How to trace NYX warnings back to VMs?

My NYX gives the warning shown below from time to time.

"[WARN] Application request to port 143: this port is commonly used for unencrypted protocols. Please make sure you don't send anything you would mind the rest of the Internet reading!"

I suspect it is my “Brave VM”. However, what would be the best way to trace the VM/program back?

You havent said where you are running Nyx.
TCP 143 is for clear text IMAP.

The simplest route might be to put in a logging rule in the netvm for
You would want something like:
iptables -I FORWARD -p tcp --dport 143 -j LOG --log-prefix "143 access "
or equivalent.


I know. I don’t use email at my PC.

I cant help with Whonix.
My suggestions about using counters and custom rules stands.
If your qubes attach directly to the gateway, then put rules there.
If there is an intermediate firewall (be *very aware of the risks in
doing this), then put the rules there.

You can put in an intermediate qube loaded with wireshark of
course, but frankly that’s overkill in this sort of situation.

Okay. Thanks. I will try it.
However, these warnings aren’t known bugs of QubesOS, right?