Bug #2703

POP3s port is closed

Added by Alessio Fattorini over 5 years ago. Updated over 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-mail-server
Target version:v6.5
Security class: Resolution:
Affected version:v6.5-final NEEDINFO:No

Description

Nethserver with mail -> mailboxes -> pop3 checked
Connection from internal or external networks to pop3s (port 995) doesn't works

daemon is listening correctly on 995

 openssl s_client -connect localhost:995 -quiet
 +OK Dovecot ready

But no 995 rule on iptables in INPUT iptable table I see only this ports: 110 993 143

Infact the port is not here too:

config getprop dovecot TCPPorts
 110,143,4190,993

Associated revisions

Revision 89102458
Added by Davide Principi over 5 years ago

dovecot DB default: open POP3s port. Refs #2703

Revision a71aaa6c
Added by Davide Principi over 5 years ago

Added bug2703.ns6_5 migration fragment. Refs #2703

Fixes port POP3s 995 by enabling it by default.

Revision 784e0724
Added by Davide Principi over 5 years ago

Removed execution bit. Refs #2703

History

#1 Updated by Alessio Fattorini over 5 years ago

Quick workaround add 995 port to db and modify firewall configuration:

config setprop dovecot TCPPorts 4190,993,995
signal-event firewall-adjust

#2 Updated by Filippo Carletti over 5 years ago

  • Subject changed from IMAPS port is not open on firewall to POP3S port is not open on firewall

#3 Updated by Alessio Fattorini over 5 years ago

  • Subject changed from POP3S port is not open on firewall to POP3s port is not open on firewall
  • Description updated (diff)

#4 Updated by Davide Principi over 5 years ago

  • Target version set to ~FUTURE

#5 Updated by Davide Principi over 5 years ago

  • Subject changed from POP3s port is not open on firewall to POP3s port is closed
  • Status changed from NEW to TRIAGED
  • Target version changed from ~FUTURE to v6.5
  • % Done changed from 0 to 20
  • Affected version set to v6.5-final

#6 Updated by Davide Principi over 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#7 Updated by Davide Principi over 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case

After a fresh nethserver-mail-server installation the 995 TCP port must be open:

   # iptables -nvL | grep 995
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:995

Release note

For existing installations the DB dovecot/TCPPorts prop must be upgraded manually. Type the following command:

   #  { config getprop dovecot TCPPorts | grep -q 995; } || config setprop dovecot TCPPorts `config getprop dovecot TCPPorts`,995

#8 Updated by Davide Principi over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-mail-server-1.6.3-1.0git89102458.ns6.noarch

#9 Updated by Filippo Carletti over 5 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20

I'd add a migration fragment to automatically update the db.

#10 Updated by Davide Principi over 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

Ok, the migration fragment must be removed after v6.5 release.

#11 Updated by Filippo Carletti over 5 years ago

Davide Principi wrote:

Ok, the migration fragment must be removed after v6.5 release.

Mmh, why? If you update from 6.5 to 6.7?

#12 Updated by Davide Principi over 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Remove the "Release notes"

#13 Updated by Davide Principi over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-mail-server-1.6.3-3.0git784e0724.ns6.noarch.rpm

#14 Updated by Davide Principi over 5 years ago

Filippo Carletti wrote:

Davide Principi wrote:

Ok, the migration fragment must be removed after v6.5 release.

Mmh, why? If you update from 6.5 to 6.7?

Right, I correct myself: it must be removed at the next major release (7.0), as it seems that upstream upgrades for minor releases are allowed:

http://lists.centos.org/pipermail/centos-announce/2013-December/020032.html

#15 Updated by Giacomo Sanchietti over 5 years ago

  • Assignee set to Giacomo Sanchietti

#16 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Fresh install

[root@localhost ~]# netstat -lanp | grep 995 | grep dovecot
tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN      4242/dovecot        
tcp        0      0 :::995                      :::*                        LISTEN      4242/dovecot        

[root@localhost ~]# config getprop dovecot TCPPorts
110,143,4190,993,995

Already installed machine

Before update:

[root@localhost packages]# config getprop dovecot TCPPorts
110,143,4190,993

After update:

[root@localhost packages]# config getprop dovecot TCPPorts
110,143,4190,993,995

#17 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released:
  • nethserver-mail-server-1.6.4-1.ns6.noarch.rpm

Also available in: Atom PDF