I previously had a problem with my iptables firewall letting M$ Outlook Express check mail via IMAP to my courier IMAP server. For some reason unless I commented out the rule to drop ICMP packets I couldn't check my email via OE. That thread is
Here
Setting that aside, I'm having trouble getting Squirrelmail to access my mailboxes via IMAP. The documentation I've found online states:
I've pasted my firewall below. I started adding the equivilant udp port in case it was needing to send a udp packet for some reason. If I ssh into the box and iptables -F I can then log into squirrelmail just fine and see my email, so it's not a config issue with squirrelmail. However with my firewall enabled I see the following error when I try and login:
Quote:
ERROR
Error connecting to IMAP server: xxx.xxx.xxx.xxx
110 : Connection timed out
|
Quote:
SquirrelMail Webmail
At this point, you should have a working IMAP server which will allow you to collect mail. For a lot of people, a natural progression is to add a webmail front-end. This has several advantages; users can use a consistant interface from anywhere in the world, and firewall administation is made much easier (you only need to open the firewall to the server on port 80, or 443 (https)).
|
Quote:
#!/bin/bash
#Change the part after the = to the where you IPTABLES is on your system
IPTABLES=/sbin/iptables
#flush existing rules
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp
$IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 110 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 143 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 143 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 443 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 783 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 783 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 993 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 993 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 6900:6910 -j ACCEPT
$IPTABLES -A INPUT -p tcp -s 216.229.107.32 --dport 3306 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 22 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 25 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 80 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 110 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 110 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 143 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 143 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 783 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 783 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 993 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 993 -j ACCEPT
$IPTABLES -A INPUT -p tcp -j REJECT
#$IPTABLES -A INPUT -p ICMP -j DROP
$IPTABLES -A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG
$IPTABLES -A INPUT -i ! lo -j DROP
|
Anyone have any ideas? This is driving me batty.