I have a Verizon Fios business account at my home. I'm using a G3100 router. I haven't been able to configure email clients like Microsoft Outlook or Mozilla Thunderbird to traverse the router and reach a mail server named "example.net" (for example) that I have on my home network to retrieve email using secure POP3 on port 995. When I use Outlook from a computer on my home network and bypass the router and connect to the mail server using the private address on my home network, everything works just fine.
I can telnet to the mail server on port 995 from another server on a different network, confirming that port forwarding is properly configured. When I try to connect through the router using Outlook and Thunderbird, I see no connection attempts on the mail server.
It looks like Outlook and Thunderbird are doing something that's being blocked by the router. Does anyone have any thoughts on what's happening?
Solved! Go to Correct Answer
I don't know what caused this problem, but after switching to and configuring a new router it's no longer happening. Something must have been set in the old router to block the packets. I never did find the specific setting.
Did you do a packet mirroring at the outgoing interface to see if the router was indeed blocking off the packets?
No, I haven't. Everything works if I change the incoming server name in Outlook to a name that resolves to a local IP address (192.168.1.10) instead of a name that resolves to my static public IP address. That's what makes me think that the router is blocking something.
This is perplexing. I can connect to the mail server from a machine on another network using the public, static IP address with openssl on the remote machine. The router is working properly:
$ openssl s_client -connect example.net:995
CONNECTED(00000003)
...many lines deleted...
---
read R BLOCK
+OK Dovecot (Ubuntu) ready.
quit
+OK Logging out
closed
$
Whatever is happening here appears to be an issue with Outlook and Thunderbird, not the router. I enabled logging in Thunderbird, and while it shows a "connection refused" error there's no detail to explain why the connection was refused:
pop3.server1.7: Connecting to pop://example.net:995
pop3.server1.7: ConnectionRefusedError: a Network error occurred
_onError resource:///modules/Pop3Client.sys.mjs:380
(Async: EventHandlerNonNull)
connect resource:///modules/Pop3Client.sys.mjs:152
withClient resource:///modules/Pop3IncomingServer.sys.mjs:350
_getMail resource:///modules/Pop3Service.sys.mjs:62
GetNewMail resource:///modules/Pop3Service.sys.mjs:18
performBiff resource:///modules/Pop3IncomingServer.sys.mjs:125
pop3.server1.7: SecurityError info:
_onError resource:///modules/Pop3Client.sys.mjs:422
connect resource:///modules/Pop3Client.sys.mjs:152
withClient resource:///modules/Pop3IncomingServer.sys.mjs:350
_getMail resource:///modules/Pop3Service.sys.mjs:62
GetNewMail resource:///modules/Pop3Service.sys.mjs:18
performBiff resource:///modules/Pop3IncomingServer.sys.mjs:125
pop3.server1.7: Done with status=0x804b000d
openssl s_client is only checking for the TLS handshake.
Connection Refused is not indicative of TLS problem, it usually means the wrong port or the port is not open on the server.
Where is your server located? At your house? Does the server filter based on the incoming port?
If I can connect using openssl, the packets have traversed the router. I know that the port is correct and open.
The server is at my home, and yes, it's running iptables to filter traffic based on the destination port. It's not blocking the traffic in this case. I've checked the log.
Another clue: I was able to connect to the server using the email app on my iPhone on the cellular network, skipping my local wifi router. When I turned wifi back on, the phone can't connect.
I don't know what caused this problem, but after switching to and configuring a new router it's no longer happening. Something must have been set in the old router to block the packets. I never did find the specific setting.
Start a new topic or ask questions in the open forum.
