Re: IMAPS and/or openssl problem

Timothy Murphy wrote:
Andy Green wrote:

Somebody in the thread at some point said:

telnet <myserver> 993
I just get
Trying <server IP address>
and nothing further, until I type ctrl-C.
Check /var/log/messages to see if anything is logged. The behavior of
telnet sounds like the behavior of openssl. It's probably not the
No, he doesn't even get a tcp connection established. If I telnet to my
IMAP server I see

telnet 192.168.0.xx 993
Trying 192.168.0.xx...
Connected to 192.168.0.xx.
Escape character is '^]'.

I would first confirm that something is still listening on your external
network interface on 993.

Thanks for all the responses.

nmap seems to show that port 993 is open:
=====================================
[tim@martha ~]$ nmap 86.43.71.228

Starting Nmap 4.20 ( http://insecure.org ) at 2007-08-31 02:13 CEST
Interesting ports on 86.43.71.228:
Not shown: 1688 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
993/tcp filtered imaps
1720/tcp filtered H.323/Q.931
2001/tcp open dc
5190/tcp open aol

Nmap finished: 1 IP address (1 host up) scanned in 20.467 seconds
=====================================

But "netstat -anp --tcp" does not show anything listening on 993
=====================================
[tim@martha ~]$ sudo netstat -anp --tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 1745/nasd
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 1637/hpiod
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1878/smbd
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 1654/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1714/sendmail: acce
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1878/smbd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 1642/python
tcp 0 0 0.0.0.0:33215 0.0.0.0:* LISTEN 1443/rpc.statd
tcp 0 0 192.168.1.149:34676 86.43.71.228:2001 ESTABLISHED 3298/ssh
tcp 0 0 :::901 :::* LISTEN 1680/xinetd
tcp 0 0 :::111 :::* LISTEN 1422/rpcbind
tcp 0 0 :::22 :::* LISTEN 1668/sshd
tcp 0 0 :::631 :::* LISTEN 1654/cupsd
=====================================

I can telnet 993 on my server without problem:
=====================================
[tim@alfred ~]$ telnet localhost 993
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
^]
telnet> quit
Connection closed.
=====================================

And "iptables -L" seems to allow this connection:
=====================================
...
Chain net2fw (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp
echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp
dpt:appserv-http
ACCEPT udp -- anywhere anywhere udp
dpt:appserv-http
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
Drop 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info
prefix `Shorewall:net2fw:DROP:'
DROP 0 -- anywhere anywhere
...
=====================================

So my best guess is that there is something wrong
with my dovecot configuration.
I "yum remove"d and "yum install"ed dovecot
(and re-edited dovecot.conf),
but that didn't seem to make any difference.

Why not tcpdump it over your ssh session to the server while you try to
connect and see what you can see.

Another more exotic workaround would be, on your local machine

ssh root@myserver -N -L993:localhost:993

while this runs, 993 (the first number) on your local client box will
magically be an encrypted wormhole to port 993 on myserver. Try running
that in one terminal session, and temporarily alter kmail to go look at
localhost for IMAP instead of myserver.

I'll try these tomorrow.
Thanks very much for your help anyway.

Tim,

Is fred the server and martha the remote machine? If so, the netstat command should be run on fred. I'd also check /etc/hosts.allow and /etc/hosts.deny.

Bob...

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: IIS and SBS 2003
    ... I have a new sbs2003 install and if I telnet to localhost ... port 80, and type hhh and hit enter it returns a HTTP/1.1 400 Bad ... "broken" sbs server, it connects but then dumps me. ... If I http to localhost, companyweb or anything I get Cannot Find ...
    (microsoft.public.windows.server.sbs)
  • Re: Suggestion for a lexical (login mode via TCPIP)
    ... Not sure of it is the right one to modify or to add another one, but it would be useful to be able to get information on whether the user us coming in via FTP, TELNET, etc. ... This would also allow a LOGIN.COM to check if someone is coming in through a secure/SSL port for instance. ... For the HP SSH server, it seems to be undefined. ... forget about the possibility of virtual terminals. ...
    (comp.os.vms)
  • Re: Cant connect to port 25 from another system
    ... The default sendmail config in RH/Fedora has been to only listen on the ... I previously edited the sendmail.mc file to be sure it is listening on ... Both netstat and nmap confirm that the system *is* listening on port ... When I attempt to telnet to port 25 the connection fails. ...
    (Fedora)
  • Re: RDP access to SBS 2003 - HELP please
    ... Might I add that 'out of the box', when I first got the server it worked ... of it to the telnet prompt and quit. ... Try the remote desktop connection to see if it works. ... the effect that it can't connect to xxx.xxx.xxx.xxx port 23. ...
    (microsoft.public.windows.server.sbs)
  • Re: IP Blocker in SBS2003 exchange
    ... > What I was trying to explain in the telnet section was that I realise ... > the server is listening for connections on ports 110 and 25. ... > but he can connect to port 110. ... > well as another wireless broadband connection. ...
    (microsoft.public.windows.server.sbs)