Andy Green wrote: > Somebody in the thread at some point said: > >>> telnet <myserver> 993 >>> I just get >>> Trying <server IP address> >>> and nothing further, until I type ctrl-C. > >> Check /var/log/messages to see if anything is logged. The behavior of >> telnet sounds like the behavior of openssl. It's probably not the > > No, he doesn't even get a tcp connection established. If I telnet to my > IMAP server I see > > telnet 192.168.0.xx 993 > Trying 192.168.0.xx... > Connected to 192.168.0.xx. > Escape character is '^]'. > > I would first confirm that something is still listening on your external > network interface on 993. Thanks for all the responses. nmap seems to show that port 993 is open: ===================================== [tim@martha ~]$ nmap 86.43.71.228 Starting Nmap 4.20 ( http://insecure.org ) at 2007-08-31 02:13 CEST Interesting ports on 86.43.71.228: Not shown: 1688 closed ports PORT STATE SERVICE 80/tcp open http 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 993/tcp filtered imaps 1720/tcp filtered H.323/Q.931 2001/tcp open dc 5190/tcp open aol Nmap finished: 1 IP address (1 host up) scanned in 20.467 seconds ===================================== But "netstat -anp --tcp" does not show anything listening on 993 ===================================== [tim@martha ~]$ sudo netstat -anp --tcp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 1745/nasd tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 1637/hpiod tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1878/smbd tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 1654/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1714/sendmail: acce tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1878/smbd tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 1642/python tcp 0 0 0.0.0.0:33215 0.0.0.0:* LISTEN 1443/rpc.statd tcp 0 0 192.168.1.149:34676 86.43.71.228:2001 ESTABLISHED 3298/ssh tcp 0 0 :::901 :::* LISTEN 1680/xinetd tcp 0 0 :::111 :::* LISTEN 1422/rpcbind tcp 0 0 :::22 :::* LISTEN 1668/sshd tcp 0 0 :::631 :::* LISTEN 1654/cupsd ===================================== I can telnet 993 on my server without problem: ===================================== [tim@alfred ~]$ telnet localhost 993 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. ^] telnet> quit Connection closed. ===================================== And "iptables -L" seems to allow this connection: ===================================== ... Chain net2fw (1 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:appserv-http ACCEPT udp -- anywhere anywhere udp dpt:appserv-http ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:imaps Drop 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:net2fw:DROP:' DROP 0 -- anywhere anywhere ... ===================================== So my best guess is that there is something wrong with my dovecot configuration. I "yum remove"d and "yum install"ed dovecot (and re-edited dovecot.conf), but that didn't seem to make any difference. > Why not tcpdump it over your ssh session to the server while you try to > connect and see what you can see. > > Another more exotic workaround would be, on your local machine > > ssh root@myserver -N -L993:localhost:993 > > while this runs, 993 (the first number) on your local client box will > magically be an encrypted wormhole to port 993 on myserver. Try running > that in one terminal session, and temporarily alter kmail to go look at > localhost for IMAP instead of myserver. I'll try these tomorrow. Thanks very much for your help anyway. -- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
