- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: Can't get pop-3 working
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-29-2002 05:57 AM
тАО08-29-2002 05:57 AM
Can't get pop-3 working
How can I determine what is blocking remote access to port 110 ??
Many thanks in advance !!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-29-2002 06:11 AM
тАО08-29-2002 06:11 AM
Re: Can't get pop-3 working
I don't believe that POP3 is allowed in any of the default firewall configs so you'll have to be explicit.
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-29-2002 06:31 AM
тАО08-29-2002 06:31 AM
Re: Can't get pop-3 working
I'm using the default ipchains that installed with RH 7.1. I'm not sure where the config files are. I found ipchains in /etc/ipchains but am not sure how to format an entry to allow pop3.
1. How to format the ipchains entry ?
2. Is the ipchains in /etc the correct config file ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-29-2002 12:46 PM
тАО08-29-2002 12:46 PM
Re: Can't get pop-3 working
For the details you want, try this URL:
http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html
HTH,
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-29-2002 04:16 PM
тАО08-29-2002 04:16 PM
Re: Can't get pop-3 working
ipchains -A input -p tcp --source-port 110 -j ACCEPT
with an optional specification as to on which interface the packet originates:
ipchains -A input -p tcp -i interface --source-port 110 -j ACCEPT
Recommend you look into any of the firewalling scripts that are out there -- watchdog, shorewall (iptables vice chains) and others. Check out http://freshmeat.net and search for ipchains firewall for more.
hth
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-30-2002 11:04 AM
тАО08-30-2002 11:04 AM
Re: Can't get pop-3 working
That got it working !
I found /etc/sysconfig/ipchains and added an entry for port 110 by copying the entry for port 80 and changing 80 to 110.
Mark; I ment to assign 10 points -- mouse slipped :( For some reason I have to submit twice before the points will appear on the messages.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-10-2002 10:15 AM
тАО09-10-2002 10:15 AM
Re: Can't get pop-3 working
You want any user to access your web server, if its intent is a public server.
Do you want the entire world to be able to use popmail?
If you are letting your users access their mail from the outside, then you need full access, if however, you only let your users access their popmail while in the office or dialed in, restrict access to your local network.
For example, if your local network is 192, this would be the ipchains entry.
-A input -s 192.168.0.1/0 -d 192.168.0.1/0 110 -p tcp -y -j ACCEPT
-s is source, -d is where you want it to go, such as directing it through an Exchange server and whatnot. The exchange server will have to let the Linux box do relay.
I know, popmail can and should be configured to require an encrypted login, but there are security exploits and holes in the various products. Openning up this port to the public internet is a security risk.
I run and NSP and will have to open up things, but it will be on a IP address by IP address basis. Only IP's I authorize will be permitted to relay via popmail.
Steve
I do it one address at a time, so
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-10-2002 03:06 PM
тАО09-10-2002 03:06 PM
Re: Can't get pop-3 working
I do, however, need to restrict Telnet and FTP to the local network. Can you conjure up an entry that would do that ?? Would be a great help; now I have to turn off Telnet and FTP in /etc/xinetd.d and reboot and the ADSL-START in my script times out as many as six times before it gets connected.
Vern
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2002 09:49 AM
тАО09-11-2002 09:49 AM
Re: Can't get pop-3 working
Here is the bottom half of my ipchains config file.
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 23 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT
Notice whats missing. Nothing for port 21 ftp. Under these circumstances, a microsoft scripted ftp connection works, but a tool like ws_ftp won't connect.
Here is how I'd go about restricting access to telnet or ftp. I'm running an NSP, so I pretty much have to let users telnet in from anywhere, though I never use the root password from the outside for fear of it getting intercepted in clear text.
Change the port 23 line to this.
-A input -s 192.168.0.10/0 -d 0/0 23 -p tcp -y -j ACCEPT
My understanding is that should restrict telnet access in this case to a source address of 192.168.0.10, which is not public and could be any of your local IP addresses.
I've not tried this yet, but you should be able to authorize a range with this syntax.
-A input -s 192.168.0.10/20 -d 0/0 23 -p tcp -y -j ACCEPT
You can work with the -d(destination) parameter to restrict access to certain IP addresses.
For educational purposes, take a look at the port 53 entry, DNS. I'm doing my own DNS for my NSP, so this has to be wide open. To get the site to work, I had to authorize both udp and tcp. I'm not sure why that is, but it probably has something to do with how the client requests the name lookup.
I hope this helps. If you need something more direct or I've made a mistake, feel free to contact me through other means. If it helps, please assign me a point or two, I'm trying to be helpful but nobody seems to think I deserve a point.
Steve
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com