how to disable port 143
Hello,
I have commented out this line in 10-master.conf:
service imap-login { inet_listener imap { #port = 143 }
But this doesn't close the port 143. So I have changed it to:
service imap-login { inet_listener imap { address = 127.0.0.1 port = 143 }
This let port 143 listen on local address.
my question, is it possible to close port 143 entirely in dovecot?
Thanks.
Am 09.06.2024 um 01:21 schrieb Jeff Peng via dovecot:
[ ... ]
my question, is it possible to close port 143 entirely in dovecot?
https://doc.dovecot.org/configuration_manual/service_configuration/#port
Thanks.
On 9 Jun 2024, at 00:21, Jeff Peng via dovecot dovecot@dovecot.org wrote:
But this doesn't close the port 143. So I have changed it to:
service imap-login { inet_listener imap { address = 127.0.0.1 port = 143 }
This let port 143 listen on local address.
my question, is it possible to close port 143 entirely in dovecot?
Hi Jeff,
This is what I have in /etc/dovecot/conf.d/10-master.conf:
service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes }
In other words set the port to zero. I only have port 993 listening.
Pete.
I would say documented way of disabling a service listener.
Aki
On 09/06/2024 09:49 EEST Jeff Peng via dovecot dovecot@dovecot.org wrote:
setting port to zero, is it just a trick in dovecot? thank you.
In other words set the port to zero. I only have port 993 listening.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
that's great. now i have port 143 disabled.
# netstat -ntlp|grep dovecot tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 44800/dovecot tcp6 0 0 :::993
Thanks for the kind info.
regards.
I would say documented way of disabling a service listener.
Aki
On 09/06/2024 09:49 EEST Jeff Peng via dovecot dovecot@dovecot.org wrote:
setting port to zero, is it just a trick in dovecot? thank you.
In other words set the port to zero. I only have port 993 listening.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
If you don't want to accept any requests on port 143, can't you use the Linux firewall to reject them? That's what we do and it works well.
Jerry
We already have thousands of fw rules by fail2ban :)
On 2024-06-10 10:44, Jerry Stuckle via dovecot wrote:
If you don't want to accept any requests on port 143, can't you use the Linux firewall to reject them? That's what we do and it works well.
Jerry
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
We use fail2ban also. It's good for automatically updating the Linux firewall based on the system logs. However, if you just want to block one port for everyone you can do it yourself with one firewall rule.
For instance, if you have a database server that should only be accessed by systems on the LAN. you can put in a rule to accept any computers on the LAN followed by a rule to refuse all connect requests. That way even if a hacker gets your database password he can't get into the system.
Jerry
On 6/9/2024 11:22 PM, Jeff Peng wrote:
We already have thousands of fw rules by fail2ban :)
On 2024-06-10 10:44, Jerry Stuckle via dovecot wrote:
If you don't want to accept any requests on port 143, can't you use the Linux firewall to reject them? That's what we do and it works well.
Jerry
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
participants (5)
-
Aki Tuomi
-
Alexander Dallou
-
Jeff Peng
-
Jerry Stuckle
-
Pete Long