Re: disable pop3 ports?
> On 04/05/2021 22:27 Dan Egli wrote: > > > On 5/4/2021 4:14 AM, Aki Tuomi wrote: > > Hi! > > To correctly enable/disable protocols, ensure they are (not) listed on > > protocols. > > > > doveconf protocols > > > > tells you this. > > > > Usually on debian based systems the easiest way is to uninstall > > `dovecot-pop3d` package. > > > > Aki > > > Aki, That's what I'm saying. The only place pop3 IS listed is in > doveconf protocols. I'm going to try settiing the ports to 0 and see if > that does the trick. > > And for those who keep mentioning the firewall, understand that I'm > beyond security paranoid. Simply blocking at the firewall is not enough. > I want to ensure that NO ONE is listening on that port, even if it's > just localhost. > > > -- > > Dan Egli > From my Test Server Since people seem to be really adamant about the port solution, I just offer my own alternative. NOT LISTING pop3 in protocols, will disable, in dovecot, any pop3 listeners. If pop3, or imap, or whatever protocol, is listed in protocols, it will start those listeners. FWIW settings those ports to 0 will stop them from listening, it's just bit roundabout way to do it, when you could tell dovecot not to even load the whole protocol listeners. Aki
Re: disable pop3 ports?
On Tuesday, May 4, 2021 11:27:28 AM AKDT Dan Egli wrote: > Aki, That's what I'm saying. The only place pop3 IS listed is in > doveconf protocols. I'm going to try settiing the ports to 0 and see if > that does the trick. > > And for those who keep mentioning the firewall, understand that I'm > beyond security paranoid. Simply blocking at the firewall is not enough. > I want to ensure that NO ONE is listening on that port, even if it's > just localhost. What in the world is going on here with POP3 on dovecot? I used to use POP3 on my desktop, and configure my desktop POP3 client to leave maybe 30 days' worth of email on the server accessible via IMAP to my mobile phone. After that I could archive or delete / discard old email on my desktop at my leisure. Except since the last couple of upgrades to dovecot software, that is no longer possible, and the system crashes and I lose all my email whenever I try to use POP3 for anything. I completely understand the tinfoil hat attitude with commercial spammers trying every trick in the book to take over private email servers and German Nazi cops doing the same to make criminal busts beating in doors with a battering ram, letting off flash-bang grenades, hadcuffing suspects and "disappearing" them to top-secret dentention centers -- (Does anyone remember Buchenwald, Auschwitz, Dachau?) -- without even so much as a case on the court docket, it's all for the safety and well-being of the children in the community, and no one in his right mind would even doubt that all the cops are on the right side of the law doing good works for humanity. I don't want to say "compromise" -- no, there's got to be a very basic, simple "right way" to do it, and POP3 has to be made to work properly "by the book" somehow like it used to, and I don't have any better answers than anybody else either, because it's broke on my system, too. signature.asc Description: This is a digitally signed message part.
Re: disable pop3 ports? (success)
This has been a long thread. In summary, do this:
From 10-master.conf (when using split config files)
service pop3-login {
net_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
ssl = yes
}
This disables pop3 listeners even when the pop3 protocol is enabled.
-
Regarding protection from the local host, if they can get on your system then
they will just attack imap. But I suppose this port=0 thing is still a good
idea since it reduces the attack surface. I see no disadvantage.
Original Message
From: d...@newideatest.site
Sent: May 4, 2021 12:35 PM
To: dovecot@dovecot.org
Subject: Re: disable pop3 ports? (success)
Changing the ports to = 0 did the trick. Nothing is listening on or 995
now. Thanks for your help, all!
--
Dan Egli
From my Test Server
Re: disable pop3 ports? (success)
Changing the ports to = 0 did the trick. Nothing is listening on or 995 now. Thanks for your help, all! -- Dan Egli From my Test Server OpenPGP_0x11B7451DF2015959.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: disable pop3 ports?
Nice idea, but I don't use Systemd. This is a Gentoo system with SELinux
and Gentoo's Selinux policies conflict with Systemd.
