POP3SSL some questions

Question

As the providers in germany are changing to POP3SSL, I began to fiddle around with that.
I'm using fetchmail on my home mailserver and fetch the mail from around 10 different account from 3 different providers.
It took some time to get fetchmail accepting the self signed certificate of my UTM, but now it seems to work, but not properly.
The same time fetchmail polls for new mails the UTM blocks pakets for port 995.

Let me show some logs for 3 sample accounts:
1. prefetch
2013:12:15-12:35:25 fw pop3proxy[9387]: Prefetch for account 3: Successfully logged in on POP3 server 212.227.15.161
2013:12:15-12:35:25 fw pop3proxy[9387]: Prefetch for account 3 finished (fetched=0, deleted=0, not_on_server=46)
2013:12:15-12:36:22 fw pop3proxy[9593]: Prefetch for account 2: Successfully logged in on POP3 server 212.227.17.177
2013:12:15-12:36:22 fw pop3proxy[9593]: Prefetch for account 2 finished (fetched=0, deleted=0, not_on_server=6)
2013:12:15-12:38:23 fw pop3proxy[10008]: Prefetch for account 1: Successfully logged in on POP3 server 212.227.17.169
2013:12:15-12:38:24 fw pop3proxy[10008]: Prefetch for account 1 finished (fetched=0, deleted=0, not_on_server=56)

2. polling
2013:12:15-12:40:02 fw pop3proxy[10403]: Accepted client connection from 192.168.250.202 for 212.227.17.185 (pop.gmx.net Servers server_id 2)
2013:12:15-12:40:02 fw pop3proxy[10403]: SslClient 192.168.250.202 has closed the connection
2013:12:15-12:40:02 fw pop3proxy[10408]: Accepted client connection from 192.168.250.202 for 212.227.17.169 (pop.gmx.net Servers server_id 2)
2013:12:15-12:40:02 fw pop3proxy[10408]: aaa@gmx.de logged in (account 1)
2013:12:15-12:40:02 fw pop3proxy[10408]: Client 192.168.250.202 logged out (account=1, deleted=0)
2013:12:15-12:40:02 fw pop3proxy[10424]: Accepted client connection from 192.168.250.202 for 212.227.17.177 (pop.web.de Servers server_id 3)
2013:12:15-12:40:02 fw pop3proxy[10424]: SslClient 192.168.250.202 has closed the connection
2013:12:15-12:40:02 fw pop3proxy[10426]: Accepted client connection from 192.168.250.202 for 212.227.17.161 (pop.web.de Servers server_id 3)
2013:12:15-12:40:02 fw pop3proxy[10426]: bbb logged in (account 2)
2013:12:15-12:40:02 fw pop3proxy[10426]: Client 192.168.250.202 logged out (account=2, deleted=0)
2013:12:15-12:40:02 fw pop3proxy[10428]: Accepted client connection from 192.168.250.202 for 212.227.15.177 (pop.1und1.com Servers server_id 1)
2013:12:15-12:40:02 fw pop3proxy[10428]: SslClient 192.168.250.202 has closed the connection
2013:12:15-12:40:02 fw pop3proxy[10430]: Accepted client connection from 192.168.250.202 for 212.227.15.161 (pop.1und1.com Servers server_id 1)
2013:12:15-12:40:02 fw pop3proxy[10430]: ccc logged in (account 3)
2013:12:15-12:40:02 fw pop3proxy[10430]: Client 192.168.250.202 logged out (account=3, deleted=0)

3. the dropped pakets
2013:12:15-12:40:03 fw ulogd[5037]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="ppp0" srcmac="0:27:e:5:22:9b" dstmac="0:30:18:a4:f9:7a" srcip="192.168.250.202" dstip="212.227.17.169" proto="6" length="40" tos="0x00" prec="0x00" ttl="63" srcport="33664" dstport="995" tcpflags="RST"
2013:12:15-12:40:03 fw ulogd[5037]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="ppp0" srcmac="0:27:e:5:22:9b" dstmac="0:30:18:a4:f9:7a" srcip="192.168.250.202" dstip="212.227.17.161" proto="6" length="40" tos="0x00" prec="0x00" ttl="63" srcport="47986" dstport="995" tcpflags="RST"
2013:12:15-12:40:03 fw ulogd[5037]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="ppp0" srcmac="0:27:e:5:22:9b" dstmac="0:30:18:a4:f9:7a" srcip="192.168.250.202" dstip="212.227.15.161" proto="6" length="40" tos="0x00" prec="0x00" ttl="63" srcport="43325" dstport="995" tcpflags="RST"

and 4. the log of my mailserver for one account
fetchmail: 6.3.21 fragt _fk_gmx ab (Protokoll POP3) um So 15 Dez 2013 13:19:26 CET: Abfrage gestartet
Versuche, mit 212.227.17.169/995 zu verbinden...verbunden.
fetchmail: Server-Zertifikat:
fetchmail: Herausgeber-Organisation: MyOrganisation
fetchmail: Herausgeber-CommonName: CA of MyOrganisation
fetchmail: Subjekt-CommonName: Common name of my firewall
fetchmail: _fk_gmx-Schlüssel-Fingerabdruck: 7F:A8:5D:F2:B5:25:B9:xx:xx:xx:xx:67:03:1E:85:92
fetchmail: POP3 CAPA
fetchmail: POP3aaa@gmx.de@pop.gmx.net
Versuche, mit 212.227.17.185/995 zu verbinden...verbunden.
fetchmail: Server-Zertifikat:
fetchmail: Herausgeber-Organisation: MyOrganisation
fetchmail: Herausgeber-CommonName: CA of MyOrganisation
fetchmail: Subjekt-CommonName: Common name of my firewall
fetchmail: _fk_gmx-Schlüssel-Fingerabdruck: 7F:A8:5D:F2:B5:25:B9:xx:xx:xx:xx:67:03:1E:85:92
fetchmail: POP3 USER aaa@gmx.de
fetchmail: POP3 PASS *
fetchmail: POP3 STAT
fetchmail: POP3aaa@gmx.de bei _fk_gmx
fetchmail: POP3> QUIT
fetchmail: POP3

This thread was automatically locked due to age.