Greetings,

I've been bashing my head against this for the past few days and finally decided it might be time to call in some backup.

I'm currently setting up a Postfix+Dovecot+Amasvid+SpamAssassin+ClamAV solution.

I've appear to have everything working fine except for one last piece of the puzzel.

For some weird reason, I'm unable to connect to the POP3 server from external hosts. I've done the following checks;

Is dovecot running? Yes.

# service dovecot status
dovecot (pid 30750) is running...

Have I setup it up to listen for POP connections? It appears so...

ps auxw|grep "dovecot\|imap\|pop3"
root 31385 0.0 0.0 1784 556 ? Ss 15:44 0:00 usr/sbin/dovecot
root 31387 0.0 0.1 6832 1516 ? S 15:44 0:00 dovecot-auth
dovecot 31388 0.0 0.1 4152 1504 ? S 15:44 0:00 pop3-login
dovecot 31389 0.0 0.1 4152 1504 ? S 15:44 0:00 pop3-login
dovecot 31390 0.0 0.1 4152 1508 ? S 15:44 0:00 pop3-login

# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10001 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN

iptables rule in place.
# iptables --list -n | grep 110
ACCEPT tcp -- 0.0.0.0 192.168.0.1 tcp spt:110 state NEW

Can I connect locally? Yes, without problems.

#telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user testuser
+OK
pass youwish
+OK Logged in.
list
+OK 2 messages:
1 1350
2 1337
.
quit
+OK Logging out.

Can I see the port from another host? Yep...

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-07-04 15:40 EST
Interesting ports on myhost.com.au (192.168.0.1):
PORT STATE SERVICE
110/tcp filtered pop3
MAC Address: 00:15:60:5B:50:50 (Hewlett Packard)

Nmap finished: 1 IP address (1 host up) scanned in 0.611 seconds

Everything seems like it should work, but if I attempt to telnet to port 110 from another host, I simply time out.

I can't figure out what's blocking access. It *feels* like it should be something with Dovecot itself, but I can't for the life of me figure out what I'm missing.

Any ideas would be greatly appreciated.

The first few questions for me would be:

How is the machine hooked up to the net?
Does you ISP permit inbound pop3-traffic?
Did you nmap the box from the outside?


Cheers,
Tink

I would like to add in more question,

1. You telnet from another host using computer name or ipaddress?
2. What ipaddress of the host? It pass through NAT router/firewall?
3. Can the host contact other services in your computer (like www)?

Regards,
Ks

Unlikely since a local nmap shows the box to only have
110 open ....



Cheers,
Tink

*bangs head against wall...*

Source port/destination port were back to front for port 110

Sorry to waste your time guys.

Thanks for the help