[clug] POP and iptables problem

Kim Holburn kim.holburn at anu.edu.au
Thu Nov 4 08:24:48 GMT 2004

On 2004 Nov 4, , at 2:16 PM, Antti.Roppola at brs.gov.au wrote:

> Hi all,
> Last night I graciously volunteered my time to shift
> a community group's web access from dial-up to ADSL.
> In went a IPCop based firewall (very nice) and after
> some testing to ensure web and email worked OK, I cut
> the whole office over. Currently HTTP, DNS, POP & SMTP
> are the only ports allowed through. Further testing confirmed
> that web, SMTP and POP3 all worked.
> So I get a call this morning. No good deed goes un-punished...
> Whilst SMTP and web still work, POP3 from the Windows98
> desktop running Outlook does not. Outlook cannot retrieve
> mail and I get an error code that looks up as:
>    0x800   CCC0E FAILED_TO_CONNECT Cannot connect to server.
> Now if I telnet to port 110 on the pop server from that Win98
> desktop, I can establish a connection with the POP server and
> get "OK" messages most of the way through authentication (I don't
> have the password and the owner was out). I try (no success)
> adding port 995 (SSL) to the ruleset.

I have found that windows sometimes tries to ping a server before it 
tries to connect.  If the ping doesn't work it gives up, never trying 
the service.

> There is a possibility that the password stored in Outlook for
> that POP account is incorrect. The machine had a variety of
> backdoors and trojans (partially?) removed yesterday.
> Now, since I can connect to the POP server OK, I am inclined to
> think that the issue has nothing to do with the firewall. Is this
> a reasonable assumption? Or have I missed something important?
> Ideas?
> Antti
> ----------------------------------------------------------------------
> IMPORTANT - This message has been issued by The Department of 
> Agriculture, Fisheries and Forestry (DAFF).  The information 
> transmitted is for the use of the intended recipient only and may 
> contain confidential and/or legally privileged material.  It is your 
> responsibility to check any attachments for viruses and defects before 
> opening or sending them on.
> Any reproduction, publication, communication, re-transmission, 
> disclosure, dissemination or other use of the information contained in 
> this e-mail by persons or entities other than the intended recipient 
> is prohibited.  The taking of any action in reliance upon this 
> information by persons or entities other than the intended recipient 
> is prohibited.  If you have received this e-mail in error please 
> notify the sender and delete all copies of this transmission together 
> with any attachments.  If you have received this e-mail as part of a 
> valid mailing list and no longer want to receive a message such as 
> this one advise the sender by return e-mail accordingly.  Only e-mail 
> correspondence which includes this footer, has been authorised by DAFF
> ----------------------------------------------------------------------
> -- 
> linux mailing list
> linux at lists.samba.org
> http://lists.samba.org/mailman/listinfo/linux
Kim Holburn
IT Manager, Canberra Research Laboratory
National Information and Communication Technology Australia
Ph: +61 2 61258620 M: +61 417820641
Email: kim.holburn at anu.edu.au  - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/index.php?id=16 -> 
Aust. Spam Act: To stop receiving mail from me: reply and let me know.

Use ISO 8601 dates [YYYY-MM-DD] 
Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the linux mailing list