iptables to allow mail users to get mail externally

Hi experts,
I'm using Red Hat 9, iptables and sendmail.
I have my mail server functional and firewall allowing all internal (eth0) connections to check their mail.
What I can't seem to get to work is so that people externally-over the internet to have pop3 accounts. I would like them to be able to use outlook express instead of having to go to the web page everytime. I have tried opening port 25 on iptables. What do I need to do and how??
thanks very much
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

For POP access you'll need to allow inbound connections on 110/TCP. 25/TCP is only used for SMTP connections.
kephillipsAuthor Commented:
hi jlevie,
i've tried this:

iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -m tcp  --dport 143 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT

and still it doesn't seem to work. Also, when I go to www.grc.com (shields up) to check what ports i have open, it tells me that only 25 and 80 are. Doesn't say anything about 110...
check with netstat -a  if the ports are open.
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

sorry listen not open. jejeje.

and iptables -L       to check if the rules are correct and iptables save it
kephillipsAuthor Commented:
here's what i have doing a netstat -a:

tcp        0      0 *:pop3                  *:*                     LISTEN      
tcp        0      0 *:imap                  *:*                     LISTEN          
tcp        0      0 *:smtp                  *:*                     LISTEN
yep the ports are listen,  and iptables -L have the rules to open this ports to outside???
Please check you /etc/xinetd.d/ipop3 conf file. It should look something similar to this:

# default: off
# description: The POP3 service allows remote users to access their mail \
#              using an POP3 client such as Netscape Communicator, mutt, \
#              or fetchmail.
service pop3
        disable = no
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/ipop3d
        log_on_success  += HOST DURATION
        log_on_failure  += HOST

I'm cannot recall but I think by default there may be a hosts setting there you have to comment out or remove. Also, try a netstat -avtn|grep LISTEN and paste the output. SHould show something similar to:

tcp        0      0   *               LISTEN

The rules you need would look like:

iptables -A INPUT -i OUTSIDE-INTF -d 0/0 -p tcp --dport 25
iptables -A INPUT -i OUTSIDE-INTF -d 0/0 -p tcp --dport 110
iptables -A INPUT -i OUTSIDE-INTF -d 0/0 -p tcp --dport 143

replacing OUTSIDE-IF with the name of the outside ethernet interface (eth0, eth1, etc). Those rules assume that the mail server is on the firewall box.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The above answers are correct.  You do indeed need to open up port 110 for POP3 access.  You might want to check out my favorite firewall called homeLANsecurity.  It has most of these standard ports preconfigured.  All you would need to do is set the POP3 to "ON" and it will take care of the rest for you.  You can find it at:

And another complete firewall (mine) can be seen at http://www.entrophy-free.net/tools/iptables-gw
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.