1

Topic: Unable to connect to managesieve server

==== Required information ====
- iRedMail version: 0.8.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Debian Wheezy
- Related log if you're reporting an issue:
====

Hi Folks!

Since hijacking threads which are definitely on same topic seems still not to be the fine english style.. So new post new chance?


I try to use the managesieve service on iRedMail..
Since server-side filtering on filter rules created by RoundCubeMail work seamlessly and a connect via telnet on localhost:4190 also seems to be succsessful:


# telnet localhost 4190
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave"
"NOTIFY" "mailto"
"SASL" "PLAIN LOGIN"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."


I assumed a working service whcih provides connectivity from wan-side cause of this:

# netstat -lnp | grep 4190
tcp        0      0 0.0.0.0:4190            0.0.0.0:*               LISTEN      21996/dovecot

But i realized that i was wrong on that, cause the connection-attemp just times out..
Tcpdump shows that packages which arrive nerver get answerd. IP-Connectivity is assured...
I do not have any special configuration ATM - Its moree or less the default configuration since the installation..
I have no special iptables-rules in the chains - Fail2Ban seems already to be configured to surveil port 4190.

Anyway - This is a generic setup from scratch with no considerable changes..

So - how about that? Is anyone able to connect to this mangesieve service anyway? Particulary with Sieve-Plugins for all the mailclients out there?

Any hints on that? Is managesieve anyhow configured just to react on local requrests (regarding the locally working connections)? I don't find any other pivotal configuration-files than /etc/dovecot/conf.d/20-managesieve
...

Thanks for any advices...

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Unable to connect to managesieve server

Just saw that...

# iptables -vn -L
Chain INPUT (policy DROP 4083 packets, 193K bytes)
pkts bytes target     prot opt in     out     source               destination         
1426  177K fail2ban-postfix  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,25,587,110,995,143,993,4190
1426  177K fail2ban-dovecot  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,25,587,110,995,143,993,4190
1427  177K fail2ban-roundcube  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,25,587,110,995,143,993,4190
1096 74126 fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
315K   67M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
2367  142K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   31  1348 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
   49  2316 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
  451 25528 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25
   23  1048 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587
   20   912 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110
   16   704 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995
  694 39834 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143
   86  4648 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993
   47  2660 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
  149 11657 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 5553 packets, 1493K bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain fail2ban-dovecot (1 references)
pkts bytes target     prot opt in     out     source               destination         
1426  177K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-postfix (1 references)
pkts bytes target     prot opt in     out     source               destination         
1426  177K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-roundcube (1 references)
pkts bytes target     prot opt in     out     source               destination         
1427  177K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-ssh (1 references)
pkts bytes target     prot opt in     out     source               destination         
1096 74126 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0       


O_o So this 's why he didn't answer the requests..  When Default policy is DROP and 4190 is not explicitly ACCEPT the packets fly into the nirvana...


So next step: Howto configure fail2ban to simply ACCEPT packets on this port..? I do used fail2ban never before..

3

Re: Unable to connect to managesieve server

Workaround:

# cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

iptables -I INPUT -p tcp --dport 4190 -j ACCEPT

exit 0


I really do not understand how this fail2ban works and in which way thees iptable-rules are generated...

:-?

4

Re: Unable to connect to managesieve server

By default it's not wanted to have managesieve server accessible from internet / if you need it, you should customize the firewall - have a look on the file /etc/default/iptables and add a rule to accept communication on port 4190.

Putting the rule in rc.local is kind of ugly ;-)

5

Re: Unable to connect to managesieve server

camel1cz gave the right answer. Thanks smile

There's nothing to do with Fail2ban in your case, managesieve service is blocked in iptables by default, what you need to do is just open the port in iptables.