Linux: Iptables Allow POP3 (open port 110) Server Requests

The Post Office Protocol version 3 (POP3) is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.

ADVERTISEMENTS

POP3 works over a TCP/IP connection using TCP on network port 110. E-mail clients can encrypt POP3 traffic using TLS or SSL. A TLS or SSL connection is negotiated using the STLS command.

Open Port 110 using Iptables

POP3 allows to retrieve mail. It uses the TCP port 110. Following two iptable rules allows incoming POP3 request on port 110 for server IP address 202.54.1.20 (open port 110):

You need to add following rules to your iptables shell script:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

In order to block incoming port 110 simply use target REJECT instead of ACCEPT:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 110 -j REJECT

To block outgoing port 110, add following to your script:

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 110 -d 0/0 --dport 1024:65535 -j REJECT
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
7 comments… add one
  • Anonymous Apr 24, 2006 @ 12:49

    after runing this “iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 110 -m state –state NEW,ESTABLISHED -j ACCEPT” It says Device or resource busy. Hint: insmod error can be caused byincorrect module parameters, including invalid IO or IRQ parameters.
    what should i do??

  • Ash Dec 28, 2006 @ 17:25

    -Following two iptable rules allows incoming POP3 request on port 25
    +Following two iptable rules allows incoming POP3 request on port 110

  • 🐧 nixCraft Dec 28, 2006 @ 18:03

    Ash,

    Thanks for heads up.

  • Mario Kofler Nov 9, 2008 @ 9:37

    hello,

    why do i have to open the INPUT chain for “NEW,ESTABLISHED” connections? i thought that just my host wants to create a NEW connection and thats why i would have put the NEW to the 2nd rule which concerns the OUTPUT chain.

    thanks for help,

    mario

  • Murali Dec 25, 2009 @ 10:46

    hi,
    I added tow rules in iptables for mails purpose (Fedora 4.0) but iam restarting iptables its showing error message like this

    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name

    Rules is

    iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
    iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

    And iam adding like this

    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

    Getting error is like this

    /etc/sysconfig/iptables-config: line 3: -A: command not found
    /etc/sysconfig/iptables-config: line 4: -A: command not found

  • Murali Dec 27, 2009 @ 7:29

    Thanks vivek for this responce but now iam enabled firewall and using the file /etc/sysconfig/iptables.
    Ok now internet is working and icmp packets (PING) also accepting but not getting mails its showing SMTP complete and POP3 waiting finally i got message ” ERROR WHILE FETCHING MAIL” now iam using Fedora 6.0

    Just i need mails (Sednmail) only please helpme

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.