On 5/4/2021 12:53 PM, Sven Strickroth wrote:
Hi,
I experienced the same issue in the past.
For me it was a systemd issue. In systemd
() all ports were listed so that
systemd listens on these.
I solved it by placing the following content in
:
--- snip ---
[Unit]
Description=Dovecot IMAP/POP3 email server activation socket
[Socket]
#dovecot expects separate IPv4 and IPv6 sockets
BindIPv6Only=ipv6-only
ListenStream=0.0.0.0:993
ListenStream=[::]:993
KeepAlive=true
[Install]
WantedBy=sockets.target
--- snip ---
best,
Sven
Am 04.05.2021 um 12:14 schrieb Aki Tuomi:
On 04/05/2021 12:40 Dan Egli wrote:
On 5/4/2021 3:18 AM, Christian Kivalo wrote:
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release
2.7 xfs
# Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols:
# doveconf protocols
protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to
install.
This could also just be:
protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the
config in place.
The other option to disable the pop3 listeners is to set the port =
0
From 10-master.conf (when using split config files)
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
ssl = yes
}
}
This disables pop3 listeners even when the pop3 protocol is enabled.
I would have thought that commenting them out would do that too. But I
can uncomment them and add a port = 0, see if that helps.
--
Dan Egli
From my Test Server
Hi!
To correctly enable/disable protocols, ensure they are (not) listed on
protocols.
doveconf protocols
tells you this.
Usually on debian based systems the easiest way is to uninstall
`dovecot-pop3d` package.
Aki
--
Dan Egli
From my Test Server
OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
Re: disable pop3 ports?
On 5/4/2021 4:14 AM, Aki Tuomi wrote: Hi! To correctly enable/disable protocols, ensure they are (not) listed on protocols. doveconf protocols tells you this. Usually on debian based systems the easiest way is to uninstall `dovecot-pop3d` package. Aki Aki, That's what I'm saying. The only place pop3 IS listed is in doveconf protocols. I'm going to try settiing the ports to 0 and see if that does the trick. And for those who keep mentioning the firewall, understand that I'm beyond security paranoid. Simply blocking at the firewall is not enough. I want to ensure that NO ONE is listening on that port, even if it's just localhost. -- Dan Egli From my Test Server OpenPGP_0x11B7451DF2015959.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: disable pop3 ports?
Hi,
I experienced the same issue in the past.
For me it was a systemd issue. In systemd
() all ports were listed so that
systemd listens on these.
I solved it by placing the following content in
:
--- snip ---
[Unit]
Description=Dovecot IMAP/POP3 email server activation socket
[Socket]
#dovecot expects separate IPv4 and IPv6 sockets
BindIPv6Only=ipv6-only
ListenStream=0.0.0.0:993
ListenStream=[::]:993
KeepAlive=true
[Install]
WantedBy=sockets.target
--- snip ---
best,
Sven
Am 04.05.2021 um 12:14 schrieb Aki Tuomi:
On 04/05/2021 12:40 Dan Egli wrote:
On 5/4/2021 3:18 AM, Christian Kivalo wrote:
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release
2.7 xfs
# Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols:
# doveconf protocols
protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to install.
This could also just be:
protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the
config in place.
The other option to disable the pop3 listeners is to set the port = 0
From 10-master.conf (when using split config files)
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
ssl = yes
}
}
This disables pop3 listeners even when the pop3 protocol is enabled.
I would have thought that commenting them out would do that too. But I
can uncomment them and add a port = 0, see if that helps.
--
Dan Egli
From my Test Server
Hi!
To correctly enable/disable protocols, ensure they are (not) listed on
protocols.
doveconf protocols
tells you this.
Usually on debian based systems the easiest way is to uninstall `dovecot-pop3d`
package.
Aki
--
Best regards,
Sven Strickroth
PGP key id F5A9D4C4 @ any key-server
Re: disable pop3 ports?
