imap & iptables

Hi people!

There's an imap mail server (courier) running on my server. The problem
is when iptables is also running, downloading headers and mails is slow
slow slow. I'm using Outlook and Thunderbird and I have to wait for
server for about 5 minutes and at last headers are downloaded.

A telnet against mail server takes a few minutes when explore Inbox,
same as using Thunderbird/outllok.

The iptables rule is: iptables -A INPUT -t tcp --dport 143 -j ACCEPT
I know it's a iptables misconfiguration because if I add the rule:
iptables -A INPUT -p tcp -j ACCEPT then imap server is running ok but I
don't want to use that rule

I tried accepting all ICMP and UDP packets and doesn't work.

What I'm doing wrong?

thanks!

jorge <"jorge.ghm["@]wanadoo[.]es> said:
>There's an imap mail server (courier) running on my server. The problem
>is when iptables is also running, downloading headers and mails is slow
>slow slow. I'm using Outlook and Thunderbird and I have to wait for
>server for about 5 minutes and at last headers are downloaded.
....
>The iptables rule is: iptables -A INPUT -t tcp --dport 143 -j ACCEPT
>I know it's a iptables misconfiguration because if I add the rule:
>iptables -A INPUT -p tcp -j ACCEPT then imap server is running ok but I
>don't want to use that rule

Well, after the rule
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
add another with
iptables -A INPUT -p tcp -j LOG
.... and have a look in your system log file to find out what was dropped.
The add new '-j ACCEPT' selectively from the list of dropped packets.
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

jorge wrote:
> Hi people!
>
> There's an imap mail server (courier) running on my server. The problem
> is when iptables is also running, downloading headers and mails is slow
> slow slow. I'm using Outlook and Thunderbird and I have to wait for
> server for about 5 minutes and at last headers are downloaded.
>
> A telnet against mail server takes a few minutes when explore Inbox,
> same as using Thunderbird/outllok.
>
> The iptables rule is: iptables -A INPUT -t tcp --dport 143 -j ACCEPT
> I know it's a iptables misconfiguration because if I add the rule:
> iptables -A INPUT -p tcp -j ACCEPT then imap server is running ok but I
> don't want to use that rule
>
> I tried accepting all ICMP and UDP packets and doesn't work.
>
> What I'm doing wrong?
>
> thanks!

Perhaps your imap server is waiting ident (tcp 113) response
in this case you could block with icmp response or tcp-reset outgoing ident
request on imap server
--
Weill Philippe - Administrateur Systeme et Reseaux
CNRS Service Aeronomie - Universite Pierre et Marie Curie -
Tour 45/46 3e Etage B302 - 4 Place Jussieu - 75252 Paris Cedex 05 - FRANCE
Email(E-Mail Removed) | tel:+33 0144274759 Fax:+33 0144273776

On Mon, 03 Jan 2005 14:47:11 +0100, jorge wrote:

> The iptables rule is: iptables -A INPUT -t tcp --dport 143 -j ACCEPT

Have you thought about using the following?

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT --dport 143 -m state --state NEW -j ACCEPT

> I know it's a iptables misconfiguration because if I add the rule:
> iptables -A INPUT -p tcp -j ACCEPT then imap server is running ok but I
> don't want to use that rule

I don't blame you, I would not want to do that either.

> I tried accepting all ICMP and UDP packets and doesn't work.
>
> What I'm doing wrong?

Not too sure without seeing the whole rule setup. Try the above and if
that doesn't work we'll work from there.


--

Regards
Robert

Smile... it increases your face value!