I admit I don't quite understand dovecot's config yet, but this is driving me batty. I was looking at my server and noticed that dovecot was listening on the pop3 ports (110/TCP). Since I do not use pop3 at all, nor does anyone who has ever or ever will connect to the server, that seems like a needless waste. So I went through the config files and commented out every reference to pop3 in them. But when I restart dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY external ports I want dovecot listening to are imap4 and imap4s.
Thanks!
-- Dan Egli From my Test Server
maybe remove pop3 from protocols, remove service pop3-login, service pop3?
I admit I don't quite understand dovecot's config yet, but this is driving me batty. I was looking at my server and noticed that dovecot was listening on the pop3 ports (110/TCP). Since I do not use pop3 at all, nor does anyone who has ever or ever will connect to the server, that seems like a needless waste. So I went through the config files and commented out every reference to pop3 in them. But when I restart dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY external ports I want dovecot listening to are imap4 and imap4s.
Thanks!
Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out.
On 5/4/2021 1:12 AM, Marc wrote:
maybe remove pop3 from protocols, remove service pop3-login, service pop3?
I admit I don't quite understand dovecot's config yet, but this is driving me batty. I was looking at my server and noticed that dovecot was listening on the pop3 ports (110/TCP). Since I do not use pop3 at all, nor does anyone who has ever or ever will connect to the server, that seems like a needless waste. So I went through the config files and commented out every reference to pop3 in them. But when I restart dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY external ports I want dovecot listening to are imap4 and imap4s.
Thanks!
-- Dan Egli From my Test Server
On 2021-05-04 10:20, Dan Egli wrote:
Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out. Then please post the output of doveconf -n. Seems there is still something left.
The list of installed dovecot packages would also be help.
-- Christian Kivalo
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs # Hostname: jupiter.newideatest.site auth_debug = yes auth_mechanisms = plain login auth_socket_path = /run/dovecot/auth-userdb auth_verbose = yes debug_log_path = /var/log/dovecot/debug.log default_vsz_limit = 1 G disable_plaintext_auth = no first_valid_uid = 114 hostname = jupiter.newideatest.site info_log_path = /var/log/dovecot/info.log log_path = /var/log/dovecot/error.log mail_debug = yes mail_gid = exim4u mail_location = maildir:/var/mail/%d/%n/Maildir:INDEX=/var/mail/indexes/%d/%1n/%n mail_plugins = fts mail_privileged_group = mail mail_server_admin = <redacted> mail_uid = exim4u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts_autoindex = yes fts_autoindex_exclude = \Junk fts_autoindex_exclude2 = \Trash fts_autoindex_exclude3 = \Drafts fts_autoindex_exclude4 = \Spam fts_enforced = yes imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * plugin = fts managesieve sieve sieve = file:%h/sieve;active=%h/.dovecot.sieve sieve_Dir = ~/sieve sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter sieve_global_dir = /var/lib/dovecot/sieve/ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment sieve_global_path = /var/lib/dovecot/sieve/default.sieve sieve_pipe_bin_dir = /var/lib/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms } postmaster_address = postmaster@newideatest.site service auth { unix_listener auth-client { mode = 0600 user = exim4u } unix_listener auth-userdb { group = exim4u mode = 0777 user = exim4u } } service lmtp { unix_listener /var/spool/exim/dovecot-lmtp/lmtp { group = exim4u mode = 0660 user = exim4u } } service managesieve-login { inet_listener sieve { port = 4190 } } service stats { unix_listener stats-reader { mode = 0777 user = exim4u } unix_listener stats-writer { mode = 0777 user = exim4u } } service submission-login { inet_listener submission { port = 2587 } } ssl_cert = </etc/letsencrypt/live/newideatest.site/fullchain.pem ssl_client_ca_dir = /etc/pki/tls/exim_tls/ ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } verbose_ssl = yes protocol lmtp { info_log_path = /var/log/dovecot/lmtp.log log_path = /var/log/dovecot/lmtp-errors.log mail_plugins = fts sieve sieve postmaster_address = postmaster@newideatest.site } protocol lda { info_log_path = /var/log/dovecot/lda.log log_path = /var/log/dovecot/lda-errors.log mail_plugins = fts sieve sieve } protocol imap { mail_plugins = fts imap_sieve }
and yet if I do doveconf protocols: # doveconf protocols protocols = imap pop3 lmtp
On 5/4/2021 2:25 AM, Christian Kivalo wrote:
On 2021-05-04 10:20, Dan Egli wrote:
Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out. Then please post the output of doveconf -n. Seems there is still something left.
The list of installed dovecot packages would also be help.
