POP3 (Port No. 110)

POP3 (Port No. 110)

[Vinod H]

Hi,

I am not so good in netfilter/iptables

I have Sendmail configured on my server and I am able to send and
receive mails in the intranet. Now I want to be able to access the
mails from outside world also but i dont want to open the port for
every one. I want to open the pop3 port for the perticular IP (it may
be static or dynamic IP) in the IPTABLES and close the port when not
needed to access from outside.

Please some one tell me how to do this and can I have some script
which will open the port when i need and close when not needed so that
I don't have to enter into the iptables every time.

How to open the pop3 port for a perticular external ipaddress

Please some one help me on this 

Thanks and Regards

Vinod

Re: POP3 (Port No. 110)

[Taylor, Grant]

> I have Sendmail configured on my server and I am able to send and
> receive mails in the intranet. Now I want to be able to access the
> mails from outside world also but i dont want to open the port for
> every one. I want to open the pop3 port for the perticular IP (it may
> be static or dynamic IP) in the IPTABLES and close the port when not
> needed to access from outside.
> 
> Please some one tell me how to do this and can I have some script
> which will open the port when i need and close when not needed so that
> I don't have to enter into the iptables every time.
> 
> How to open the pop3 port for a perticular external ipaddress

Presuming that you are not filtering on output it is easy to allow a specific IP access to your POP3 server.

iptables -t filter -A INPUT -s ! ${known_external_ip_address} -p tcp --dport 110 -j DROP

This will drop any traffic that comes to port 110 that is not from the known external ip address.

If you are wanting more help setting up a script to manage this for you such that you can say pop_open and / or pop_close let me know and I'll see what I can whip up.



Grant. . . .

Re: POP3 (Port No. 110)

[Georgi Alexandrov]

Taylor, Grant wrote:

>> I have Sendmail configured on my server and I am able to send and
>> receive mails in the intranet. Now I want to be able to access the
>> mails from outside world also but i dont want to open the port for
>> every one. I want to open the pop3 port for the perticular IP (it may
>> be static or dynamic IP) in the IPTABLES and close the port when not
>> needed to access from outside.
>>
>> Please some one tell me how to do this and can I have some script
>> which will open the port when i need and close when not needed so that
>> I don't have to enter into the iptables every time.
>>
>> How to open the pop3 port for a perticular external ipaddress
>
>
> Presuming that you are not filtering on output it is easy to allow a 
> specific IP access to your POP3 server.
>
> iptables -t filter -A INPUT -s ! ${known_external_ip_address} -p tcp 
> --dport 110 -j DROP
>
> This will drop any traffic that comes to port 110 that is not from the 
> known external ip address.
>
> If you are wanting more help setting up a script to manage this for 
> you such that you can say pop_open and / or pop_close let me know and 
> I'll see what I can whip up.
>
>
>
> Grant. . . .
>
>
I think he is talking about port knocker.

"iptables -t filter -A INPUT -s ! ${known_external_ip_address} -p tcp 
--dport 110 -j DROP "
that rule is heavily dependant on his chain policies. E.g. if he has 
DROP policy on the INPUT chain (-t filter) that rule won't help much as 
${known_external_ip_address} will continue traversing the rules until it 
hits the DROP policy.

georgi ...

georgi