I have two RHEL4 email servers running postfix/MailScanner which use dovecot. They work great. But during bootup the nfslock script in my init.d loads rpc.statd and calls portmap to get a port number. Portmap keeps giving rpc.statd the imaps port number (993). I then have to stop my mail server services, manually start dovecot, then restart the mail server services and everything goes merrily on its way. Stopping the mail server services drops rpc.statd from using port 993(according to netstat -tlnp). This allows dovecot to take it by default. How to I reserve imap and imaps ports exclusively for use by dovecot. The imap and imaps ports are listed in /etc/services. Thanks for any insight. -- Robert W Nocella Systems Analyst III Computer Support Group Manager UNM ECE Department UNM SOE IT Agent
On Wed, 2007-11-21 at 21:33 -0700, Robert W Nocella wrote:> I have two RHEL4 email servers running postfix/MailScanner which use > dovecot. They work great. But during bootup the nfslock script in my > init.d loads rpc.statd and calls portmap to get a port number. Portmap > keeps giving rpc.statd the imaps port number (993). I then have to stop myThe default for rpc.statd actually should be random, rather than a fixed port...> mail server services, manually start dovecot, then restart the mail server > services and everything goes merrily on its way. Stopping the mail server > services drops rpc.statd from using port 993(according to netstat -tlnp). > This allows dovecot to take it by default. How to I reserve imap and imaps > ports exclusively for use by dovecot. The imap and imaps ports are listed > in /etc/services. Thanks for any insight.The question is not how to "reserve" port 993 -- but how to make rpc.statd (or most of the NFS stack for that matter) behave nicely, and use a dedicated, fixed port instead of a random one. Since you are ending up with the same port always, it is likely that this has been configured to work that way. Not that 993 would be a sane choice, though... I once documented how to pin down NFS ports, though for a different reason. ;) However, it should help you to adjust the port in your case, too. See the AllowNFS action and documentation here: http://lists.shorewall.net/~kb/ Please note, that this particular documentation applies to "RH style" distros only (including Fedora and Mandriva). It's slightly different for Debian. And impossible for SuSE out-of-the-box, given their braindead [1] init scripts. guenther [1] Yes, that is a technical term. ;) -- char *t="\10pse\0r\0dtu\0. at ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
[ adding the list back to Cc ] On Thu, 2007-11-22 at 14:28 +0100, Marcus Rueckert wrote:> On 2007-11-22 13:31:59 +0100, Karsten Br?ckelmann wrote: > > And impossible for SuSE out-of-the-box, given their > > braindead [1] init scripts. > > what is so braindead about it?See these posts, the second one in particular. Also, my original Shorewall rules and documentation might be interesting. http://www.mail-archive.com/shorewall-users at lists.sourceforge.net/msg03986.html http://www.mail-archive.com/shorewall-users at lists.sourceforge.net/msg03985.html Please note that the initial reason for the above pinning down NFS ports is firewall-friendly behavior and sane rules. With NFS, most involved services use random ports by default, particularly statd, lockd, mountd, rquotad. Which leads to somewhat unsatisfying rules as shown in [1]. The init script shipped by SuSE offers no way whatsoever to pass rpc.statd options, even though it does for rpc.mountd -- and thus no way to pin down the port out-of-the-box short of hacking the init script. Marcus, please feel free to keep me posted on this issue and a fix. I'll happily forward updates to the Shorewall lists. guenther [1] http://shorewall.net/ports.htm#NFS -- char *t="\10pse\0r\0dtu\0. at ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}