ip filering port 110 and 143 breaks watchdog

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
aus-city
Forum Regular
Forum Regular
Posts: 685
Joined: Thu Oct 26, 2006 11:56 pm

ip filering port 110 and 143 breaks watchdog

Unread post by aus-city »

Okay I'm filtering in asl-firewall tcp 110 and 143 to drop all ! myownip new connections

(yeah tired of asking no more insecure logins)

Now watchdog says courier imap and pop3 are down (but not pop3s and imaps).

Tried allowing lo and the host IP no go.

Any idea's?

Cheers!

David
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: ip filering port 110 and 143 breaks watchdog

Unread post by prupert »

Blocking these ports is a weird move that will most likely only cause more head aches, for you, and your clients. Modern mail clients with actually want to use ports 110 and 143 for STARTTLS. If you want to enforce TLS connections only, you can simply configure your mail server to require all clients to connect via TLS.

For Dovecot use

Code: Select all

ssl=required
See http://wiki.dovecot.org/SSL/DovecotConfiguration
Lemonbit Internet Dedicated Server Management
aus-city
Forum Regular
Forum Regular
Posts: 685
Joined: Thu Oct 26, 2006 11:56 pm

Re: ip filering port 110 and 143 breaks watchdog

Unread post by aus-city »

Thanks, but I'm using courier-IMAP and I'm needing to filter as we have some old equipment that can't do secure email.

I'm filtering and allowing my ip here as we'll as localhost.

It's working as roundcube is connecting over 143. If I drop localhost of access to TCP 143 roundcube can't log in.

I've set up my iPad on external address it works fine as it finds 993 and only the secure ports and mail tests reveal the mail server is fine, just no pop3 or IMAP so that's a non issue.

I can configure courier-pop3d and courier-imapd to force TLS but this breaks the old gear here that can't use secure.

How is watchdog probing the service? It's obviously IP related as it's not working, just the plain ports no issue on the secures.

If I drop the filtering off the ports then watchdog is happy again. I'd rather have watchdog monitoring, but if push comes to shove I'll pass on watchdog to lock down the ports.
Post Reply