Re: qpopper and ipchains config

[peter . allen]

You wrote:

>When trying to connect using Express, I get the following errors:-
>
>The connection to the server has failed. Account: 'xxxxxx.com', Server:
>'mail. xxxxxx.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error:
>10061, Error Number: 0x800CCC0E
>
>The connection to the server has failed. Account: 'xxxxxx.com', Server:
>'xxxxxx.com', Protocol: POP3, Port: 110, Secure(SSL): No, Socket Error:
>10071, Error Number: 0x800CCC0E
>
>Now, na�ve me assumed that the comment about SSL meant it was trying to use
>SSL to connect to the port.

No - in fact that is just saying that your e-mail client was not using SSL.

>However, if I remove the following rule from ipchains:-
>
>REJECT tcp -y---- anywhere anywhere any ->
>any
>
>Then the pop3 connection works. I need to do the equivalent for SMTP also,
>as I understand it.

Well that will work as it is removing most of your firewall protection !! After reading up a bit on ipchains you should add to rules for clients to connect to port 110, which is where PoP3 is normally checked, and port 25 being the SMTP equivalent.

>Now, what I'm a little confused about is whether this is the correct & safest way to configure >ipchains to allow qpopper to work?

Definitely not the way to go, although I concede that it will work. You should assume currently that you do not have any firewalling.

>I need to allow any external client with a valid IP address to connect via pop3 and SMTP using >using the appropriate ports. Presumably it's a good idea to reject invalid IP addresses and to >reject connections that appear to come from the internal network address. I guess there is more I >can do to secure things by using APOP, SSL, etc. but first things first.

Most firewalls will cover blocking internal IP numbers on the external interface etc.

>I would be grateful for any help.
>
>Thanks,
>Phil