Secure Pop Mail Works In Spite Of Firewall Blocking A Connection

[SteveW]

I have Thunderbird configured to retrieve POP mail by connecting to my server's port 995 using SSL/TLS for a secure connection. That's been working fine for a long time.

 

While experimenting with my new antivirus program's firewall, I put it into "stealth" mode by creating rules to block all inbound TCP/UDP connection attempts initiated by a remote computer.

 

In the firewall log, I'm now seeing that whenever Thunderbird fetches my mail, my firewall is blocking at least one inbound connection attempt from my website's port 995, addressed to various ports on my PC: 3582, 2609, 2607, 1101, 4963, and others...

 

However, I'm still able to send and receive email just fine, so it seems like these refused connections are something not essential to the email retrieval process.

 

Does anyone know what's the purpose of these reverse-direction connections back to my computer?

 

...and why blocking them doesn't seem to make any difference?

Edited July 19, 2011 by SteveW

[SteveW]

It looks as though whatever local port Thunderbird opens for the transaction, the mail server, when the transaction is finished, tries to open a new connection back to the client on that port + 1.

 

So if Thunderbird started the communication from local port 2608, the transaction takes place normally through that port, and then the mail server tries to open a connection from its port 995 back to my port 2609, and that's the one the firewall was dropping.

 

Even though it didn't seem to make any difference, I added a firewall rule to allow the data to be received.

 

I'll update here if I ever run across an explanation, but for now have done enough reading about POP mail to last a while.

Edited July 21, 2011 by SteveW