Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: p-jones on November 07, 2016, 07:07:59 AM

Title: Closing a Port on Internal Network.
Post by: p-jones on November 07, 2016, 07:07:59 AM

I have a need to close off Port 143 on the internal network of a server-gateway configuration. It is important I do not disrupt IMAP mail on Port 993 & 465.

Indeed you may wonder why I would ask this. Well, I am wondering also. It is the challenge in front of me and I need to solve it. SME would be my first choice.

My other choice would be to redirect the traffic on Port 143 to another IP on the same subnet.

Is there some way I can do this and hopefully revert back if necessary.

Thanks in advance
Peter

Title: Re: Closing a Port on Internal Network.
Post by: Daniel B. on November 07, 2016, 11:03:40 AM

You have 2 solutions. If you want to leave port 143 open, but forbid clear text usage (= force START TLS):

Code: [Select]

db configuration setprop imap AllowPlainText disabled
signal-event email-update

If you really want to close the port 143 from both your local network and the outside:

Code: [Select]

db configuration setprop imap access localhost
signal-event email-update


Title: Re: Closing a Port on Internal Network.
Post by: p-jones on November 07, 2016, 11:08:53 AM

Thank You.

Option 2 is what I really need. I will try that tomorrow.

Title: Re: Closing a Port on Internal Network.
Post by: p-jones on November 07, 2016, 11:17:22 AM

Daniel,

Could I achieve the same outcome with

db configuration setprop imap status disabled

I didnt think of this earlier. That would leave IMAPS untouched which is a requirement

Title: Re: Closing a Port on Internal Network.
Post by: Daniel B. on November 07, 2016, 11:19:06 AM

Setting the access prop for imap to disabled will be converted to status=enabled and access=localhost (IMAP is always enabled, as it's required for the webmail, see /etc/e-smith/db/configuration/migrate/35enableImap)