OT: Thunderbird and iptables

Mark Nienberg mark at TIPPINGMAR.COM
Wed Apr 20 20:13:32 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Forgive the off-topic post, but what a great place this is to get the
ear of a bunch of e-mail administrators.

My offsite Thunderbird users, chen checking mail using IMAP, generate
messages like the following from iptables:

Apr 20 10:29:10 gingham kernel: IN= OUT=eth0
SRC=my.mailserver.ip.address DST=the.remote.ip.address
LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=50142 DF PROTO=TCP
SPT=36798 DPT=60933 WINDOW=7040 RES=0x00 ACK RST URGP=0

In spite of this, the Thunderbird clients seem to work just fine.

Does anyone know why the mailserver tries to respond to the mail client
using high ports from and to?  If the packets are realted to the IMAP
transaction, then why aren't they allowed by iptables, which is
configured to allow ESTABLISHED and RELATED packets?  If the packets are
ACKs then they must be from a different port than the SYN was directed
to, because the mailserver is behind a NAT firewall that doesn't forward
high port traffic to the mail server by default.

It's a Fedora Core 1 server, which uses UW-IMAP.

Thanks for any hints.

Mark Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list