Horde webmail plesk 10.2

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
DarkF@der
Forum Regular
Forum Regular
Posts: 313
Joined: Thu May 07, 2009 12:46 pm

Re: Horde webmail plesk 10.2

Unread post by DarkF@der »

Thanks for this example :D
inquis
Forum Regular
Forum Regular
Posts: 104
Joined: Fri May 06, 2011 8:16 pm
Location: UK

Re: Horde webmail plesk 10.2

Unread post by inquis »

I am slowly understanding this but which but relates to unblocking imap through a new firewall rule.

Sorry if you can explain what to do and why really basically i would appreciate it.

Apologies in advance, as i am at the back of the class but curious to get more involved in this.

Thanks
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Horde webmail plesk 10.2

Unread post by mikeshinn »

I am slowly understanding this but which but relates to unblocking imap through a new firewall rule.
I'm not sure I understand your question, could you clarify?
inquis
Forum Regular
Forum Regular
Posts: 104
Joined: Fri May 06, 2011 8:16 pm
Location: UK

Re: Horde webmail plesk 10.2

Unread post by inquis »

mikeshinn wrote:
I am slowly understanding this but which but relates to unblocking imap through a new firewall rule.
I'm not sure I understand your question, could you clarify?
mikeshinn wrote:I cant speak for APF, and not sure if it could do, but you would want to create iptables rules that limit the output to just those userids that would normally do this. For example, to limit outbound SMTP to just qmail and postfix, you would add rules like there:

iptables -I OUTPUT -p tcp --dport 25 -m owner --uid-owner qmail -j ACCEPT
iptables -I OUTPUT -p tcp --dport 25 -m owner --uid-owner postfix -j ACCEPT
iptables -I OUTPUT -p tcp --dport 25 -m owner --uid-owner root -j ACCEPT
iptables -I OUTPUT -p tcp --dport 25 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -j LOG_SMTP_OUT
iptables -A LOG_SMTP_OUT -m limit --limit 1/second -j LOG --log-level info --log-prefix "Unauth-SMTP " --log-tcp-sequence --log-tcp-options --log-ip-options
iptables -A LOG_SMTP_OUT -j REJECT

The format of a rule that is limited to a user is:

iptables -I OUTPUT -p PROTOCOL --dport PORT -m owner --uid-owner USERNAME -j ACCEPT

Where PROTOCOL would probably almost always be "tcp", except maybe in the case of DNS when it would be "udp".

PORT is the outbound port, 25 for SMTP, 80 for HTTP, etc.

and USERNAME is the trusted non-malicious username, such as "qmail".

For other services, you would need to identify the user that would normally, and non-maliciously connect outbound and limit that port to that user.
Hi Mike,

sorry to be a pain, basically what I mean is my imap worked before and as per the thread after upgrading I cannot connect to IMAP.

Basically I wanted to get the firewall rule to enable IP's of my selection to connect to IMAP and access mail as per normal.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Horde webmail plesk 10.2

Unread post by mikeshinn »

sorry to be a pain, basically what I mean is my imap worked before and as per the thread after upgrading I cannot connect to IMAP.
Do you mean they cant connect to your IMAP service? If thats the issue, they you just need to open tcp ports 993 and 143 on your system to allow connections to your IMAP services. Although theres nothing in ASL that would change this, so I suspect you are not referring to your firewall rules.

If you mean that you have a web application, such as Horde, that can not "connect" to your IMAP services, then if you look at the earlier part of this forum thread you likely have a PHP function disabled that horde needs. If you look at the release notes for ASL 3.0 here:

https://www.atomicorp.com/wiki/index.ph ... ease_Notes

You'll see this note:

ASL 3.0 added two new high risk PHP functions: pfsockopen and fsockopen. These are disabled in PHP by default. If you have a web application that uses these functions, please ensure that you re-enable them. You can do so by changing these settings in ASL:

ALLOW_pfsockopen and ALLOW_fsockopen

to "yes"


As far as I know, horde needs the fsockopen function enabled. So log into ASL, click on the "Configuration" tab, scroll down to "ALLOW_fsockopen" and per the note above, set that to "yes". Then click the "Update" button. Horde might need pfsockopen too, not sure though, so if Horde still complains then try that too.

Also, PHP will always log if a function is not allowed. So check your apache error logs for any messages from PHP like this:

“Warning: fockopen() has been disabled for security reasons..”

So anytime you have a problem with a PHP application, always check your apache logs first. PHP will usually tell you whats wrong.
inquis
Forum Regular
Forum Regular
Posts: 104
Joined: Fri May 06, 2011 8:16 pm
Location: UK

Re: Horde webmail plesk 10.2

Unread post by inquis »

i tried opening these two php functions and I still couldn't get in.

I will try this again later today and see if I can sort this out and I will report back
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Horde webmail plesk 10.2

Unread post by mikeshinn »

i tried opening these two php functions and I still couldn't get in.
Check your apache logs too, if apache is configured to not do something (such as PHP being configured to not allow certain functions), it will log that error.
Post Reply