Start pop3s and imaps services in dovecot.conf v2.1.9

M

MacWeb

Verified User
Joined
Aug 22, 2012
Messages
24
Hi,

I need to open Doveot pop3s and imaps services.

I use the following guide to start those services but when I change the dovecot.conf v2.1.9 file the service will not start.
http://help.directadmin.com/item.php?id=392

Please take a look in the attached configuration.

After starting the pop3s and imaps services I would like to close imap and pop3 services.

What changes should I do in dovecot.conf v 2.1.9 to stop pop3 and imap services ?

How can I start pop3s and imaps and close pop3 and imap services ?
What Dovecot configuration file will I need to use

I set my email client Apple Mail v 4.5 to connect with port 995 using SSL (Auth password)

I check and seams that Dovecot hasn´t a service for port 995 , but my email client could connect and download email.

I don´t understand why my email client could connect and download emails even if the port 995 is not open.
Why ?

tcp 0 0 :::587 :::* LISTEN -
tcp 0 0 :::2222 :::* LISTEN -
tcp 0 0 :::80 :::* LISTEN -
tcp 0 0 :::465 :::* LISTEN -
tcp 0 0 :::9876 :::* LISTEN -
tcp 0 0 :::21 :::* LISTEN -
tcp 0 0 :::443 :::* LISTEN -

Thanks in advance for your help.

#: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.2.1.el6.x86_64 x86_64 CentOS release 6.3 (Final)
auth_username_chars = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_@&
default_login_user = dovecot
listen = *
login_greeting = Dovecot DA ready.
mail_access_groups = mail
mail_location = maildir:~/Maildir
passdb {
driver = shadow
}
passdb {
args = username_format=%n /etc/virtual/%d/passwd
driver = passwd-file
}
protocols = pop3
service auth {
user = root
}
service imap-login {
process_min_avail = 16
user = dovecot
}
service pop3-login {
inet_listener pop3s {
address = *
port = 995
}
process_min_avail = 16
user = dovecot
}
ssl_cert = </etc/httpd/conf/ssl.crt/server.crt
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
ssl_key = </etc/httpd/conf/ssl.key/server.key
userdb {
driver = passwd
}
userdb {
args = username_format=%n /etc/virtual/%d/passwd
driver = passwd-file
}
verbose_proctitle = yes
protocol pop3 {
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o
pop3_uidl_format = %08Xu%08Xv
}
 
Hello,

By default PHP3/IMAP over SSL is available and enabled in dovecot, but you should connect to different ports, and of course install new and valid SSL certs:


Code: 
[root@server ~]# lsof -i :993
COMMAND     PID    USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
imap-logi 15416 dovecot    8u  IPv4 5206744      0t0  TCP *:imaps (LISTEN)
dovecot   22065    root   32u  IPv4 5206744      0t0  TCP *:imaps (LISTEN)
imap-logi 22071 dovecot    8u  IPv4 5206744      0t0  TCP *:imaps (LISTEN)
imap-logi 22073 dovecot    8u  IPv4 5206744      0t0  TCP *:imaps (LISTEN)
imap-logi 24829 dovecot    8u  IPv4 5206744      0t0  TCP *:imaps (LISTEN)
[root@server ~]# lsof -i :995
COMMAND     PID    USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
pop3-logi  9808 dovecot    8u  IPv4 5206722      0t0  TCP *:pop3s (LISTEN)
pop3-logi 11377 dovecot    8u  IPv4 5206722      0t0  TCP *:pop3s (LISTEN)
pop3-logi 12762 dovecot    8u  IPv4 5206722      0t0  TCP *:pop3s (LISTEN)
dovecot   22065    root   24u  IPv4 5206722      0t0  TCP *:pop3s (LISTEN)
pop3-logi 25433 dovecot    8u  IPv4 5206722      0t0  TCP *:pop3s (LISTEN)
[root@server ~]#

So try to use default config from directadmin.
 
Hi Alex,

I am not getting is why I do not see the port 995 when scanning from outside. But I did see port 110 open.

[******@server2 ~]$ netstat -anp --tcp --udp | grep LISTEN
(No info could be read for "-p": geteuid()=507 but you should be root.)
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:9876 0.0.0.0:* LISTEN -
tcp 0 0 ***********:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN -
tcp 0 0 :::587 :::* LISTEN -
tcp 0 0 :::2222 :::* LISTEN -
tcp 0 0 :::80 :::* LISTEN -
tcp 0 0 :::465 :::* LISTEN -
tcp 0 0 :::9876 :::* LISTEN -
tcp 0 0 :::21 :::* LISTEN -
tcp 0 0 :::25 :::* LISTEN -
tcp 0 0 :::443 :::* LISTEN

If possible I just want to use pop3s and imaps so I am trying to close the port 25 but if I just remove the port exim.conf "daemon_smtp_ports =" I couldn´t get emails from outside anymore at least gmail and hotmail emails.
I also check that the mail server test fail at http://www.mxtoolbox.com/diagnostic.aspx
Can you please tell me why ?

