store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sun Aug 18, 2019 5:09 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: ip filering port 110 and 143 breaks watchdog
Unread postPosted: Sat Oct 08, 2016 6:54 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu Oct 26, 2006 11:56 pm
Posts: 684
Okay I'm filtering in asl-firewall tcp 110 and 143 to drop all ! myownip new connections

(yeah tired of asking no more insecure logins)

Now watchdog says courier imap and pop3 are down (but not pop3s and imaps).

Tried allowing lo and the host IP no go.

Any idea's?

Cheers!

David


Top
 Profile  
Reply with quote  
 Post subject: Re: ip filering port 110 and 143 breaks watchdog
Unread postPosted: Sun Oct 09, 2016 4:42 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Aug 01, 2006 2:45 pm
Posts: 573
Location: Netherlands
Blocking these ports is a weird move that will most likely only cause more head aches, for you, and your clients. Modern mail clients with actually want to use ports 110 and 143 for STARTTLS. If you want to enforce TLS connections only, you can simply configure your mail server to require all clients to connect via TLS.

For Dovecot use
Code:
ssl=required

See http://wiki.dovecot.org/SSL/DovecotConfiguration

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
Reply with quote  
 Post subject: Re: ip filering port 110 and 143 breaks watchdog
Unread postPosted: Sun Oct 09, 2016 1:27 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu Oct 26, 2006 11:56 pm
Posts: 684
Thanks, but I'm using courier-IMAP and I'm needing to filter as we have some old equipment that can't do secure email.

I'm filtering and allowing my ip here as we'll as localhost.

It's working as roundcube is connecting over 143. If I drop localhost of access to TCP 143 roundcube can't log in.

I've set up my iPad on external address it works fine as it finds 993 and only the secure ports and mail tests reveal the mail server is fine, just no pop3 or IMAP so that's a non issue.

I can configure courier-pop3d and courier-imapd to force TLS but this breaks the old gear here that can't use secure.

How is watchdog probing the service? It's obviously IP related as it's not working, just the plain ports no issue on the secures.

If I drop the filtering off the ports then watchdog is happy again. I'd rather have watchdog monitoring, but if push comes to shove I'll pass on watchdog to lock down the ports.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group