------------ Original Message ------------> Date: Wednesday, August 12, 2015 14:16:03 +0100
> From: Dr J Austin <ja at maui.jaa.org.uk>
>
> On Wed, 12 Aug 2015, Richard wrote:
>
>>
>> I don't think that wireshark adds much to this. Unless you had a
>> proxy in the middle, the "connection refused" responses
already
>> indicated that your connections were getting to the/a server, it's
>> just refusing the connections.
>>
>> Connections by name, especially short forms, are suspect unless
>> you can be very certain of how they are being resolved (i.e., what
>> IPnumber you end up trying to connect to). There is no reason that
>> using root to connect to port 993 would work when a normal user
>> doesn't. An IMAP server either accepts the initial connection
>> from a machine or not - it doesn't know or care what type of user
>> is originating the connection.
>>
>> You may want to look into what you were able to connect to via:
>>
>> openssl s_client -connect maui:993
>>
>> I'd start by looking up what "maui" resolves to.
>>
>> I just looked up maui.jaa.org.uk. It (currently) resolves to
>> 213.152.52.233, not the 148.197 you seemed to be using above. I
>> realize you may have some form of dynamic dns going here, but
>> thought I'd mention it.
>>
>>
>> Could you try (as root) two slightly different version of my
>> earlier netstat commands:
>>
>> netstat -pnlA inet | egrep ':993|:143'
>>
>> netstat -pnlA inet6 | egrep ':993|:143'
>>
>>
>> the addition of "A inet/inet6" will show whether it is
listening
>> via ipv4 (inet) or ipv6 (inet6) on the imap port
>
>
> Hi Richard
>
> I have been working at trying to get cyrus to listen on
> 148.197.29.5 interface instead of the localhost - I have failed
>
> Whenever I add things to /etc/cyrus.conf such as
> imaps cmd="imapd -s" listen="[148.197.29.5]:imaps"
prefork=1
>
> [root at maui:~]$ service cyrus-imapd restart
>
> [root at maui:~]$ ps -ef|grep cyr
> cyrus 22187 1 0 13:26 ? 00:00:00 idled
> cyrus 28044 1 0 13:54 ? 00:00:00
> /usr/lib/cyrus-imapd/cyrus-master -d
> cyrus 28048 1 0 13:54 ? 00:00:00 idled
> cyrus 28050 28044 0 13:54 ? 00:00:00 imapd
> cyrus 28051 28044 0 13:54 ? 00:00:00 pop3d
> cyrus 28052 28044 0 13:54 ? 00:00:00 pop3d -s
> cyrus 28053 28044 0 13:54 ? 00:00:00 lmtpd -a
> cyrus 28054 28044 0 13:54 ? 00:00:00 imapd
> cyrus 28055 28044 0 13:54 ? 00:00:00 pop3d
> cyrus 28058 28044 0 13:54 ? 00:00:00 imapd
> cyrus 28059 28044 0 13:54 ? 00:00:00 imapd
> cyrus 28060 28044 0 13:54 ? 00:00:00 imapd
> cyrus 28061 28044 1 13:54 ? 00:00:00 pop3d
> root 28063 11348 0 13:54 pts/2 00:00:00 grep cyr
>
> Then no "imapd -s" appears
>
> I have tried all sorts of combinations in cyrus.conf but all fail
> to LISTEN on 148.197.29.5
>
> I have tried taking maui out of /etc/hosts
>
> My IP addresses are a bit odd - but I have been using
> 148.197.29.0/24 for so long, ...
> They have never escaped as far as I know!
> client machine
> ja at paxos ~ 1$ host 148.197.29.5
> 5.29.197.148.in-addr.arpa domain name pointer maui.jaa.org.uk.
> ja at paxos ~ 2$ host maui
> maui.jaa.org.uk has address 148.197.29.5
>
> server machine
> [root at maui:/etc/pki/cyrus-imapd]$ host maui
> maui.jaa.org.uk has address 148.197.29.5
> ------------------------------------------------------------------
> -----
> With these lines in cyrus.conf
> imap cmd="imapd" listen="imap" prefork=5
># imaps cmd="imapd -s" listen="imaps" prefork=1
> imaps cmd="imapd -s" listen="[148.197.29.5]:imaps"
prefork=1
> pop3 cmd="pop3d" listen="pop3" prefork=3
> pop3s cmd="pop3d -s" listen="pop3s" prefork=1
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> your two netstat lines show
> [root at maui:/etc/pki/cyrus-imapd]$ netstat -pnlA inet | egrep
> ':993|:143'
> udp 0 0 0.0.0.0:143 0.0.0.0:*
> 1465/portreserve
> udp 0 0 0.0.0.0:993 0.0.0.0:*
> 1465/portreserve
>
> [root at maui:/etc/pki/cyrus-imapd]$ netstat -pnlA inet6 | egrep
> ':993|:143'
> tcp 0 0 :::143 :::* LISTEN
> 29460/cyrus-master
>
> ------------------------------------------------------------------
> --------
> With
> imap cmd="imapd" listen="imap" prefork=5
> imaps cmd="imapd -s" listen="imaps" prefork=1
># imaps cmd="imapd -s" listen="[148.197.29.5]:imaps"
prefork=1
> pop3 cmd="pop3d" listen="pop3" prefork=3
> pop3s cmd="pop3d -s" listen="pop3s" prefork=1
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> [root at maui:/etc/pki/cyrus-imapd]$ netstat -pnlA inet | egrep
> ':993|:143'
> udp 0 0 0.0.0.0:143 0.0.0.0:*
> 1465/portreserve
> udp 0 0 0.0.0.0:993 0.0.0.0:*
> 1465/portreserve
> [root at maui:/etc/pki/cyrus-imapd]$ netstat -pnlA inet6 | egrep
> ':993|:143'
> tcp 0 0 :::993 :::* LISTEN
> 30596/cyrus-master
> tcp 0 0 :::143 :::* LISTEN
> 30596/cyrus-master
>
> Why will cyrus not listen on 148.197.29.5 ?
>
> John
My dns lookup (against either of the hosteurope.com nameservers
listed for jaa.org.uk) is showing the following for the maui FQDN.
maui.jaa.org.uk. 14400 IN A 213.152.52.233
and I'm getting:
5.29.197.148.in-addr.arpa. 80184 IN PTR adarwash1.ee.port.ac.uk
for the rDNS of 148.197.29.5.
As you can see from the netstat output, cyrus is listening (on all
interfaces), but only on ipv6. It doesn't appear to be listening on
any interface on ipv4. You do have portreserve "holding" the IMAP
ipv4 ports. It's possible that it's not releasing them to cyrus. You
may want to look at the man page for that application, and see that
it knows about cyrus (mine is only set up to "hold" things for cups).
I would also suggest looking at your yum.log to see if cyrus was
updated with the .6->.7 update. If so, look for "rpmnew" or
"rpmold"
config files. In my experience it is uncommon for updates to move
current configs out, unless they are incompatible with a new release
(and when they do you should find an "rpmold").
I've never touched cyrus, so can't be of much help trying to
(re-)configure it (but I'd look at portreserve first).