Le 5/4/21 à 9:25 AM, Christian Kivalo a écrit : On 2021-05-04 10:20, Dan Egli wrote: Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out. Then please post the output of doveconf -n. Seems there is still something left. The list of installed dovecot packages would also be help. Commenting out is letting the defaults take precedence, not disabling. -- Yassine
Re: disable pop3 ports?
> On 04/05/2021 12:40 Dan Egli wrote:
>
>
> On 5/4/2021 3:18 AM, Christian Kivalo wrote:
> >
> >
> > On 2021-05-04 10:29, Dan Egli wrote:
> >> For gentoo, there is only one package. And here's your output:
> >>
> >> # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
> >> # Pigeonhole version 0.5.13 (cdd19fe3)
> >> # OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release
> >> 2.7 xfs
> >> # Hostname: jupiter.newideatest.site
> >
> >>
> >>
> >> and yet if I do doveconf protocols:
> >> # doveconf protocols
> >> protocols = imap pop3 lmtp
> > In dovecot.conf i have a line that enables the protocols.
> >
> > # Enable installed protocols
> > !include_try /usr/share/dovecot/protocols.d/*.protocol
> >
> > This is on debian where every protocol is a separate package to install.
> > This could also just be:
> > protocols = imap lmtp pop3
> >
> > Remove pop3 from there and you should be good. You can even have the
> > config in place.
> >
> > The other option to disable the pop3 listeners is to set the port = 0
> >
> > From 10-master.conf (when using split config files)
> > service pop3-login {
> > inet_listener pop3 {
> > port = 0
> > }
> > inet_listener pop3s {
> > port = 0
> > ssl = yes
> > }
> > }
> >
> > This disables pop3 listeners even when the pop3 protocol is enabled.
> >
> I would have thought that commenting them out would do that too. But I
> can uncomment them and add a port = 0, see if that helps.
>
>
> --
> Dan Egli
> From my Test Server
Hi!
To correctly enable/disable protocols, ensure they are (not) listed on
protocols.
doveconf protocols
tells you this.
Usually on debian based systems the easiest way is to uninstall `dovecot-pop3d`
package.
Aki
Re: disable pop3 ports?
I meant in the firewall itself.
Usually when you set up a server none of thr ports are open in the firewall. At
some point you opened 110 and 995.
Original Message
From: d...@newideatest.site
Sent: May 4, 2021 2:41 AM
To: dovecot@dovecot.org; ml+dove...@valo.at
Subject: Re: disable pop3 ports?
On 5/4/2021 3:18 AM, Christian Kivalo wrote:
>
>
> On 2021-05-04 10:29, Dan Egli wrote:
>> For gentoo, there is only one package. And here's your output:
>>
>> # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.5.13 (cdd19fe3)
>> # OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release
>> 2.7 xfs
>> # Hostname: jupiter.newideatest.site
>
>>
>>
>> and yet if I do doveconf protocols:
>> # doveconf protocols
>> protocols = imap pop3 lmtp
> In dovecot.conf i have a line that enables the protocols.
>
> # Enable installed protocols
> !include_try /usr/share/dovecot/protocols.d/*.protocol
>
> This is on debian where every protocol is a separate package to install.
> This could also just be:
> protocols = imap lmtp pop3
>
> Remove pop3 from there and you should be good. You can even have the
> config in place.
>
> The other option to disable the pop3 listeners is to set the port = 0
>
> From 10-master.conf (when using split config files)
> service pop3-login {
> inet_listener pop3 {
> port = 0
> }
> inet_listener pop3s {
> port = 0
> ssl = yes
> }
> }
>
> This disables pop3 listeners even when the pop3 protocol is enabled.
>
I would have thought that commenting them out would do that too. But I
can uncomment them and add a port = 0, see if that helps.
--
Dan Egli
From my Test Server
Re: disable pop3 ports?
Hi,
you can try to insert "protocols = imap lmtp" ath the end of your
"dovecot.conf" file.
That works for me.
