≡ Menu

Linux: Iptables Allow POP3 (open port 110) Server Requests

The Post Office Protocol version 3 (POP3) is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.

POP3 works over a TCP/IP connection using TCP on network port 110. E-mail clients can encrypt POP3 traffic using TLS or SSL. A TLS or SSL connection is negotiated using the STLS command.

Open Port 110 using Iptables

POP3 allows to retrieve mail. It uses the TCP port 110. Following two iptable rules allows incoming POP3 request on port 110 for server IP address 202.54.1.20 (open port 110):

You need to add following rules to your iptables shell script:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

In order to block incoming port 110 simply use target REJECT instead of ACCEPT:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 110 -j REJECT

To block outgoing port 110, add following to your script:

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 110 -d 0/0 --dport 1024:65535 -j REJECT
Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 7 comments… add one }

  • Anonymous April 24, 2006, 12:49 pm

    after runing this “iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 110 -m state –state NEW,ESTABLISHED -j ACCEPT” It says Device or resource busy. Hint: insmod error can be caused byincorrect module parameters, including invalid IO or IRQ parameters.
    what should i do??

  • Ash December 28, 2006, 5:25 pm

    -Following two iptable rules allows incoming POP3 request on port 25
    +Following two iptable rules allows incoming POP3 request on port 110

  • nixCraft December 28, 2006, 6:03 pm

    Ash,

    Thanks for heads up.

  • Mario Kofler November 9, 2008, 9:37 am

    hello,

    why do i have to open the INPUT chain for “NEW,ESTABLISHED” connections? i thought that just my host wants to create a NEW connection and thats why i would have put the NEW to the 2nd rule which concerns the OUTPUT chain.

    thanks for help,

    mario

  • Murali December 25, 2009, 10:46 am

    hi,
    I added tow rules in iptables for mails purpose (Fedora 4.0) but iam restarting iptables its showing error message like this

    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name

    Rules is

    iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
    iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

    And iam adding like this

    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

    Getting error is like this

    /etc/sysconfig/iptables-config: line 3: -A: command not found
    /etc/sysconfig/iptables-config: line 4: -A: command not found

  • Murali December 27, 2009, 7:29 am

    Thanks vivek for this responce but now iam enabled firewall and using the file /etc/sysconfig/iptables.
    Ok now internet is working and icmp packets (PING) also accepting but not getting mails its showing SMTP complete and POP3 waiting finally i got message ” ERROR WHILE FETCHING MAIL” now iam using Fedora 6.0

    Just i need mails (Sednmail) only please helpme

Leave a Comment