Topic: External incoming POP3 Opening/blocking

[daley]

Hi All,

How can we implement the /etc/rc.d/init.d/masq by having selective users/IP to have certain access granted to access external POP3/STMP services etc instead of all users, taking the external POP3 for example, i can't really figure it out how it works but i know it is something to do with the /etc/rc.d/init.d/masq and /etc/e-smith/template-custom/etc/rc.d/init.d/masq/45AllowPOP.

kindly advise.

regards,
daley

[Bill Talcott]

Do you understand how the template system works? /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowPOP is one custom fragment. The fragments in /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/ and /etc/e-smith/templates/etc/rc.d/init.d/masq/ get combined to form /etc/rc.d/init.d/masq.

The following line in 45AllowPOP allows incoming connections for POP3.

/sbin/ipchains --append input -p tcp -s 0/0 -d $OUTERNET 110 -j ACCEPT

The "-s 0/0" tells it to allow connections from source 0/0 (any address). The "-d $OUTERNET" tells it to allow connections to your external IP address. The "110" is the port number, 110 for POP3. You could create a custom template with "-s 1.2.3.4/24" to only allow POP3 connections from 1.2.3.4/24 if you wanted. Then just expand the template and the new /etc/rc.d/init.d/masq file would be made, including your custom POP3 rule.

If you're looking at how to allow legitimate remote users to access your SMTP server, see http://www.pagefault.org/e-smith/contrib/index.html#securemail for SME 5.5, or search for Nathan Fowler's pop-before-smtp for earlier versions.