[RE: [lug] Sending POP email thru firewall]

Justin glowecon at netscape.net
Tue Jul 11 15:08:11 MDT 2000 

That was poorly worded I guess. I am having troubles sending mail from behind
my ipchains firewall, I can recieve the email fine from POP mail servers. Now
that I think about it I need to check how my firewall handles port 25 and not
the POP stuff, hehe. The following is what I have for SMTP handling:

SMTP_SERVER="my.mailserver.com"

# SMTP client (25)
# ----------------
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
-s $IPADDR $UNPRIVPORTS \
-d $SMTP_SERVER 25 -j ACCEPT 

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $SMTP_SERVER 25 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT 

Plus my MASQ entry:
ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ

Does that look correct? 

Justin

"George Sexton" <gsexton at mhsoftware.com> wrote:
> There really is no such thing as "sending POP email". POP is a protocol for
> retrieving Email.
> 
> SMTP (port 25) is used for sending Email.
> 
> Is your problem really related to retrieving POP messages, or sending
Email?
> 
> > -----Original Message-----
> > From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
> > Behalf Of Justin
> > Sent: Tuesday, July 11, 2000 12:59 PM
> > To: BLUG
> > Subject: [lug] Sending POP email thru firewall
> >
> >
> > I have some client machines that are having trouble sending POP email
thru
> > my ipchains firewall. Everytime I try to send an email I get a connection
> > time out because the pop server cannot be contacted. I can
> > recieve mail just
> > fine however. Another thing is, while trying to watch the packets
> > go thru the
> > firewall with sniffit I noticed that when the local interface is in
> > promiscuous mode the mail goes thru. I have the following rules for POP
> > input/output:
> >
> > EXTERNAL_INTERFACE="eth1"
> > LOCAL_INTERFACE_1="eth0"
> > IPADDR="my.ip.adress"
> > LOCALNET_1="192.168.1.0/24"
> > UNPRIVPORTS="1024:65535"
> >
> > # POP client (110)
> > # ----------------
> > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
> > -s $IPADDR $UNPRIVPORTS \
> > -d mypop.server.com 110 -j ACCEPT
> >
> > ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > -s mypop.server.com 110 \
> > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> >
> > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
> > -s $IPADDR $UNPRIVPORTS \
> > -d pop.dnvr.uswest.net 110 -j ACCEPT
> >
> > ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > -s pop.dnvr.uswest.net 110 \
> > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> >
> > This problem has plagued me for a long time. Is there anything
> > special that
> > needs to be done for mail to be sent thru? Any ideas?
> >
> > Justin
> >
> > ____________________________________________________________________
> > Get your own FREE, personal Netscape WebMail account today at
> http://webmail.netscape.com.
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug


____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.

More information about the LUG mailing list