IMAPS and/or openssl problem

Ed Greshko Ed.Greshko at greshko.com
Fri Aug 31 02:18:49 UTC 2007 

Timothy Murphy wrote:
> Andy Green wrote:
> 
>> Somebody in the thread at some point said:
>>
>>>>         telnet <myserver> 993
>>>> I just get
>>>>         Trying <server IP address>
>>>> and nothing further, until I type ctrl-C.
>>> Check /var/log/messages to see if anything is logged.  The behavior of
>>> telnet sounds like the behavior of openssl.  It's probably not the
>> No, he doesn't even get a tcp connection established.  If I telnet to my
>> IMAP server I see
>>
>> telnet 192.168.0.xx 993
>> Trying 192.168.0.xx...
>> Connected to 192.168.0.xx.
>> Escape character is '^]'.
>>
>> I would first confirm that something is still listening on your external
>> network interface on 993.
> 
> Thanks for all the responses.
> 
> nmap seems to show that port 993 is open:
> =====================================
> [tim at martha ~]$ nmap 86.43.71.228
> 
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-08-31 02:13 CEST
> Interesting ports on 86.43.71.228:
> Not shown: 1688 closed ports
> PORT     STATE    SERVICE
> 80/tcp   open     http
> 135/tcp  filtered msrpc
> 139/tcp  filtered netbios-ssn
> 445/tcp  filtered microsoft-ds
> 593/tcp  filtered http-rpc-epmap
> 993/tcp  filtered imaps
> 1720/tcp filtered H.323/Q.931
> 2001/tcp open     dc
> 5190/tcp open     aol

Except that if you read the man page for nmap you find....

Filtered means that a firewall, filter, or other network obstacle is
covering the port and preventing nmap from determining whether the port is open.

And

[egreshko at misty ~]$ telnet 86.43.71.228 993
Trying 86.43.71.228...

Times out....

> 
> Nmap finished: 1 IP address (1 host up) scanned in 20.467 seconds
> =====================================
> 
> But "netstat -anp --tcp" does not show anything listening on 993
> =====================================
> [tim at martha ~]$ sudo netstat -anp --tcp
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address               Foreign Address            
> State       PID/Program name
> tcp        0      0 127.0.0.1:8000              0.0.0.0:*                  
> LISTEN      1745/nasd
> tcp        0      0 127.0.0.1:2208              0.0.0.0:*                  
> LISTEN      1637/hpiod
> tcp        0      0 0.0.0.0:139                 0.0.0.0:*                  
> LISTEN      1878/smbd
> tcp        0      0 0.0.0.0:631                 0.0.0.0:*                  
> LISTEN      1654/cupsd
> tcp        0      0 127.0.0.1:25                0.0.0.0:*                  
> LISTEN      1714/sendmail: acce
> tcp        0      0 0.0.0.0:445                 0.0.0.0:*                  
> LISTEN      1878/smbd
> tcp        0      0 127.0.0.1:2207              0.0.0.0:*                  
> LISTEN      1642/python
> tcp        0      0 0.0.0.0:33215               0.0.0.0:*                  
> LISTEN      1443/rpc.statd
> tcp        0      0 192.168.1.149:34676         86.43.71.228:2001          
> ESTABLISHED 3298/ssh
> tcp        0      0 :::901                      :::*                       
> LISTEN      1680/xinetd
> tcp        0      0 :::111                      :::*                       
> LISTEN      1422/rpcbind
> tcp        0      0 :::22                       :::*                       
> LISTEN      1668/sshd
> tcp        0      0 :::631                      :::*                       
> LISTEN      1654/cupsd
> =====================================
> 
> I can telnet 993 on my server without problem:
> =====================================
> [tim at alfred ~]$ telnet localhost 993
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> ^]
> telnet> quit
> Connection closed.
> =====================================
> 
> And "iptables -L" seems to allow this connection:
> =====================================
> ...
> Chain net2fw (1 references)
> target     prot opt source               destination
> ACCEPT     0    --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> ACCEPT     icmp --  anywhere             anywhere            icmp
> echo-request
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
> ACCEPT     tcp  --  anywhere             anywhere            tcp
> dpt:appserv-http
> ACCEPT     udp  --  anywhere             anywhere            udp
> dpt:appserv-http
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps
> Drop       0    --  anywhere             anywhere
> LOG        0    --  anywhere             anywhere            LOG level info
> prefix `Shorewall:net2fw:DROP:'
> DROP       0    --  anywhere             anywhere
> ...
> =====================================
> 
> So my best guess is that there is something wrong
> with my dovecot configuration.
> I "yum remove"d and "yum install"ed dovecot
> (and re-edited dovecot.conf),
> but that didn't seem to make any difference.
> 
>> Why not tcpdump it over your ssh session to the server while you try to
>> connect and see what you can see.
>>
>> Another more exotic workaround would be, on your local machine
>>
>> ssh root at myserver -N -L993:localhost:993
>>
>> while this runs, 993 (the first number) on your local client box will
>> magically be an encrypted wormhole to port 993 on myserver.  Try running
>> that in one terminal session, and temporarily alter kmail to go look at
>> localhost for IMAP instead of myserver.
> 
> I'll try these tomorrow.
> Thanks very much for your help anyway.
> 


-- 
First Law of Bicycling:
	No matter which way you ride, it's uphill and against the wind.

More information about the users mailing list