FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Install

 
 
LinkBack Thread Tools
 
Old 10-23-2008, 11:01 PM
"Karl Pearson"
 
Default dovecot Outlook failure

I'm in a client office, and they use Outlook. I installed a new server
after theirs was hacked into from China (story for another time). I've
installed Fedora 8 and everything is working, except dovecot from inside
the network (it's not going to work from outside anymore ).

If I sit at an XP PC and telnet 10.0.0.240 110 it just hangs for awhile,
then times out and ends up back at a DOS prompt. Same for 143 (IMAP).

I can telnet 10.0.0.240 25 and send email all day long.

I setup an Evolution account for both POP3 and IMAP on the server and it
works fine.

I have configured 2 other PCs with Fedora 8 in the last 2 months and
they both work fine. What am I missing here?

---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---
"To mess up your Linux PC, you have to really work at it;
to mess up a microsoft PC you just have to work on it."
---


_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 
Old 10-23-2008, 11:21 PM
Rick Stevens
 
Default dovecot Outlook failure

Karl Pearson wrote:

I'm in a client office, and they use Outlook. I installed a new server
after theirs was hacked into from China (story for another time). I've
installed Fedora 8 and everything is working, except dovecot from inside
the network (it's not going to work from outside anymore ).

If I sit at an XP PC and telnet 10.0.0.240 110 it just hangs for awhile,
then times out and ends up back at a DOS prompt. Same for 143 (IMAP).

I can telnet 10.0.0.240 25 and send email all day long.

I setup an Evolution account for both POP3 and IMAP on the server and it
works fine.

I have configured 2 other PCs with Fedora 8 in the last 2 months and
they both work fine. What am I missing here?


Uh, really dumb question, but did you "chkconfig dovecot on" to make
sure it starts on boot? Did you start it via "service dovecot start"?
Does "netstat -lpn" show dovecot listening on ports 110 and 143?
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks@nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- Careful! Ugly strikes 9 out of 10 people! -
----------------------------------------------------------------------

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 
Old 10-24-2008, 05:46 AM
Karl Pearson
 
Default dovecot Outlook failure

On Thu, 23 Oct 2008, Rick Stevens wrote:


Karl Pearson wrote:

I'm in a client office, and they use Outlook. I installed a new server
after theirs was hacked into from China (story for another time). I've
installed Fedora 8 and everything is working, except dovecot from inside
the network (it's not going to work from outside anymore ).

If I sit at an XP PC and telnet 10.0.0.240 110 it just hangs for awhile,
then times out and ends up back at a DOS prompt. Same for 143 (IMAP).

I can telnet 10.0.0.240 25 and send email all day long.

I setup an Evolution account for both POP3 and IMAP on the server and it
works fine.

I have configured 2 other PCs with Fedora 8 in the last 2 months and
they both work fine. What am I missing here?


Uh, really dumb question, but did you "chkconfig dovecot on" to make
sure it starts on boot? Did you start it via "service dovecot start"?
Does "netstat -lpn" show dovecot listening on ports 110 and 143?


No, that's not the least bit dumb. I didn't and it wasn't, but that wasn't
the problem because I did that pretty early on, and fixed it. The server
had been rebooted a few times since.


I did find the problem, though hadn't come across it before. It was
iptables not 'trusting' those services to be accessed from a remote IP
address. Thus, it worked on the server, but not from anywhere else. I did
iptables -F and turned it off. The server is behind a very nice
Linux-based firewall, and those services aren't NATted anyway. Only 25, 80
and 22 are open, and 22 to root is forbidden. The old server had been on a
DMZ, with Samba and everything else open for the world to see.


When I install other servers, I typically disable iptables from starting
at boot because I have my own scripts to do it for me.


With the information you gave in the last thread I started, I may be
re-thinking that strategy. It bit me big this time.


Thanks,

Karl


----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks@nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- Careful! Ugly strikes 9 out of 10 people! -
----------------------------------------------------------------------

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe



---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 
Old 10-24-2008, 05:21 PM
Rick Stevens
 
Default dovecot Outlook failure

Karl Pearson wrote:

On Thu, 23 Oct 2008, Rick Stevens wrote:


Karl Pearson wrote:

I'm in a client office, and they use Outlook. I installed a new server
after theirs was hacked into from China (story for another time). I've
installed Fedora 8 and everything is working, except dovecot from inside
the network (it's not going to work from outside anymore ).

If I sit at an XP PC and telnet 10.0.0.240 110 it just hangs for awhile,
then times out and ends up back at a DOS prompt. Same for 143 (IMAP).

I can telnet 10.0.0.240 25 and send email all day long.

I setup an Evolution account for both POP3 and IMAP on the server and it
works fine.

I have configured 2 other PCs with Fedora 8 in the last 2 months and
they both work fine. What am I missing here?


Uh, really dumb question, but did you "chkconfig dovecot on" to make
sure it starts on boot? Did you start it via "service dovecot start"?
Does "netstat -lpn" show dovecot listening on ports 110 and 143?


No, that's not the least bit dumb. I didn't and it wasn't, but that
wasn't the problem because I did that pretty early on, and fixed it. The
server had been rebooted a few times since.


I did find the problem, though hadn't come across it before. It was
iptables not 'trusting' those services to be accessed from a remote IP
address. Thus, it worked on the server, but not from anywhere else. I
did iptables -F and turned it off. The server is behind a very nice
Linux-based firewall, and those services aren't NATted anyway. Only 25,
80 and 22 are open, and 22 to root is forbidden. The old server had been
on a DMZ, with Samba and everything else open for the world to see.


Ah! Yeah, that'd block them for sure. iptables was going to be my next
question, but you beat me to it! Heheheheheh!

When I install other servers, I typically disable iptables from starting
at boot because I have my own scripts to do it for me.


With the information you gave in the last thread I started, I may be
re-thinking that strategy. It bit me big this time.


I'll help if I can. I just finished my PCI-hardening stuff so I've got
a pretty good grip on security stuff now...iptables, external firewalls,
ssh restrictions, session timeouts, authentication and sudo off LDAP,
the lot.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks@nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- I never drink water because of the disgusting things that fish do -
- in it. -
- -- WC. Fields -
----------------------------------------------------------------------

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 
Old 10-25-2008, 07:09 AM
Karl Pearson
 
Default dovecot Outlook failure

On Fri, 24 Oct 2008, Rick Stevens wrote:


Karl Pearson wrote:

On Thu, 23 Oct 2008, Rick Stevens wrote:


Karl Pearson wrote:

I'm in a client office, and they use Outlook. I installed a new server
after theirs was hacked into from China (story for another time). I've
installed Fedora 8 and everything is working, except dovecot from inside
the network (it's not going to work from outside anymore ).

If I sit at an XP PC and telnet 10.0.0.240 110 it just hangs for awhile,
then times out and ends up back at a DOS prompt. Same for 143 (IMAP).

I can telnet 10.0.0.240 25 and send email all day long.

I setup an Evolution account for both POP3 and IMAP on the server and it
works fine.

I have configured 2 other PCs with Fedora 8 in the last 2 months and
they both work fine. What am I missing here?


Uh, really dumb question, but did you "chkconfig dovecot on" to make
sure it starts on boot? Did you start it via "service dovecot start"?
Does "netstat -lpn" show dovecot listening on ports 110 and 143?


No, that's not the least bit dumb. I didn't and it wasn't, but that wasn't
the problem because I did that pretty early on, and fixed it. The server
had been rebooted a few times since.


I did find the problem, though hadn't come across it before. It was
iptables not 'trusting' those services to be accessed from a remote IP
address. Thus, it worked on the server, but not from anywhere else. I did
iptables -F and turned it off. The server is behind a very nice Linux-based
firewall, and those services aren't NATted anyway. Only 25, 80 and 22 are
open, and 22 to root is forbidden. The old server had been on a DMZ, with
Samba and everything else open for the world to see.


Ah! Yeah, that'd block them for sure. iptables was going to be my next
question, but you beat me to it! Heheheheheh!

When I install other servers, I typically disable iptables from starting at
boot because I have my own scripts to do it for me.


With the information you gave in the last thread I started, I may be
re-thinking that strategy. It bit me big this time.


I'll help if I can. I just finished my PCI-hardening stuff so I've got
a pretty good grip on security stuff now...iptables, external firewalls,
ssh restrictions, session timeouts, authentication and sudo off LDAP,
the lot.


Since I'm 'out of work' at the moment and back to consulting, I really
ought to learn what PCI is really all about. I understand the basics, but
the requirements are just about overwhelming to one as annoyingly
self-taught as I am.


Thanks for your help again.

Karl


----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks@nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- I never drink water because of the disgusting things that fish do -
- in it. -
- -- WC. Fields -
----------------------------------------------------------------------

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe



---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---
"To mess up your Linux PC, you have to really work at it;
to mess up a microsoft PC you just have to work on it."
---

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 

Thread Tools




All times are GMT. The time now is 07:28 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org