-- Dan Egli From my Test Server
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs # Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols: # doveconf protocols protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to install. This could also just be: protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the config in place.
The other option to disable the pop3 listeners is to set the port = 0
From 10-master.conf (when using split config files) service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 ssl = yes } }
This disables pop3 listeners even when the pop3 protocol is enabled.
-- Christian Kivalo
On 5/4/2021 3:18 AM, Christian Kivalo wrote:
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs # Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols: # doveconf protocols protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to install. This could also just be: protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the config in place.
The other option to disable the pop3 listeners is to set the port = 0
From 10-master.conf (when using split config files) service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 ssl = yes } }
This disables pop3 listeners even when the pop3 protocol is enabled.
I would have thought that commenting them out would do that too. But I can uncomment them and add a port = 0, see if that helps.
-- Dan Egli From my Test Server
I meant in the firewall itself.
Usually when you set up a server none of thr ports are open in the firewall. At some point you opened 110 and 995.
Original Message
From: dan@newideatest.site Sent: May 4, 2021 2:41 AM To: dovecot@dovecot.org; ml+dovecot@valo.at Subject: Re: disable pop3 ports?
On 5/4/2021 3:18 AM, Christian Kivalo wrote:
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs # Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols: # doveconf protocols protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to install. This could also just be: protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the config in place.
The other option to disable the pop3 listeners is to set the port = 0
From 10-master.conf (when using split config files) service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 ssl = yes } }
This disables pop3 listeners even when the pop3 protocol is enabled.
I would have thought that commenting them out would do that too. But I can uncomment them and add a port = 0, see if that helps.
-- Dan Egli From my Test Server
On 04/05/2021 12:40 Dan Egli <dan@newideatest.site> wrote:
On 5/4/2021 3:18 AM, Christian Kivalo wrote:
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs # Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols: # doveconf protocols protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to install. This could also just be: protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the config in place.
The other option to disable the pop3 listeners is to set the port = 0
From 10-master.conf (when using split config files) service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 ssl = yes } }
This disables pop3 listeners even when the pop3 protocol is enabled.
I would have thought that commenting them out would do that too. But I can uncomment them and add a port = 0, see if that helps.
-- Dan Egli From my Test Server
Hi!
To correctly enable/disable protocols, ensure they are (not) listed on protocols.
doveconf protocols
tells you this.
Usually on debian based systems the easiest way is to uninstall dovecot-pop3d
package.
Aki
Hi,
I experienced the same issue in the past.
For me it was a systemd issue. In systemd (</lib/systemd/system/dovecot.socket>) all ports were listed so that systemd listens on these.
I solved it by placing the following content in </etc/systemd/system/dovecot.socket>: --- snip --- [Unit] Description=Dovecot IMAP/POP3 email server activation socket
[Socket] #dovecot expects separate IPv4 and IPv6 sockets BindIPv6Only=ipv6-only ListenStream=0.0.0.0:993 ListenStream=[::]:993 KeepAlive=true
[Install] WantedBy=sockets.target --- snip ---
best, Sven
Am 04.05.2021 um 12:14 schrieb Aki Tuomi:
On 04/05/2021 12:40 Dan Egli <dan@newideatest.site> wrote:
On 5/4/2021 3:18 AM, Christian Kivalo wrote:
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs # Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols: # doveconf protocols protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to install. This could also just be: protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the config in place.
The other option to disable the pop3 listeners is to set the port = 0
From 10-master.conf (when using split config files) service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 ssl = yes } }
This disables pop3 listeners even when the pop3 protocol is enabled.
I would have thought that commenting them out would do that too. But I can uncomment them and add a port = 0, see if that helps.
-- Dan Egli From my Test Server
Hi!
To correctly enable/disable protocols, ensure they are (not) listed on protocols.
doveconf protocols
tells you this.
Usually on debian based systems the easiest way is to uninstall
dovecot-pop3d
package.Aki
-- Best regards, Sven Strickroth PGP key id F5A9D4C4 @ any key-server
Nice idea, but I don't use Systemd. This is a Gentoo system with SELinux and Gentoo's Selinux policies conflict with Systemd.
On 5/4/2021 12:53 PM, Sven Strickroth wrote:
Hi,
I experienced the same issue in the past.
For me it was a systemd issue. In systemd (</lib/systemd/system/dovecot.socket>) all ports were listed so that systemd listens on these.
