Linux: Iptables Allow POP3 (open port 110) Server Requests

by on July 22, 2005 · 7 comments· LAST UPDATED November 11, 2008

in , ,

The Post Office Protocol version 3 (POP3) is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.

POP3 works over a TCP/IP connection using TCP on network port 110. E-mail clients can encrypt POP3 traffic using TLS or SSL. A TLS or SSL connection is negotiated using the STLS command.

Open Port 110 using Iptables

POP3 allows to retrieve mail. It uses the TCP port 110. Following two iptable rules allows incoming POP3 request on port 110 for server IP address 202.54.1.20 (open port 110):

You need to add following rules to your iptables shell script:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

In order to block incoming port 110 simply use target REJECT instead of ACCEPT:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 110 -j REJECT

To block outgoing port 110, add following to your script:

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 110 -d 0/0 --dport 1024:65535 -j REJECT
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 7 comments… read them below or add one }

1 Anonymous April 24, 2006 at 12:49 pm

after runing this “iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 110 -m state –state NEW,ESTABLISHED -j ACCEPT” It says Device or resource busy. Hint: insmod error can be caused byincorrect module parameters, including invalid IO or IRQ parameters.
what should i do??

Reply

2 Ash December 28, 2006 at 5:25 pm

-Following two iptable rules allows incoming POP3 request on port 25
+Following two iptable rules allows incoming POP3 request on port 110

Reply

3 nixCraft December 28, 2006 at 6:03 pm

Ash,

Thanks for heads up.

Reply

4 Mario Kofler November 9, 2008 at 9:37 am

hello,

why do i have to open the INPUT chain for “NEW,ESTABLISHED” connections? i thought that just my host wants to create a NEW connection and thats why i would have put the NEW to the 2nd rule which concerns the OUTPUT chain.

thanks for help,

mario

Reply

5 Murali December 25, 2009 at 10:46 am

hi,
I added tow rules in iptables for mails purpose (Fedora 4.0) but iam restarting iptables its showing error message like this

iptables: No chain/target/match by that name
iptables: No chain/target/match by that name

Rules is

iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

And iam adding like this

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

Getting error is like this

/etc/sysconfig/iptables-config: line 3: -A: command not found
/etc/sysconfig/iptables-config: line 4: -A: command not found

Reply

6 nixCraft December 25, 2009 at 11:39 am

You need to use /etc/sysconfig/iptables file.

Reply

7 Murali December 27, 2009 at 7:29 am

Thanks vivek for this responce but now iam enabled firewall and using the file /etc/sysconfig/iptables.
Ok now internet is working and icmp packets (PING) also accepting but not getting mails its showing SMTP complete and POP3 waiting finally i got message ” ERROR WHILE FETCHING MAIL” now iam using Fedora 6.0

Just i need mails (Sednmail) only please helpme

Reply

Leave a Comment

Tagged as: , , , , , , , , , , ,

Previous post:

Next post: