IMAP-auth on LAN and otherwise

Tobi tobster at brain-force.ch
Tue May 2 17:53:12 EEST 2017


I'm not sure that this is a dovecot issue. For me it sounds more that
the router somehow learned dovecots LAN ip and then takes a shortcut by
sending the packets directly to dovecot on routers LAN interface instead
of going all the way to the WAN interface and then back to LAN.
You could verify if that is the case by tcpdump on dovecot and see on
what interface the request comes is.

If that would be my setup I would configure a local nameserver with
split-horizon config and resolve my dovecots hostname with the LAN IP.
Then connecting TB to dovecots hostname as servername. So if your
outside your LAN it would resolve with your public IP and inside your
LAN it resolves with dovecots LAN IP.

Cheers

tobi


Am 02.05.2017 um 15:46 schrieb Rupert Gallagher:
> Hello,
>
> Thunderbird has been bugging us with connection errors. Dovecot is installed on a local server that carries a local IP and a public IP. When Thunderbird on a local client connects successfully, Wireshark shows a SYN request from the client's IP on LAN to the public IP of the server, followed by the ACK from the same public IP. When Thunderbird on the same local client fails to connect, Wireshark shows a SYN request from the client's IP on LAN to the public IP of the server, followed by the ACK from the server's LAN address, the client does not accept the ACK as valid and sends a new SYN request. The loop eventually leads to time-out. At the client's console, the DNS query of the IMAP server always responds with the server's public IP address.
>
> It is evident from Wireshark that the dovecot server sends ACKs from two IPs. Is it possible to instruct Dovecot to use the public IP only?




More information about the dovecot mailing list