Okay I'm filtering in asl-firewall tcp 110 and 143 to drop all ! myownip new connections
(yeah tired of asking no more insecure logins)
Now watchdog says courier imap and pop3 are down (but not pop3s and imaps).
Tried allowing lo and the host IP no go.
Any idea's?
Cheers!
David
ip filering port 110 and 143 breaks watchdog
Re: ip filering port 110 and 143 breaks watchdog
Blocking these ports is a weird move that will most likely only cause more head aches, for you, and your clients. Modern mail clients with actually want to use ports 110 and 143 for STARTTLS. If you want to enforce TLS connections only, you can simply configure your mail server to require all clients to connect via TLS.
For Dovecot use
See http://wiki.dovecot.org/SSL/DovecotConfiguration
For Dovecot use
Code: Select all
ssl=required
Lemonbit Internet Dedicated Server Management
Re: ip filering port 110 and 143 breaks watchdog
Thanks, but I'm using courier-IMAP and I'm needing to filter as we have some old equipment that can't do secure email.
I'm filtering and allowing my ip here as we'll as localhost.
It's working as roundcube is connecting over 143. If I drop localhost of access to TCP 143 roundcube can't log in.
I've set up my iPad on external address it works fine as it finds 993 and only the secure ports and mail tests reveal the mail server is fine, just no pop3 or IMAP so that's a non issue.
I can configure courier-pop3d and courier-imapd to force TLS but this breaks the old gear here that can't use secure.
How is watchdog probing the service? It's obviously IP related as it's not working, just the plain ports no issue on the secures.
If I drop the filtering off the ports then watchdog is happy again. I'd rather have watchdog monitoring, but if push comes to shove I'll pass on watchdog to lock down the ports.
I'm filtering and allowing my ip here as we'll as localhost.
It's working as roundcube is connecting over 143. If I drop localhost of access to TCP 143 roundcube can't log in.
I've set up my iPad on external address it works fine as it finds 993 and only the secure ports and mail tests reveal the mail server is fine, just no pop3 or IMAP so that's a non issue.
I can configure courier-pop3d and courier-imapd to force TLS but this breaks the old gear here that can't use secure.
How is watchdog probing the service? It's obviously IP related as it's not working, just the plain ports no issue on the secures.
If I drop the filtering off the ports then watchdog is happy again. I'd rather have watchdog monitoring, but if push comes to shove I'll pass on watchdog to lock down the ports.