Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th September 2011, 01:43
pineapple pineapple is offline
Member
 
Join Date: Jun 2009
Location: Australia
Posts: 67
Thanks: 8
Thanked 1 Time in 1 Post
Default Cannot login with imap SSL

Hello

I followed Falko's tutorial on setting up Debian Lenny with ISPConfig 2 and have had a trouble-free server. Until now I have connected to Courier using pop3 on SSL. I know wish to use imap and can connect on 143 but when I use SSL on 993 the connection times out.

I checked the logs and each time I attempt to connect I see a LOGOUT but not a LOGIN:

Code:
Sep 14 01:29:52 elvis postfix/anvil[13806]: statistics: max connection rate 1/60s for (smtp:41.174.15.167) at Sep 14 09:23:17
Sep 14 01:29:52 elvis postfix/anvil[13806]: statistics: max connection count 1 for (smtp:41.174.15.167) at Sep 14 09:23:17
Sep 14 01:29:52 elvis postfix/anvil[13806]: statistics: max cache size 2 at Sep 14 09:24:06
Sep 14 01:30:54 elvis imapd: LOGOUT, user=1_andrew, ip=[removed], headers=0, body=0, rcvd=87, sent=467, time=765
Sep 14 01:30:54 elvis imapd: LOGOUT, user=1_andrew, ip=[removed], headers=31443, body=31119277, rcvd=2823, sent=31598746, time=786
Sep 14 01:30:54 elvis imapd: LOGOUT, user=1_andrew, ip=[removed], headers=0, body=0, rcvd=67, sent=169, time=767
Am I doing something wrong here?

regards

Andrew
Reply With Quote
Sponsored Links
  #2  
Old 14th September 2011, 10:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

What's the output of
Code:
netstat -tap
? Is port 993 allowed in your firewall?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 15th September 2011, 01:18
pineapple pineapple is offline
Member
 
Join Date: Jun 2009
Location: Australia
Posts: 67
Thanks: 8
Thanked 1 Time in 1 Post
Default

I have turned my firewall off but still the connection times out.

netstat returns the following:
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:mysql                 *:*                     LISTEN      663/mysqld
tcp        0      0 *:81                    *:*                     LISTEN      4125/ispconfig_http
tcp        0      0 *:22001                 *:*                     LISTEN      25563/sshd
tcp        0      0 elvis.form3.com.:domain *:*                     LISTEN      4462/named
tcp        0      0 localhost.locald:domain *:*                     LISTEN      4462/named
tcp        0      0 *:smtp                  *:*                     LISTEN      28344/master
tcp        0      0 localhost.localdoma:953 *:*                     LISTEN      4462/named
tcp        0    248 elvis.form3.com.a:22001 115.69.47.99:56225      ESTABLISHED 4617/0
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      13082/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      27767/couriertcpd
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      11304/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      11385/couriertcpd
tcp6       0      0 [::]:www                [::]:*                  LISTEN      4350/apache2
tcp6       0      0 [::]:22001              [::]:*                  LISTEN      25563/sshd
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      1805/proftpd: (acce
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      28344/master
tcp6       0      0 ip6-localhost:953       [::]:*                  LISTEN      4462/named
tcp6       0      0 [::]:https              [::]:*                  LISTEN      4350/apache2
Andrew
Reply With Quote
  #4  
Old 15th September 2011, 11:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

The netstat output looks good.

What's the output of
Code:
iptables -L
? Do you maybe need to open port 993 on your router?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 16th September 2011, 00:51
pineapple pineapple is offline
Member
 
Join Date: Jun 2009
Location: Australia
Posts: 67
Thanks: 8
Thanked 1 Time in 1 Post
Default

I have opened 993 on the firewall and checked that it's open with PFPortChecker. I have also tried connecting from a different machine on a different network with telnet - I can get a connection with 143 but not 993. However if I log directly into the server console I can telnet on both ports.

The iptables command returns:
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             loopback/8
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  base-address.mcast.net/4  anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere

Chain INT_IN (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain INT_OUT (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain PAROLE (12 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PUB_IN (4 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:www
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:81
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap2
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:webmin
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3s
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:22001
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
DROP       icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain PUB_OUT (4 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
Thanks.
Reply With Quote
  #6  
Old 16th September 2011, 10:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dpt:81
PAROLE tcp -- anywhere anywhere tcp dptop3
PAROLE tcp -- anywhere anywhere tcp dpt:imap2
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:webmin
PAROLE tcp -- anywhere anywhere tcp dptop3s
PAROLE tcp -- anywhere anywhere tcp dpt:22001
ACCEPT udp -- anywhere anywhere udp dpt:domain
I only see imap2 in the above output, but not imaps, so I guess that port is not open.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 16th September 2011, 10:58
pineapple pineapple is offline
Member
 
Join Date: Jun 2009
Location: Australia
Posts: 67
Thanks: 8
Thanked 1 Time in 1 Post
Default

How do I open it?
Reply With Quote
  #8  
Old 17th September 2011, 11:19
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Just open port 993 in ISPConfig's firewall (Managment > Server > Services > Firewall it is, I believe).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
pineapple (17th September 2011)
  #9  
Old 17th September 2011, 11:46
pineapple pineapple is offline
Member
 
Join Date: Jun 2009
Location: Australia
Posts: 67
Thanks: 8
Thanked 1 Time in 1 Post
 
Default

Legend - well done! Thanks very much. All solved.

Andrew
Reply With Quote
The Following User Says Thank You to pineapple For This Useful Post:
falko (18th September 2011)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fail2ban configuration Captain Installation/Configuration 2 28th June 2011 19:48
Exhausted every resource: can't login to dovecot jonc Server Operation 1 12th February 2011 11:38
F11 courier-imap fails. Nachogrande General 6 1st November 2010 17:55
squirrelmail and postfix witoszek General 12 1st December 2009 18:07
Postfix can't received email from exterior astra2000 Server Operation 5 17th October 2009 23:26


All times are GMT +2. The time now is 12:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.