Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


iptables to allow mail users to get mail externally

Posted on 2004-11-08
Medium Priority
Last Modified: 2010-03-18
Hi experts,
I'm using Red Hat 9, iptables and sendmail.
I have my mail server functional and firewall allowing all internal (eth0) connections to check their mail.
What I can't seem to get to work is so that people externally-over the internet to have pop3 accounts. I would like them to be able to use outlook express instead of having to go to the web page everytime. I have tried opening port 25 on iptables. What do I need to do and how??
thanks very much
Question by:kephillips
  • 3
  • 3
  • 2
  • +2
LVL 40

Expert Comment

ID: 12528248
For POP access you'll need to allow inbound connections on 110/TCP. 25/TCP is only used for SMTP connections.

Author Comment

ID: 12531807
hi jlevie,
i've tried this:

iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -m tcp  --dport 143 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT

and still it doesn't seem to work. Also, when I go to www.grc.com (shields up) to check what ports i have open, it tells me that only 25 and 80 are. Doesn't say anything about 110...
LVL 14

Expert Comment

ID: 12532740
check with netstat -a  if the ports are open.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 14

Expert Comment

ID: 12532747
sorry listen not open. jejeje.

and iptables -L       to check if the rules are correct and iptables save it

Author Comment

ID: 12532909
here's what i have doing a netstat -a:

tcp        0      0 *:pop3                  *:*                     LISTEN      
tcp        0      0 *:imap                  *:*                     LISTEN          
tcp        0      0 *:smtp                  *:*                     LISTEN
LVL 14

Expert Comment

ID: 12532945
yep the ports are listen,  and iptables -L have the rules to open this ports to outside???

Expert Comment

ID: 12535703
Please check you /etc/xinetd.d/ipop3 conf file. It should look something similar to this:

# default: off
# description: The POP3 service allows remote users to access their mail \
#              using an POP3 client such as Netscape Communicator, mutt, \
#              or fetchmail.
service pop3
        disable = no
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/ipop3d
        log_on_success  += HOST DURATION
        log_on_failure  += HOST

I'm cannot recall but I think by default there may be a hosts setting there you have to comment out or remove. Also, try a netstat -avtn|grep LISTEN and paste the output. SHould show something similar to:

tcp        0      0   *               LISTEN

LVL 40

Accepted Solution

jlevie earned 500 total points
ID: 12536236
The rules you need would look like:

iptables -A INPUT -i OUTSIDE-INTF -d 0/0 -p tcp --dport 25
iptables -A INPUT -i OUTSIDE-INTF -d 0/0 -p tcp --dport 110
iptables -A INPUT -i OUTSIDE-INTF -d 0/0 -p tcp --dport 143

replacing OUTSIDE-IF with the name of the outside ethernet interface (eth0, eth1, etc). Those rules assume that the mail server is on the firewall box.

Expert Comment

ID: 12539116
The above answers are correct.  You do indeed need to open up port 110 for POP3 access.  You might want to check out my favorite firewall called homeLANsecurity.  It has most of these standard ports preconfigured.  All you would need to do is set the POP3 to "ON" and it will take care of the rest for you.  You can find it at:

LVL 40

Expert Comment

ID: 12539303
And another complete firewall (mine) can be seen at http://www.entrophy-free.net/tools/iptables-gw

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question