Hi, On Sat, 28 Nov 2015 19:09:42 +0000 David North <david-debian-b...@dnorth.net> wrote: > Package: dovecot-imapd > Version: 1:2.2.13-12~deb8u1 > > The config without the "inet_listener imaps" block behaves in /almost/ > the desired manner, but leaves TCP > port 143 in a strange state: attempts to bind a socket to it are rejected > with "address already in use", but > it does not appear in the output of netstat or ss. It also does not actually > seem to accept connections. > > This is a problem because the port being in this state can trigger some > intrusion detection tools. For example > tcp-unhide, as used as part of rkhunter, will regard this as a "hidden TCP > port".
> Init: systemd (via /run/systemd/system) This is most likely caused by the dovecot.socket systemd unit binding the socket by default, although dovecot doesn't actually use it. Due to a packaging bug[1], the systemd units were not originally shipped with jessie but they were silently introduced with 1:2.2.13-12~deb8u1 in the 8.2 point release. You can check if this is the case using systemctl status dovecot.socket. Deactivating the socket unit using systemctl stop dovecot.socket && systemctl disable dovecot.socket should fix this for you. See also https://bugs.debian.org/814999. Regards, Apollon [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720854#41