[courier-users] Courier pop3d and iptables

Fri, 12 May 2006 09:35:28 -0700 

I am having a problem implementing iptables with courier's pop3
daemon.  If I disable iptables, everything works fine.  As soon as I
enable it, pop3 will stop working for large messages.  Small messages
will go through with no problems, but large ones will time out.

I get this message from OE: "Your POP3 server has not responded in 60
seconds."  And an option to stop or continue waiting.  I can wait as
long as I want, but it will not download the message.

Has anyone seen this problem before?  I would like to implement
iptables for more security, but I can't do it if this problem
persists.

My server is:
    P4 2.8, 1GB RAM
    CentOS 4.3
    Courier 0.53.1

My iptables rules were initially created with
system-config-securitylevel and then modified from there.  The current
rules are:

Chain INPUT (policy ACCEPT)
 target               prot opt in  out  source     destination
 RH-Firewall-1-INPUT  all  --  *   *    0.0.0.0/0  0.0.0.0/0

Chain FORWARD (policy ACCEPT)
 target               prot opt in  out  source     destination
 RH-Firewall-1-INPUT  all  --  *   *    0.0.0.0/0  0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
 target  prot opt in  out  source         destination

Chain RH-Firewall-1-INPUT (2 references)
 target  prot opt in  out  source         destination
 ACCEPT  all  --  lo  *    0.0.0.0/0      0.0.0.0/0
 ACCEPT  icmp --  *   *    0.0.0.0/0      0.0.0.0/0  icmp type 255
 ACCEPT  all  --  *   *    0.0.0.0/0      0.0.0.0/0  state
RELATED,ESTABLISHED
 ACCEPT  tcp  --  *   *    0.0.0.0/0      0.0.0.0/0  state NEW tcp dpt:25
 ACCEPT  tcp  --  *   *    0.0.0.0/0      0.0.0.0/0  state NEW tcp dpt:110
 ACCEPT  tcp  --  *   *    0.0.0.0/0      0.0.0.0/0  state NEW tcp dpt:53
 ACCEPT  udp  --  *   *    0.0.0.0/0      0.0.0.0/0  state NEW udp dpt:53
 ACCEPT  tcp  --  *   *    0.0.0.0/0      0.0.0.0/0  state NEW tcp dpt:587
 ACCEPT  tcp  --  *   *    0.0.0.0/0      0.0.0.0/0  state NEW tcp dpt:80
 ACCEPT  tcp  --  *   *    172.16.0.0/16  0.0.0.0/0  state NEW tcp dpt:22
 ACCEPT  tcp  --  *   *    0.0.0.0/0      0.0.0.0/0  state NEW tcp dpt:443
 ACCEPT  tcp  --  *   *    0.0.0.0/0      0.0.0.0/0  state NEW tcp dpt:995
 REJECT  all  --  *   *    0.0.0.0/0      0.0.0.0/0  reject-with
icmp-host-prohibited

I appreciate any suggestions.

--
Bowie


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to