I solved it by placing the following content in </etc/systemd/system/dovecot.socket>: --- snip --- [Unit] Description=Dovecot IMAP/POP3 email server activation socket
[Socket] #dovecot expects separate IPv4 and IPv6 sockets BindIPv6Only=ipv6-only ListenStream=0.0.0.0:993 ListenStream=[::]:993 KeepAlive=true
[Install] WantedBy=sockets.target --- snip ---
best, Sven
Am 04.05.2021 um 12:14 schrieb Aki Tuomi:
On 04/05/2021 12:40 Dan Egli <dan@newideatest.site> wrote:
On 5/4/2021 3:18 AM, Christian Kivalo wrote:
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs # Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols: # doveconf protocols protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to install. This could also just be: protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the config in place.
The other option to disable the pop3 listeners is to set the port =
0
From 10-master.conf (when using split config files) service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 ssl = yes } }
This disables pop3 listeners even when the pop3 protocol is enabled.
I would have thought that commenting them out would do that too. But I can uncomment them and add a port = 0, see if that helps.
-- Dan Egli From my Test Server
Hi!
To correctly enable/disable protocols, ensure they are (not) listed on protocols.
doveconf protocols
tells you this.
Usually on debian based systems the easiest way is to uninstall
dovecot-pop3d
package.Aki
-- Dan Egli From my Test Server
On 5/4/2021 4:14 AM, Aki Tuomi wrote:
Hi! To correctly enable/disable protocols, ensure they are (not) listed on protocols.
doveconf protocols
tells you this.
Usually on debian based systems the easiest way is to uninstall
dovecot-pop3d
package.Aki
Aki, That's what I'm saying. The only place pop3 IS listed is in doveconf protocols. I'm going to try settiing the ports to 0 and see if that does the trick.
And for those who keep mentioning the firewall, understand that I'm beyond security paranoid. Simply blocking at the firewall is not enough. I want to ensure that NO ONE is listening on that port, even if it's just localhost.
--
Dan Egli From my Test Server
On Tuesday, May 4, 2021 11:27:28 AM AKDT Dan Egli wrote:
Aki, That's what I'm saying. The only place pop3 IS listed is in doveconf protocols. I'm going to try settiing the ports to 0 and see if that does the trick.
And for those who keep mentioning the firewall, understand that I'm beyond security paranoid. Simply blocking at the firewall is not enough. I want to ensure that NO ONE is listening on that port, even if it's just localhost.
What in the world is going on here with POP3 on dovecot? I used to use POP3 on my desktop, and configure my desktop POP3 client to leave maybe 30 days' worth of email on the server accessible via IMAP to my mobile phone.
After that I could archive or delete / discard old email on my desktop at my leisure. Except since the last couple of upgrades to dovecot software, that is no longer possible, and the system crashes and I lose all my email whenever I try to use POP3 for anything.
I completely understand the tinfoil hat attitude with commercial spammers trying every trick in the book to take over private email servers and German Nazi cops doing the same to make criminal busts beating in doors with a battering ram, letting off flash-bang grenades, hadcuffing suspects and "disappearing" them to top-secret dentention centers -- (Does anyone remember Buchenwald, Auschwitz, Dachau?) -- without even so much as a case on the court docket, it's all for the safety and well-being of the children in the community, and no one in his right mind would even doubt that all the cops are on the right side of the law doing good works for humanity.
I don't want to say "compromise" -- no, there's got to be a very basic, simple "right way" to do it, and POP3 has to be made to work properly "by the book" somehow like it used to, and I don't have any better answers than anybody else either, because it's broke on my system, too.
On 04/05/2021 22:27 Dan Egli <dan@newideatest.site> wrote:
On 5/4/2021 4:14 AM, Aki Tuomi wrote:
Hi! To correctly enable/disable protocols, ensure they are (not) listed on protocols.
doveconf protocols
tells you this.
Usually on debian based systems the easiest way is to uninstall
dovecot-pop3d
package.Aki
Aki, That's what I'm saying. The only place pop3 IS listed is in doveconf protocols. I'm going to try settiing the ports to 0 and see if that does the trick.
And for those who keep mentioning the firewall, understand that I'm beyond security paranoid. Simply blocking at the firewall is not enough. I want to ensure that NO ONE is listening on that port, even if it's just localhost.
--
Dan Egli From my Test Server
Since people seem to be really adamant about the port solution, I just offer my own alternative.
NOT LISTING pop3 in protocols, will disable, in dovecot, any pop3 listeners.
If pop3, or imap, or whatever protocol, is listed in protocols, it will start those listeners.
FWIW settings those ports to 0 will stop them from listening, it's just bit roundabout way to do it, when you could tell dovecot not to even load the whole protocol listeners.