Regards
Urban
Am 04.05.21 um 10:29 schrieb Dan Egli:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs
# Hostname: jupiter.newideatest.site
auth_debug = yes
auth_mechanisms = plain login
auth_socket_path = /run/dovecot/auth-userdb
auth_verbose = yes
debug_log_path = /var/log/dovecot/debug.log
default_vsz_limit = 1 G
disable_plaintext_auth = no
first_valid_uid = 114
hostname = jupiter.newideatest.site
info_log_path = /var/log/dovecot/info.log
log_path = /var/log/dovecot/error.log
mail_debug = yes
mail_gid = exim4u
mail_location =
maildir:/var/mail/%d/%n/Maildir:INDEX=/var/mail/indexes/%d/%1n/%n
mail_plugins = fts
mail_privileged_group = mail
mail_server_admin =
mail_uid = exim4u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
fts_autoindex = yes
fts_autoindex_exclude = \Junk
fts_autoindex_exclude2 = \Trash
fts_autoindex_exclude3 = \Drafts
fts_autoindex_exclude4 = \Spam
fts_enforced = yes
imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
plugin = fts managesieve sieve
sieve = file:%h/sieve;active=%h/.dovecot.sieve
sieve_Dir = ~/sieve
sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
sieve_global_dir = /var/lib/dovecot/sieve/
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
sieve_pipe_bin_dir = /var/lib/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
postmaster_address = postmas...@newideatest.site
service auth {
unix_listener auth-client {
mode = 0600
user = exim4u
}
unix_listener auth-userdb {
group = exim4u
mode = 0777
user = exim4u
}
}
service lmtp {
unix_listener /var/spool/exim/dovecot-lmtp/lmtp {
group = exim4u
mode = 0660
user = exim4u
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service stats {
unix_listener stats-reader {
mode = 0777
user = exim4u
}
unix_listener stats-writer {
mode = 0777
user = exim4u
}
}
service submission-login {
inet_listener submission {
port = 2587
}
}
ssl_cert =
On 2021-05-04 10:20, Dan Egli wrote:
Already did all of that. like I said, EVERY instance of pop3 in the
entire config set is commented out.
Then please post the output of doveconf -n. Seems there is still something left.
The list of installed dovecot packages would also be help.
Re: disable pop3 ports?
On 5/4/2021 3:18 AM, Christian Kivalo wrote:
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release
2.7 xfs
# Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols:
# doveconf protocols
protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to install.
This could also just be:
protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the
config in place.
The other option to disable the pop3 listeners is to set the port = 0
From 10-master.conf (when using split config files)
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
ssl = yes
}
}
This disables pop3 listeners even when the pop3 protocol is enabled.
I would have thought that commenting them out would do that too. But I
can uncomment them and add a port = 0, see if that helps.
--
Dan Egli
From my Test Server
OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
Re: disable pop3 ports?
Don't enable the port in the firewall. Actually two ports (encrypted and not). 110 and 995. Original Message From: d...@newideatest.site Sent: May 4, 2021 1:20 AM To: m...@f1-outsourcing.eu; dovecot@dovecot.org Subject: Re: disable pop3 ports? Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out. On 5/4/2021 1:12 AM, Marc wrote: > maybe remove pop3 from protocols, remove service pop3-login, service pop3? > >> I admit I don't quite understand dovecot's config yet, but this is >> driving me batty. I was looking at my server and noticed that dovecot >> was listening on the pop3 ports (110/TCP). Since I do not use pop3 at >> all, nor does anyone who has ever or ever will connect to the server, >> that seems like a needless waste. So I went through the config files and >> commented out every reference to pop3 in them. But when I restart >> dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY >> external ports I want dovecot listening to are imap4 and imap4s. >> >> Thanks! >> -- Dan Egli From my Test Server
Re: disable pop3 ports?
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7
xfs
# Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols:
# doveconf protocols
protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to install.
This could also just be:
protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the
config in place.
The other option to disable the pop3 listeners is to set the port = 0
From 10-master.conf (when using split config files)
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
ssl = yes
}
}
This disables pop3 listeners even when the pop3 protocol is enabled.
--
Christian Kivalo
Re: disable pop3 ports?
