Changing the imaps port #

Michael A. Peters mpeters at domblogger.net
Tue Jan 22 11:25:22 EET 2019


Comcast DNS servers enforce dnssec, AT&T does not (last I checked). If 
by chance your zone has DNSSEC enabled but mis-configured then it is 
possible the domain name you use for the dovecot server is not resolving 
because of a dnssec validation failure.

I have never heard of comcast or any ISP blocking port 993. That would 
seem to be a violation of net neutrality rules. I use comcast (consumer, 
not business) and it does not block 993 (does block 25 but that it 
should block for dynamic issued addresses)

Look at the domain name used in your e-mail client and make sure it 
actually resolves. If it does not, check to see if DNSSEC validation is 
the issue.

On 1/21/19 8:58 PM, Patrick Mahan wrote:
> Yes, I am pretty sure about that.  I originally was connected via AT&T 
> DSL but wanted the fast access of cable modem.  I need permanent IPs 
> which required me to contract with Comcast buisness.  Once I switched 
> over, I was no longer able to access my imap server, which was as I 
> mentioned, stunnel listening on the imaps port and forwarding to dovecot 
> listening on the imap port.
> 
> I was getting connection refused on my laptop (thunderbird) email client 
> when I was not at home.  I validated that it was not because it was 
> reaching my email server.  So who ever was rejecting it, I assumed it 
> was somewhere inside the comcast network.  Once I switch to a 
> non-standard port, I was able to connect again.
> 
> Re needing to say ssl = yes, I thought that was implied for imaps?
> 
> I can go back to stunnel, just thought it was an unnecessary layer.
> 
> Thanks,
> 
> Patrick
> 
> 
> On Mon, Jan 21, 2019 at 8:46 PM @lbutlr <kremels at kreme.com 
> <mailto:kremels at kreme.com>> wrote:
> 
>     On 21 Jan 2019, at 20:17, Patrick Mahan <plmahan at gmail.com
>     <mailto:plmahan at gmail.com>> wrote:
>      > Due to comcast buisness ISP intercepting imaps
> 
>     At you sure about that? I've been using comcast business for 7 years
>     and the do not block 143, 993 587 or 25. they do block 110, but
>     that's fine, I stopped supporting POP around 2001.
> 
>     Other than 110, they block DHCP, NETBIOS, SNMP, and ports 445, 520,
>     and 1080. They will block port 25 on a individual basis, but I've no
>     idea what their criteria is for that.
> 
>      > I need to have my clients connect to non-standard port (9999). 
>     Previously I had been using stunnel to receive the imaps connection
>     and forward it to the imap port over 127.0.0.1.  But I would like to
>     retire stunnel and have my imap clients connect remotely.
> 
>     An stunnel or a reverse proxy is the best way to do this, honestly.
> 
>     As for why your config isn't working, my only guess is maybe you
>     need to specify ssl?
> 
>       inet_listener imaps {
>            port = 999
>            ssl = yes
>         }
> 
>     ?
> 
> 
>     -- 
>     If you write the word "monkey" a million times, do you start to
>     think you're
>     Shakespeare? -- Steven Wright
> 



More information about the dovecot mailing list