Aki
Hi,
you can try to insert "protocols = imap lmtp" ath the end of your "dovecot.conf" file. That works for me.
Regards Urban
Am 04.05.21 um 10:29 schrieb Dan Egli:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs # Hostname: jupiter.newideatest.site auth_debug = yes auth_mechanisms = plain login auth_socket_path = /run/dovecot/auth-userdb auth_verbose = yes debug_log_path = /var/log/dovecot/debug.log default_vsz_limit = 1 G disable_plaintext_auth = no first_valid_uid = 114 hostname = jupiter.newideatest.site info_log_path = /var/log/dovecot/info.log log_path = /var/log/dovecot/error.log mail_debug = yes mail_gid = exim4u mail_location = maildir:/var/mail/%d/%n/Maildir:INDEX=/var/mail/indexes/%d/%1n/%n mail_plugins = fts mail_privileged_group = mail mail_server_admin = <redacted> mail_uid = exim4u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts_autoindex = yes fts_autoindex_exclude = \Junk fts_autoindex_exclude2 = \Trash fts_autoindex_exclude3 = \Drafts fts_autoindex_exclude4 = \Spam fts_enforced = yes imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * plugin = fts managesieve sieve sieve = file:%h/sieve;active=%h/.dovecot.sieve sieve_Dir = ~/sieve sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter sieve_global_dir = /var/lib/dovecot/sieve/ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment sieve_global_path = /var/lib/dovecot/sieve/default.sieve sieve_pipe_bin_dir = /var/lib/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms } postmaster_address = postmaster@newideatest.site service auth { unix_listener auth-client { mode = 0600 user = exim4u } unix_listener auth-userdb { group = exim4u mode = 0777 user = exim4u } } service lmtp { unix_listener /var/spool/exim/dovecot-lmtp/lmtp { group = exim4u mode = 0660 user = exim4u } } service managesieve-login { inet_listener sieve { port = 4190 } } service stats { unix_listener stats-reader { mode = 0777 user = exim4u } unix_listener stats-writer { mode = 0777 user = exim4u } } service submission-login { inet_listener submission { port = 2587 } } ssl_cert = </etc/letsencrypt/live/newideatest.site/fullchain.pem ssl_client_ca_dir = /etc/pki/tls/exim_tls/ ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } verbose_ssl = yes protocol lmtp { info_log_path = /var/log/dovecot/lmtp.log log_path = /var/log/dovecot/lmtp-errors.log mail_plugins = fts sieve sieve postmaster_address = postmaster@newideatest.site } protocol lda { info_log_path = /var/log/dovecot/lda.log log_path = /var/log/dovecot/lda-errors.log mail_plugins = fts sieve sieve } protocol imap { mail_plugins = fts imap_sieve }
and yet if I do doveconf protocols: # doveconf protocols protocols = imap pop3 lmtp
On 5/4/2021 2:25 AM, Christian Kivalo wrote:
On 2021-05-04 10:20, Dan Egli wrote:
Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out. Then please post the output of doveconf -n. Seems there is still something left.
The list of installed dovecot packages would also be help.
Le 5/4/21 à 9:25 AM, Christian Kivalo a écrit :
On 2021-05-04 10:20, Dan Egli wrote:
Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out. Then please post the output of doveconf -n. Seems there is still something left.
The list of installed dovecot packages would also be help.
Commenting out is letting the defaults take precedence, not disabling.
-- Yassine
Changing the ports to = 0 did the trick. Nothing is listening on or 995
now. Thanks for your help, all!
-- Dan Egli From my Test Server
This has been a long thread. In summary, do this:
From 10-master.conf (when using split config files)
service pop3-login { net_listener pop3 { port = 0 } inet_listener pop3s { port = 0 ssl = yes }
This disables pop3 listeners even when the pop3 protocol is enabled.
Regarding protection from the local host, if they can get on your system then they will just attack imap. But I suppose this port=0 thing is still a good idea since it reduces the attack surface. I see no disadvantage.
Original Message
From: dan@newideatest.site Sent: May 4, 2021 12:35 PM To: dovecot@dovecot.org Subject: Re: disable pop3 ports? (success)
Changing the ports to = 0 did the trick. Nothing is listening on or 995
now. Thanks for your help, all!
-- Dan Egli From my Test Server
Don't enable the port in the firewall. Actually two ports (encrypted and not).
110 and 995.
Original Message
From: dan@newideatest.site Sent: May 4, 2021 1:20 AM To: Marc@f1-outsourcing.eu; dovecot@dovecot.org Subject: Re: disable pop3 ports?
Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out.
