Gmail/Thunderbird Firewall Problem

[Qubes Fan]

I set up a VM which only does one thing: uses Thunderbird to access a Gmail account.

Therefore, I set the firewall rules to deny network access except pop.googlemail.com and smtp.googlemail.com.

Now, when I first apply the firewall rule, I can download new mail. But if I then shut down the VM and start it back up again, I can no longer download new mail *unless* I remove the pop.googlemail.com firewall rule and then re-add it. I am guessing that this is because the DNS resolution occurs at the moment of applying the firewall rule. Is there any known workaround for this (short of simply allowing all network access)?

[Qubes Fan]

One more thing: I am planning on making a new email account soon. Which email providers are people using that they can confirm do NOT exhibit this problem (i.e., they work fine even if your Qubes firewall allows only POP and SMTP to/from the VM they live in)?

[Qubes Fan]

On Tuesday, July 16, 2013 7:29:49 AM UTC-7, Qubes Fan wrote:

I think I found the answer here: http://askubuntu.com/questions/146163/how-do-i-allow-all-possible-ips-for-gmail-servers-through-my-ufw-firewall

Seems to be working so far. I hope this helps somebody!

[Qubes Fan]

Update: It turns out that this method is actually not reliable.

[Qubes Fan]

Since whitelist CIDRs wasn't working, I tried just whitelisting ' * ' with protocol TCP and service smtp (same with pop3s). Strangely enough, even this was not enough to allow me to send out an email (even with a non-Google smtp server!). So I've had to resort to just allowing all network access. The same thing has been happening in non-email (i.e. browser) VMs as well.

[Joanna Rutkowska]

I guess you should contact Gmail (or whatever) and ask them how to
configure your f/w to allow access to their services.

As an alternative see this thread:

https://groups.google.com/forum/#!topic/qubes-devel/UlK8P27UtD4

j.