This is the output that I get with the lsof command.

Why do I get more open files ?

[root@server2 dovecot]# lsof -i :995
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dovecot 396 root 24u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 6448 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 8506 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 8511 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 8566 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 8595 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 8597 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 9381 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 10574 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 10596 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 10859 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 10905 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 10909 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 11553 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 11576 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 11772 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)
pop3-logi 11867 dovecot 8u IPv4 369458 0t0 TCP *:pop3s (LISTEN)

Thanks a lot
Anthony
 
service imap-login {
process_min_avail = 16
user = dovecot
}

Cause you have min avaible process as 16... that's why.

Also, you cant close port 25 or communication between servers will file (and so diagnostic).

Just try to use spamblocker v4.1 and force your users to use authentication on port 587

Regards
 
Thanks a lot Andrea

Should Port 995 be open if we scan the ports from outside ?

So if we move the SMTP port from 25 to 2525 will also fail those tests ?

I am not very worried about the test what worried me was that when I remove the port 25 I couldn´t get any emails from outside the host but I did get from domains in my host.

Thanks in advance
 
Port 25 is a standard so yes, test will fail. The only thing you can do as i sayd is to move to SB 4.1 and use 587 with auhtentication.

Regarding port 995 yes, if you want enable secure connection to imap i dont see any reason to close it.

You did get email from outside or local while port 25 was closed?

As far as i know, closing port 25 will deny outside server to be able to send you email, i did same test time ago for force user to use different port.

Regards
 
Hello Anthony,

Your Firewall must be blocking 995 port, you should check it and open it for connections from outside.

About port 25, you won't be able to receive emails if you block this port, there is no way to say other mail servers that they should connect to something different on your server in order to send emails to your mail boxes.

MacWeb said:
Hi Alex,

I am not getting is why I do not see the port 995 when scanning from outside. But I did see port 110 open.


If possible I just want to use pop3s and imaps so I am trying to close the port 25 but if I just remove the port exim.conf "daemon_smtp_ports =" I couldn´t get emails from outside anymore at least gmail and hotmail emails.
I also check that the mail server test fail at http://www.mxtoolbox.com/diagnostic.aspx
Can you please tell me why ?
Click to expand...
 
Just to clarify: All mailservers on the 'net talk to each other over port 25. If you block or close port 25, or switch ports on your mailserver, you'll never be able to get mail from anywhere; you'll never be able to send email anywhere.

Standards are important for communications between servers.

Jeff
 
Thanks for all your clarification about port 25.

Port 995 is open on CSF configuration so this port should be open in a port scan or not ?

When I do a port scan the port 995 is still closed but my email client POP settings is using SSL in port 995 and it is receiving email.

Can you explain me why ?

Anthony
 
I get this:

-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT

Port 995 is closed when I scan host ports.

Thanks
 
Well Alex I am a newbie in system administration I just know that the port is open in CSF.

What I don´t understand is why the email client can connect to a "closed" port.

If the email client it´s working this way, connecting to port 995, will I need to make the port 995 "appear" open for host port scan ?

No I don´t know what I need to do, if it´s fine to be this way or if it´s better that port 995 be open.

Can you please give me some tips. What can we see in the command answer ?

Thanks in advance
 
If you want to allow your user to connect to 995 port, of course you should open it in your firewall. You can do it either directly via ssh by editing file /etc/csf/csf.conf or in directadmin using csf plugin.
 
I am sorry Alex , maybe I was not clear.

port 995 is open on CSF

If I do a port scan to my hostname or IP the port is not open.

But my email client an connect to pop mail server using SSL and using port 995.

My question is why email client can connect even if the port is close in a port scan ?

This doesn´t make sense if port is open in CSF why the port is closed in a port scan ?

I am using online tools to scan and they tell me that port 995 is closed.

Can you explain this ?

Thanks in advance

Anthony
 
Try use telnet or provide ip for a check.

If client connect why you have doubt? CSF should be blocking the website ip that is doing the portscan...

Regards
 
MacWeb said:
Can you explain this ?
Click to expand...

No, I can not, as I don't know the answer. And why would ever anybody want to know that? Though I can guess, and you might want to read more about SSL.

So here is my supposition:

Since the port is used only for SSL connections, your portscanner either can not establish encrypted connection with a service (dovecot), or need a special parameter when you trigger it. In any case since the proper connections is not set, and portscanner does not get a reply from that port, that might be reason, why it thinks the port is not open.

For further information you'd better refer to documentation.
 
You must log in or register to reply here.
Back
Top