dovecot Outlook failure
Karl Pearson
karlp at ourldsfamily.com
Sat Oct 25 07:09:42 UTC 2008
On Fri, 24 Oct 2008, Rick Stevens wrote:
> Karl Pearson wrote:
>> On Thu, 23 Oct 2008, Rick Stevens wrote:
>>
>>> Karl Pearson wrote:
>>>> I'm in a client office, and they use Outlook. I installed a new server
>>>> after theirs was hacked into from China (story for another time). I've
>>>> installed Fedora 8 and everything is working, except dovecot from inside
>>>> the network (it's not going to work from outside anymore :) ).
>>>>
>>>> If I sit at an XP PC and telnet 10.0.0.240 110 it just hangs for awhile,
>>>> then times out and ends up back at a DOS prompt. Same for 143 (IMAP).
>>>>
>>>> I can telnet 10.0.0.240 25 and send email all day long.
>>>>
>>>> I setup an Evolution account for both POP3 and IMAP on the server and it
>>>> works fine.
>>>>
>>>> I have configured 2 other PCs with Fedora 8 in the last 2 months and
>>>> they both work fine. What am I missing here?
>>>
>>> Uh, really dumb question, but did you "chkconfig dovecot on" to make
>>> sure it starts on boot? Did you start it via "service dovecot start"?
>>> Does "netstat -lpn" show dovecot listening on ports 110 and 143?
>>
>> No, that's not the least bit dumb. I didn't and it wasn't, but that wasn't
>> the problem because I did that pretty early on, and fixed it. The server
>> had been rebooted a few times since.
>>
>> I did find the problem, though hadn't come across it before. It was
>> iptables not 'trusting' those services to be accessed from a remote IP
>> address. Thus, it worked on the server, but not from anywhere else. I did
>> iptables -F and turned it off. The server is behind a very nice Linux-based
>> firewall, and those services aren't NATted anyway. Only 25, 80 and 22 are
>> open, and 22 to root is forbidden. The old server had been on a DMZ, with
>> Samba and everything else open for the world to see.
>
> Ah! Yeah, that'd block them for sure. iptables was going to be my next
> question, but you beat me to it! Heheheheheh!
>
>> When I install other servers, I typically disable iptables from starting at
>> boot because I have my own scripts to do it for me.
>>
>> With the information you gave in the last thread I started, I may be
>> re-thinking that strategy. It bit me big this time.
>
> I'll help if I can. I just finished my PCI-hardening stuff so I've got
> a pretty good grip on security stuff now...iptables, external firewalls,
> ssh restrictions, session timeouts, authentication and sudo off LDAP,
> the lot.
Since I'm 'out of work' at the moment and back to consulting, I really
ought to learn what PCI is really all about. I understand the basics, but
the requirements are just about overwhelming to one as annoyingly
self-taught as I am.
Thanks for your help again.
Karl
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer ricks at nerd.com -
> - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
> - -
> - I never drink water because of the disgusting things that fish do -
> - in it. -
> - -- WC. Fields -
> ----------------------------------------------------------------------
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
>
---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-\\<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson KarlP at ourldsfamily.com
---
http://consulting.ourldsfamily.com
---
"To mess up your Linux PC, you have to really work at it;
to mess up a microsoft PC you just have to work on it."
---
More information about the Redhat-install-list
mailing list