On 5/4/2021 1:12 AM, Marc wrote:
maybe remove pop3 from protocols, remove service pop3-login, service pop3?
I admit I don't quite understand dovecot's config yet, but this is driving me batty. I was looking at my server and noticed that dovecot was listening on the pop3 ports (110/TCP). Since I do not use pop3 at all, nor does anyone who has ever or ever will connect to the server, that seems like a needless waste. So I went through the config files and commented out every reference to pop3 in them. But when I restart dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY external ports I want dovecot listening to are imap4 and imap4s.
Thanks!
-- Dan Egli From my Test Server
Not sure what distribution you are using, but some distributions provide distincts package for dovecot-pop, so removing it may be enough.
This package main purpose it to install a file in /usr/share/dovecot/protocols.d/ which is then imported in the config by a line like "!include_try /usr/share/dovecot/protocols.d/*.protocol »
Also, make sure "doveconf protocols" does not include pop3
Presence of service pop3-login, service pop3 in config should not be enough to start listening on pop3 ports.
Le 4 mai 2021 à 06:40, Dan Egli <dan@newideatest.site> a écrit :
I admit I don't quite understand dovecot's config yet, but this is driving me batty. I was looking at my server and noticed that dovecot was listening on the pop3 ports (110/TCP). Since I do not use pop3 at all, nor does anyone who has ever or ever will connect to the server, that seems like a needless waste. So I went through the config files and commented out every reference to pop3 in them. But when I restart dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY external ports I want dovecot listening to are imap4 and imap4s.
Thanks!
-- Dan Egli From my Test Server
<OpenPGP_0x11B7451DF2015959.asc>
I'm using Gentoo. They do not have separate packages for dovecot. It's all under one roof so to speak. And I checked. doveconf protocols DOES list pop3, but according to grep it's commented out EVERYWHERE!
# grep pop3 * 10-director.conf:#service pop3-login { 10-director.conf: #executable = pop3-login director 10-mail.conf:# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired 10-mail.conf:#mbox_md5 = apop3d 10-master.conf:#service pop3-login { 10-master.conf:# inet_listener pop3 { 10-master.conf:# inet_listener pop3s { 10-master.conf:#completely disable pop3 10-master.conf:#service pop3 { 20-pop3.conf:#pop3_no_flag_updates = no 20-pop3.conf:#pop3_enable_last = no 20-pop3.conf:#pop3_reuse_xuidl = no 20-pop3.conf:#pop3_lock_session = no 20-pop3.conf:#pop3_fast_size_lookups = no 20-pop3.conf:# UW's ipop3d : %08Xv%08Xu 20-pop3.conf:# tpop3d : %Mf 20-pop3.conf:#pop3_uidl_format = %08Xu%08Xv 20-pop3.conf:# Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes 20-pop3.conf:#pop3_save_uidl = no 20-pop3.conf:#pop3_uidl_duplicates = allow 20-pop3.conf:#pop3_deleted_flag = 20-pop3.conf:#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s 20-pop3.conf:#pop3_client_workarounds = 20-pop3.conf:#protocol pop3 {
This is PRECISELY why I'm confused. As you can see there is no uncommented pop3 in the config files, but doveconf protocols shows imap, lmtp, AND pop3
On 5/4/2021 2:18 AM, Jean-Daniel wrote:
Not sure what distribution you are using, but some distributions provide distincts package for dovecot-pop, so removing it may be enough.
This package main purpose it to install a file in /usr/share/dovecot/protocols.d/ which is then imported in the config by a line like "!include_try /usr/share/dovecot/protocols.d/*.protocol »
Also, make sure "doveconf protocols" does not include pop3
Presence of service pop3-login, service pop3 in config should not be enough to start listening on pop3 ports.
Le 4 mai 2021 à 06:40, Dan Egli <dan@newideatest.site> a écrit :
I admit I don't quite understand dovecot's config yet, but this is driving me batty. I was looking at my server and noticed that dovecot was listening on the pop3 ports (110/TCP). Since I do not use pop3 at all, nor does anyone who has ever or ever will connect to the server, that seems like a needless waste. So I went through the config files and commented out every reference to pop3 in them. But when I restart dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY external ports I want dovecot listening to are imap4 and imap4s.
Thanks!
-- Dan Egli From my Test Server
<OpenPGP_0x11B7451DF2015959.asc>
-- Dan Egli From my Test Server
participants (10)
-
Aki Tuomi
-
Christian Kivalo
-
Dan Egli
-
Jean-Daniel
-
justina colmena ~biz
-
lists
-
Marc
-
Sven Strickroth
-
Urban Loesch
-
Yassine Chaouche