Linux: Iptables Allow POP3 (open port 110) Server Requests

Posted on in Categories Debian Linux, Gentoo Linux, Linux, Mail server, Networking, RedHat/Fedora Linux, Security, Suse Linux, Ubuntu Linux last updated July 22, 2005

The Post Office Protocol version 3 (POP3) is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.

POP3 works over a TCP/IP connection using TCP on network port 110. E-mail clients can encrypt POP3 traffic using TLS or SSL. A TLS or SSL connection is negotiated using the STLS command.

Open Port 110 using Iptables

POP3 allows to retrieve mail. It uses the TCP port 110. Following two iptable rules allows incoming POP3 request on port 110 for server IP address 202.54.1.20 (open port 110):

You need to add following rules to your iptables shell script:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

In order to block incoming port 110 simply use target REJECT instead of ACCEPT:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 110 -j REJECT

To block outgoing port 110, add following to your script:

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 110 -d 0/0 --dport 1024:65535 -j REJECT

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

7 comment

  1. after runing this “iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 110 -m state –state NEW,ESTABLISHED -j ACCEPT” It says Device or resource busy. Hint: insmod error can be caused byincorrect module parameters, including invalid IO or IRQ parameters.
    what should i do??

  2. hello,

    why do i have to open the INPUT chain for “NEW,ESTABLISHED” connections? i thought that just my host wants to create a NEW connection and thats why i would have put the NEW to the 2nd rule which concerns the OUTPUT chain.

    thanks for help,

    mario

  3. hi,
    I added tow rules in iptables for mails purpose (Fedora 4.0) but iam restarting iptables its showing error message like this

    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name

    Rules is

    iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
    iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

    And iam adding like this

    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

    Getting error is like this

    /etc/sysconfig/iptables-config: line 3: -A: command not found
    /etc/sysconfig/iptables-config: line 4: -A: command not found

  4. Thanks vivek for this responce but now iam enabled firewall and using the file /etc/sysconfig/iptables.
    Ok now internet is working and icmp packets (PING) also accepting but not getting mails its showing SMTP complete and POP3 waiting finally i got message ” ERROR WHILE FETCHING MAIL” now iam using Fedora 6.0

    Just i need mails (Sednmail) only please helpme

Leave a Comment