more assurance or some tool that can verify that the traffic is actually encrypted.

Regarding your comments about accessing the forums:

1) I use Firefox exclusively to access all Verizon sites 100% of the time other than for testing something in another broswer, absolutely no problem logging in or doing anything else. What kind of error message do you get? Do you have any add-ons installed? If so I suggest you start Firefox without any add-ons and see if the problem goes away (Mozilla provides a Firefox startup without any add-ons). If the problem goes away, then you need to review your add-ons to see which is affecting your access to the Verizon forums. FWIW, I also occasionally use IE, Google Chrome, and Safari on this Windows PC to access Verizon websites, I can log in with all of them.

2) There are certainly lots of scripts that are run, no argument there. But they all run just fine on my system, under all of the browsers.

3) I agree fully, very slow. I have complained and complained for three years to the Administrators here about performance, unfortunately very little if anything ever gets done. And there is nothing the Administrators can really do but carry our complaints forward, this site is maintained and supported by a company called Lithium, you can see their link at the bottom right of every web page. However, I keep trying......

__________________________________
Justin
FiOS TV, 25/25 Internet, and Digital Voice user
QIP7232, QIP7100-P2, IMG 1.9
Keller, TX 76248

0 Likes
Reply
glnzglnz
Contributor - Level 3

Justin - you wrote

"1) I use Firefox exclusively to access all Verizon sites 100% of the time other than for testing something in another broswer, absolutely no problem logging in or doing anything else. What kind of error message do you get? Do you have any add-ons installed? If so I suggest you start Firefox without any add-ons and see if the problem goes away (Mozilla provides a Firefox startup without any add-ons). If the problem goes away, then you need to review your add-ons to see which is affecting your access to the Verizon forums. FWIW, I also occasionally use IE, Google Chrome, and Safari on this Windows PC to access Verizon websites, I can log in with all of them."

In Firefox, when I try to sign in, I enter my Verizon user name and password.  This is NEVER accepted and I am returned to the same page.  The Vz page tries to run some kind of script that Forefox rejects.  Just now, for the first time, I ran Firefox with no add-ins and I WAS able to sign in - which is how I am writing this comment.

My Firefox add-ins are only

NoScript - but all verizon domain names are approved

AdBlock - but I had turned it off separately and

Better Privacy - but that does nothing during a Firefox session; it wipes out Flash cookies only at the end of a session.

Any ideas?

0 Likes
Reply
Justin46
Legend

@glnz2 wrote:

Justin - you wrote

"1) I use Firefox exclusively to access all Verizon sites 100% of the time other than for testing something in another broswer, absolutely no problem logging in or doing anything else. What kind of error message do you get? Do you have any add-ons installed? If so I suggest you start Firefox without any add-ons and see if the problem goes away (Mozilla provides a Firefox startup without any add-ons). If the problem goes away, then you need to review your add-ons to see which is affecting your access to the Verizon forums. FWIW, I also occasionally use IE, Google Chrome, and Safari on this Windows PC to access Verizon websites, I can log in with all of them."

In Firefox, when I try to sign in, I enter my Verizon user name and password.  This is NEVER accepted and I am returned to the same page.  The Vz page tries to run some kind of script that Forefox rejects.  Just now, for the first time, I ran Firefox with no add-ins and I WAS able to sign in - which is how I am writing this comment.

My Firefox add-ins are only

NoScript - but all verizon domain names are approved

AdBlock - but I had turned it off separately and

Better Privacy - but that does nothing during a Firefox session; it wipes out Flash cookies only at the end of a session.

Any ideas?


Wow, so few Smiley Very Happy I have 24 active and a number I have disabled because I lost interest or got fed up.....

My guess would be NoScript. I have it installed but disabled, it just caused too many problems for me, it seems like every web page I want to visit uses scripts, and I got tired of fighting with NoScript. Verizon uses a lot of domain names, plus there are the Lithium-related ones that I am pretty sure also run scripts, so my guess is that somewhere you missed one (or more) domains.

Something called "AdBlock" or "Adblock Plus"? I use Adblock Plus, use it to block ads on lots of web pages,including Verizon's, has not caused me any problems, probably my favorite add-on - but then again, I use Colorful Tabs, Download Statusbar, Flashblock, HTTPS-Anywhere, Live IP Address, QuickPageZoom, selectivecookiedelete, ShowIP, Tab Mix Plus, and View Coolkies among others, so it is a little hard to choose Smiley Happy

I too use Better Privacy.

__________________________________
Justin
FiOS TV, 25/25 Internet, and Digital Voice user
QIP7232, QIP7100-P2, IMG 1.9
Keller, TX 76248

0 Likes
Reply