Writings Photos Code Contact Resume
How to bypass a blocked pop3 port using SSH.

You are here

Submitted by msameer on Thu, 13/07/2006 - 1:33am

So, You are behind a firewall blocking the pop3 port ? No worries

Here's part of my fetchmailrc:

poll foolab.org with proto POP3
user 'XXX' there with password 'YYY' is 'ZZZ' here options ssl fetchall no rewrite

I'll simply change it to poll from localhost:

poll localhost with proto POP3 port 1500
user 'XXX' there with password 'YYY' is 'ZZZ' here options ssl fetchall no rewrite

Now we need SSH to forward between my laptop port 1500 and foolab.org 110
Here's the magic!

ssh -L 1500:localhost:110 foolab.org

localhost is being resolved ON THE SERVER SIDE.

Now the only problem is that SSL will not like it and you'll get something like:

4230:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:567:
fetchmail: SSL connection failed.

I've just removed the ssl option and it's working fine now (Probably it's not needed anyway since fetchmail will negotiate TLS using the "STARTTLS" command) but anyway, we are tunneling over SSH so it's not needed.


Submitted by النعامة (not verified) on Thu, 13/07/2006 - 10:33am

يا واد يا لعييييب.

Submitted by ezabi on Sat, 15/07/2006 - 8:40pm

Neat one really.
Of course it could be applied to all services, I was also looking into something about encapsulating HTTP into ICMP to bypass proxies (transparent ones), but haven't understood yet how it's done.
That technique you used works well with port filtering firewalls, but can you check if you're behind an application aware firewall by for example using a well known port, try 80 or 21 instead of 1500 and tell me what happens.
Another thing, I believe they have a really messed up firewall configuration for port 1500 to be allowed like this, where is the drop all rule??

Submitted by binesh (not verified) on Thu, 27/12/2007 - 6:15am

In my organisation We using pop ,when we configure Outlook pop3 of other domains it is working fine.but getting error when we using pop.
is this any problem with dhcp DNS.
can You help me to solve this issue.

Submitted by msameer on Thu, 27/12/2007 - 6:04pm

Sorry. I don't support windows.

Submitted by ben (not verified) on Sun, 13/07/2008 - 6:04pm

if you have no root access to a personal web server you might also want to try the mailFISH service provided at


requires only client-side setup of a small application that acts as a local forwarder for pop3 and smtp messages. can be used for free for tunnelling a limited number of messages per day.

Submitted by msameer on Sun, 13/07/2008 - 10:20pm

And reveal my username and password to a 3rd party ? No way ;-)

Add new comment

Subscribe to /  digg  bookmark