Hello, I've some difficulties with my installation, specially with sieveshell. O.K., just have a look on my site: intranet : 10.0.10.0/24 DMZ : 10.0.0.0/24 My IMAP-server is based on DMZ-site on my host vml000070 (10.0.0.70): # netstat -penlut Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 0 137240 25617/cyrus-master tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN 0 137252 25617/cyrus-master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 8777 1314/sshd tcp 0 0 0.0.0.0:24 0.0.0.0:* LISTEN 0 137258 25617/cyrus-master tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 8977 1392/master tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 0 137246 25617/cyrus-master I've no problem to connect with sieveshell on my IMAP-host: [django@vml000070 ~]$ sieveshell --user=django --authname=django 127.0.0.1:2000 connecting to 127.0.0.1:2000 Please enter your password: BUT, if I try to connect from an other host inside my DMZ a see this error: [django@vml000090 ~]$ sieveshell --user=django --authname=django 10.0.0.70:2000 connecting to 10.0.0.70:2000 unable to connect to server at /usr/bin/sieveshell line 170. O.K., so far so "good" :( Just look, I can connect with telnet to port 2000 on my IMAP-host: [django@vml000090 ~]$ telnet 10.0.0.70 2000 Trying 10.0.0.70... Connected to 10.0.0.70. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.el6_1.4" "SASL" "CRAM-MD5 DIGEST-MD5" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK SELinux is deactivated and the personal firewall on my IMAP-Host accepts connections to Port: 143, 993 and 2000: [root@vml000070 ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993 ACCEPT tcp -- 10.0.0.80 0.0.0.0/0 state NEW tcp dpt:24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2000 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination And here comes the strangest thing I can report: If I try to connect from my intranet to my IMAP-Server on port 2000: [django@pml010002 ~]$ sieveshell --user=django --authname=django 10.0.0.70:2000 connecting to 10.0.0.70:2000 Please enter your password: IT WORKS! Im very very confused! :( O.K. all hosts are based on CentOS: DMZ-host: [django@vml000090 ~]$ cat /etc/redhat-release CentOS release 6.2 (Final) [root@vml000090 ~]# yum list cyrus-imapd-utils Installed Packages cyrus-imapd-utils.x86_64 2.3.16-6.el6_1.4 IMAP-host [django@vml000070 ~]$ cat /etc/redhat-release CentOS release 6.2 (Final) [root@vml000070 ~]# yum list cyrus-imapd-utils Installed Packages cyrus-imapd-utils.x86_64 2.3.16-6.el6_1.4 [root@vml000070 ~]# yum list cyrus-imapd Installed Packages cyrus-imapd.x86_64 2.3.16-6.el6_1.4 Intranet-host [django@pml010002 ~]$ cat /etc/redhat-release CentOS release 6.2 (Final) [root@pml010002 ~]# yum list cyrus-imapd-utils Installed Packages cyrus-imapd-utils.x86_64 2.3.16-6.el6_1.4 I'm very confused about that behavior. Why it is possible to connet to Port 2000 from an intranet-host and why it fails inside my DMZ? Any ideas ond/or hints? ttyl Django -- "Bonnie & Clyde der Postmaster-Szene!" approved by Postfix-God http://wetterstation-pliening.info http://dokuwiki.nausch.org http://wiki.piratenpartei.de/Benutzer:Django
Attachment:
pgpKPnAvPVXci.pgp
Description: Digitale PGP-Unterschrift
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/