Minor Bug in service monitor?

Discussion in 'Installation/Configuration' started by teves, Jan 9, 2013.

  1. teves

    teves Member

    Hello,

    I think I discovered a small bug in the service monitor, but you might also call it a configuration error, so I have to ask:

    For the mail server I only want to allow encrypted connections (STARTTLS). So at first I put the line
    ssl = required
    into my dovecot.conf.
    But this configuration did only work for the IMAP connection seemingly, not for POP3.

    So I have disabled the unencoded pop3 protocol by changing the line
    protocols = imap imaps pop3 pop3s
    to
    protocols = imap imaps pop3s

    Now the connections are secure, but the service monitor tells me that the pop3 service is not available. I am sure it works, for I have created a mailbox to test it.

    I see that all this happens because I use a workaround, but on the other hand the service is working and ISPConfig tells me it's not. Bug? :)

    Regards,
    Tom
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPconfig checks if a pop3 and imap service is listening on the default port on localhost. If you disabled pop3 or imap in dovecot.conf, then ther is no such service at localhost and the monitor is showing it as offline.

    Reconfigure dovecot.conf and set it back to

    protocols = imap imaps pop3 pop3s

    If you want to disallow connections to pop3 or imap, then close the ports in the firewall.
     
  3. teves

    teves Member

    Hi Till,

    thanks for your reply, but I am not sure if this is a good solution, I'm afraid. I do think so because of the following line from the dovecot wiki:

    Clients using STARTTLS work by connecting to the regular unencrypted port and immediately issue a STARTTLS command, after which the session is encrypted. After SSL handshake there is no difference between SSL port initiated connections and STARTTLS initiated connections.

    (for the complete paragraph about SSL/TLS see http://wiki2.dovecot.org/SSL)

    In other words: if I blocked the ports with the firewall, the STARTTLS concept would be useless.
    At least this is how I understand it. Or am I wrong?

    Regards, Tom
     

Share This Page