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs
# Hostname: jupiter.newideatest.site
auth_debug = yes
auth_mechanisms = plain login
auth_socket_path = /run/dovecot/auth-userdb
auth_verbose = yes
debug_log_path = /var/log/dovecot/debug.log
default_vsz_limit = 1 G
disable_plaintext_auth = no
first_valid_uid = 114
hostname = jupiter.newideatest.site
info_log_path = /var/log/dovecot/info.log
log_path = /var/log/dovecot/error.log
mail_debug = yes
mail_gid = exim4u
mail_location =
maildir:/var/mail/%d/%n/Maildir:INDEX=/var/mail/indexes/%d/%1n/%n
mail_plugins = fts
mail_privileged_group = mail
mail_server_admin =
mail_uid = exim4u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
fts_autoindex = yes
fts_autoindex_exclude = \Junk
fts_autoindex_exclude2 = \Trash
fts_autoindex_exclude3 = \Drafts
fts_autoindex_exclude4 = \Spam
fts_enforced = yes
imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
plugin = fts managesieve sieve
sieve = file:%h/sieve;active=%h/.dovecot.sieve
sieve_Dir = ~/sieve
sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
sieve_global_dir = /var/lib/dovecot/sieve/
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
sieve_pipe_bin_dir = /var/lib/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
postmaster_address = postmas...@newideatest.site
service auth {
unix_listener auth-client {
mode = 0600
user = exim4u
}
unix_listener auth-userdb {
group = exim4u
mode = 0777
user = exim4u
}
}
service lmtp {
unix_listener /var/spool/exim/dovecot-lmtp/lmtp {
group = exim4u
mode = 0660
user = exim4u
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service stats {
unix_listener stats-reader {
mode = 0777
user = exim4u
}
unix_listener stats-writer {
mode = 0777
user = exim4u
}
}
service submission-login {
inet_listener submission {
port = 2587
}
}
ssl_cert =
On 2021-05-04 10:20, Dan Egli wrote:
Already did all of that. like I said, EVERY instance of pop3 in the
entire config set is commented out.
Then please post the output of doveconf -n. Seems there is still
something left.
The list of installed dovecot packages would also be help.
--
Dan Egli
From my Test Server
OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
Re: disable pop3 ports?
I'm using Gentoo. They do not have separate packages for dovecot. It's
all under one roof so to speak. And I checked. doveconf protocols DOES
list pop3, but according to grep it's commented out EVERYWHERE!
# grep pop3 *
10-director.conf:#service pop3-login {
10-director.conf: #executable = pop3-login director
10-mail.conf:# pop3_uidl_format=%m. For backwards compatibility we use
apop3d inspired
10-mail.conf:#mbox_md5 = apop3d
10-master.conf:#service pop3-login {
10-master.conf:# inet_listener pop3 {
10-master.conf:# inet_listener pop3s {
10-master.conf:#completely disable pop3
10-master.conf:#service pop3 {
20-pop3.conf:#pop3_no_flag_updates = no
20-pop3.conf:#pop3_enable_last = no
20-pop3.conf:#pop3_reuse_xuidl = no
20-pop3.conf:#pop3_lock_session = no
20-pop3.conf:#pop3_fast_size_lookups = no
20-pop3.conf:# UW's ipop3d : %08Xv%08Xu
20-pop3.conf:# tpop3d : %Mf
20-pop3.conf:#pop3_uidl_format = %08Xu%08Xv
20-pop3.conf:# Permanently save UIDLs sent to POP3 clients, so
pop3_uidl_format changes
20-pop3.conf:#pop3_save_uidl = no
20-pop3.conf:#pop3_uidl_duplicates = allow
20-pop3.conf:#pop3_deleted_flag =
20-pop3.conf:#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
20-pop3.conf:#pop3_client_workarounds =
20-pop3.conf:#protocol pop3 {
This is PRECISELY why I'm confused. As you can see there is no
uncommented pop3 in the config files, but doveconf protocols shows imap,
lmtp, AND pop3
On 5/4/2021 2:18 AM, Jean-Daniel wrote:
Not sure what distribution you are using, but some distributions provide
distincts package for dovecot-pop, so removing it may be enough.
