outlook iptables configuration [update]
- by mediaexpert
I've a Debian mail server,
but only the outlook users can't be able to download the emails.
I've seen a lot of post about some kind of forwarding port configuration, I've tried some commands, but I don't be able to solve this problem,
please help me.
[LAST UPDATE]
I find a lot of TIME WAIT on ipv6
netstat
tcp6 0 0 my.mailserver.it:imap2 200-62-245-188.ip2:17060 TIME_WAIT -
below some config files:
pop3d
I think the problem was here
##NAME: POP3AUTH:1
#
# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
# variable:
#
# POP3AUTH="LOGIN"
#
# If you have configured the CRAM-MD5, CRAM-SHA1 or CRAM-SHA256, set POP3AUTH
# to something like this:
#
# POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
POP3AUTH=""
##NAME: POP3AUTH_ORIG:1
#
# For use by webadmin
POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
##NAME: POP3AUTH_TLS:1
#
# To also advertise SASL PLAIN if SSL is enabled, uncomment the
# POP3AUTH_TLS environment variable:
#
# POP3AUTH_TLS="LOGIN PLAIN"
POP3_TLS_REQUIRED = 0
POP3AUTH_TLS=""
##NAME: POP3AUTH_TLS_ORIG:0
#
# For use by webadmin
POP3AUTH_TLS_ORIG="LOGIN PLAIN"
##NAME: POP3_PROXY:0
#
# Enable proxying. See README.proxy
#
# For use by webadmin
POP3AUTH_TLS_ORIG="LOGIN PLAIN"
##NAME: POP3_PROXY:0
#
# Enable proxying. See README.proxy
POP3_PROXY=0
##NAME: PROXY_HOSTNAME:0
#
# Override value from gethostname() when checking if a proxy connection is
# required.
# PROXY_HOSTNAME=
##NAME: PORT:1
##NAME: PROXY_HOSTNAME:0
#
# Override value from gethostname() when checking if a proxy connection is
# required.
# PROXY_HOSTNAME=
##NAME: PORT:1
#
# Port to listen on for connections. The default is port 110.
#
# Multiple port numbers can be separated by commas. When multiple port
# numbers are used it is possibly to select a specific IP address for a
# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
# The ADDRESS setting is a default for ports that do not have a specified
# IP address.
# Port to listen on for connections. The default is port 110.
#
# Multiple port numbers can be separated by commas. When multiple port
# numbers are used it is possibly to select a specific IP address for a
# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
# The ADDRESS setting is a default for ports that do not have a specified
# IP address.
PORT=110
##NAME: ADDRESS:0
#
# IP address to listen on. 0 means all IP addresses.
ADDRESS=0
##NAME: TCPDOPTS:0
#
##NAME: ADDRESS:0
#
# IP address to listen on. 0 means all IP addresses.
ADDRESS=0
##NAME: TCPDOPTS:0
#
# Other couriertcpd(1) options. The following defaults should be fine.
#
TCPDOPTS="-nodnslookup -noidentlookup"
##NAME: LOGGEROPTS:0
#
# courierlogger(1) options.
#
LOGGEROPTS="-name=pop3d"
##NAME: DEFDOMAIN:0
#
# Optional default domain. If the username does not contain the
# first character of DEFDOMAIN, then it is appended to the username.
# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended
# only if the username does not contain any character from DOMAINSEP.
# You can set different default domains based on the the interface IP
# address using the -access and -accesslocal options of couriertcpd(1).
DEFDOMAIN="@interzone.it"
##NAME: POP3DSTART:0
#
# POP3DSTART is not referenced anywhere in the standard Courier programs
# or scripts. Rather, this is a convenient flag to be read by your system
# startup script in /etc/rc.d, like this:
#
# . /etc/courier/pop3d
DEFDOMAIN="@mydomain.com"
##NAME: POP3DSTART:0
#
# POP3DSTART is not referenced anywhere in the standard Courier programs
# or scripts. Rather, this is a convenient flag to be read by your system
# startup script in /etc/rc.d, like this:
#
# . /etc/courier/pop3d
# case x$POP3DSTART in
# x[yY]*)
# /usr/lib/courier/pop3d.rc start
# ;;
# esac
#
# The default setting is going to be NO, until Courier is shipped by default
# with enough platforms so that people get annoyed with having to flip it to
# YES every time.
# x[yY]*)
# /usr/lib/courier/pop3d.rc start
# ;;
# esac
#
# The default setting is going to be NO, until Courier is shipped by default
# with enough platforms so that people get annoyed with having to flip it to
# YES every time.
POP3DSTART=YES
##NAME: MAILDIRPATH:0
#
# MAILDIRPATH - directory name of the maildir directory.
#
MAILDIRPATH=.maildir
iptables
Chain INPUT (policy DROP 20 packets, 1016 bytes)
pkts bytes target prot opt in out source destination
60833 16M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 state NEW,ESTABLISHED
18970 971K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:110 state NEW,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
pop3d.cnf
RANDFILE = /usr/lib...pop3d.rand
[req]
default_bits = 1024
encrypt_key = yes
distinguidhed_name = req_dn
x509_extensions = cert_type
prompt = no
[req_dn]
C=US
ST=NY
L= New York
O=Courier Mail Server
OU=Automatically-generated POP3 SSL key
CN=localhost
[email protected]
[cert_type]
nsCertType = server
