Hi Robert,
I corrected the service imap-login section of both dovecot.conf AND
conf.d/10-master.conf as you suggested,
The files in ssl_cert and ssl_key exist and are readable by dovecot. I have
even changed for testing the permission of /etc/letsencrypt/live
/etc/letsencrypt/archive to 0755 and restarted dovecot. However, the output
of ss -tuln | grep 993 is still null.
What next? Thanks
---------- Forwarded message ---------
Da: Robert Nowotny <rnowo...@rotek.at>
Date: mar 21 gen 2025 alle ore 23:47
Subject: RE: Fwd: [OFFLIST] Re: connection refused, no error anywhere
To: Marco Fioretti <marco.fiore...@gmail.com>
To resolve the connection refused error when accessing Dovecot on the new
server, you need to adjust the Dovecot configuration to enable the
appropriate IMAP service ports.
1. Enable IMAPS (Port 993) for Secure Connections:
- Modify the `service imap-login` section in your Dovecot configuration
(likely in `/etc/dovecot/conf.d/10-master.conf`) to include an `imaps`
listener:
```conf
service imap-login {
inet_listener imap {
port = 0 # Disables plain IMAP (port 143)
}
inet_listener imaps {
port = 993
ssl = yes
}
}
```
- This configuration disables plaintext IMAP on port 143 and enables
IMAPS on port 993 with SSL.
2. Ensure SSL Certificates Are Correct:
- Verify the paths to your SSL certificate and key in
`/etc/dovecot/conf.d/10-ssl.conf`:
```conf
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
```
- Confirm the files exist and have proper permissions (readable by
Dovecot).
3. Restart Dovecot:
```bash
sudo systemctl restart dovecot
```
4. Verify Dovecot is Listening:
```bash
sudo ss -tuln | grep 993
```
- You should see Dovecot listening on port 993.
5. Test the Connection Using SSL:
```bash
openssl s_client -connect example.com:993
```
- This should establish a secure connection to the IMAPS port.
Additional Recommendations:
- Disable Plaintext IMAP: Keeping `port = 0` for the `imap` listener
ensures unencrypted IMAP is disabled, enhancing security.
- Firewall Configuration: Confirm UFW allows port 993:
```bash
sudo ufw allow 993/tcp
```
By enabling IMAPS on port 993 and ensuring SSL is properly configured,
secure email access will be restored. If you must use port 143 (not
recommended), set `port = 143` in the `imap` listener and enforce STARTTLS
by adding `ssl = required` in your SSL configuration.
*Von:* Marco Fioretti via dovecot <dovecot@dovecot.org>
<dovecot@dovecot.org>
*Gesendet:* Dienstag, 21. Januar 2025 um 23:22 MEZ
*An:* Dovecot <dovecot@dovecot.org> <dovecot@dovecot.org>
*Betreff:* FW: [OFFLIST] Re: connection refused, no error anywhere
---------- Forwarded message ---------
Da: Marco Fioretti <marco.fiore...@gmail.com> <marco.fiore...@gmail.com>
Date: mar 21 gen 2025 alle ore 19:33
Subject: Re: [OFFLIST] Re: connection refused, no error anywhere
To: Michael Peddemors <mich...@linuxmagic.com> <mich...@linuxmagic.com>
Hi Michel,
I cannot say which NGO it is. What I know is that everything with that
configuration was working fine, as far as they know, on the old server. So,
any help to change the configuration to make it work with the current
version of dovecot on Ubuntu 24.04LTS is very welcome...
Il giorno mar 21 gen 2025 alle ore 19:11 Michael Peddemors
<mich...@linuxmagic.com> ha scritto:
Which NGO?
Don't listen on port 143 any more, make sure to only listen on
587/465/993/995 with TLS/SSL..
NGO's are often targeted..
On 2025-01-21 09:50, Marco Fioretti via dovecot wrote:
Greetings,
I was just tasked with rebuilding from scratch the mail server of an NGO,
on a brand new Ubuntu 24.04 LTS VPS.
I have copied the whole dovecot configuration to the new server, and now
am
stuck because:
- dovecot IS running, dovecot service status shows no errors, but:
- if I try to connect with mutt from my desktop I get "connection
refused"
- the ufw firewall does allow imap/imaps connections, and there are no
errors in its log
- even "telnet localhost 143" fails:
Trying ::1...
Connection failed: Connection refused
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
- I see no related errors in /var/log/mail.log or /var/log/syslog.
output of dovecot -n is pasted below, I only changed the actual domain
name
to "example.com"
TIA for any pointer, I really need to get this server back online as soon
as possible...
Marco
# 2.3.21 (47349e2482): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.21 (f6cd4b8e)
doveconf: Warning: NOTE: You can get a new clean config file with:
doveconf
-Pn > dovecot-new.conf
doveconf: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:9:
ssl_dh_parameters_length is no longer needed
# OS: Linux 6.8.0-51-generic x86_64 Ubuntu 24.04.1 LTS ext4
# Hostname: example.com
auth_debug = yes
auth_verbose = yes
auth_verbose_passwords = plain
mail_location = maildir:/var/mail/mymail_storage/base/
mbox_write_locks = fcntl
passdb {
args = /etc/imap.v_users
driver = passwd-file
}
passdb {
driver = pam
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
}
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_cipher_list = ALL
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
args = /etc/imap.v_users
driver = passwd-file
}
userdb {
driver = passwd
}
verbose_ssl = yes
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