This package main purpose it to install a file in /usr/share/dovecot/protocols.d/
which is then imported in the config by a line like "!include_try
/usr/share/dovecot/protocols.d/*.protocol »
Also, make sure "doveconf protocols" does not include pop3
Presence of service pop3-login, service pop3 in config should not be enough to
start listening on pop3 ports.
Le 4 mai 2021 à 06:40, Dan Egli a écrit :
I admit I don't quite understand dovecot's config yet, but this is driving me batty. I was looking at my server and noticed that dovecot was listening on the pop3 ports (110/TCP). Since I do not use pop3 at all, nor does anyone who has ever or ever will connect to the server, that seems like a needless waste. So I went through the config files and commented out every reference to pop3 in them. But when I restart dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY external ports I want
dovecot listening to are imap4 and imap4s.
Thanks!
--
Dan Egli
From my Test Server
--
Dan Egli
From my Test Server
OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
Re: disable pop3 ports?
On 2021-05-04 10:20, Dan Egli wrote: Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out. Then please post the output of doveconf -n. Seems there is still something left. The list of installed dovecot packages would also be help. -- Christian Kivalo
Re: disable pop3 ports?
Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out. On 5/4/2021 1:12 AM, Marc wrote: maybe remove pop3 from protocols, remove service pop3-login, service pop3? I admit I don't quite understand dovecot's config yet, but this is driving me batty. I was looking at my server and noticed that dovecot was listening on the pop3 ports (110/TCP). Since I do not use pop3 at all, nor does anyone who has ever or ever will connect to the server, that seems like a needless waste. So I went through the config files and commented out every reference to pop3 in them. But when I restart dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY external ports I want dovecot listening to are imap4 and imap4s. Thanks! -- Dan Egli From my Test Server OpenPGP_0x11B7451DF2015959.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: disable pop3 ports?
Not sure what distribution you are using, but some distributions provide distincts package for dovecot-pop, so removing it may be enough. This package main purpose it to install a file in /usr/share/dovecot/protocols.d/ which is then imported in the config by a line like "!include_try /usr/share/dovecot/protocols.d/*.protocol » Also, make sure "doveconf protocols" does not include pop3 Presence of service pop3-login, service pop3 in config should not be enough to start listening on pop3 ports. > Le 4 mai 2021 à 06:40, Dan Egli a écrit : > > I admit I don't quite understand dovecot's config yet, but this is driving me > batty. I was looking at my server and noticed that dovecot was listening on > the pop3 ports (110/TCP). Since I do not use pop3 at all, nor does anyone who > has ever or ever will connect to the server, that seems like a needless > waste. So I went through the config files and commented out every reference > to pop3 in them. But when I restart dovecot, it STILL opens a listener on > 110. How do I fix this? The ONLY external ports I want dovecot listening to > are imap4 and imap4s. > > Thanks! > > -- > Dan Egli > From my Test Server > >
RE: disable pop3 ports?
maybe remove pop3 from protocols, remove service pop3-login, service pop3? > > I admit I don't quite understand dovecot's config yet, but this is > driving me batty. I was looking at my server and noticed that dovecot > was listening on the pop3 ports (110/TCP). Since I do not use pop3 at > all, nor does anyone who has ever or ever will connect to the server, > that seems like a needless waste. So I went through the config files and > commented out every reference to pop3 in them. But when I restart > dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY > external ports I want dovecot listening to are imap4 and imap4s. > > Thanks! >
disable pop3 ports?
I admit I don't quite understand dovecot's config yet, but this is driving me batty. I was looking at my server and noticed that dovecot was listening on the pop3 ports (110/TCP). Since I do not use pop3 at all, nor does anyone who has ever or ever will connect to the server, that seems like a needless waste. So I went through the config files and commented out every reference to pop3 in them. But when I restart dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY external ports I want dovecot listening to are imap4 and imap4s. Thanks! -- Dan Egli From my Test Server OpenPGP_0x11B7451DF2015959.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
