Skip to main content

How to block port 143 from sending emails?

martin MHC
I have a server that usually uses 993 for IMAP connections, I have found from a client recently that they have been able to connect to their IMAP on Port 143 and are able to send emails simply by giving their username and password (apparently in plaintext across the network). This is obviously not great. I want to double check the correct method of disabling this insecure IMAP access: 1) I use CSF firewall to remove 143 from TCP_IN and from TCP_OUT and ensure that 993 is present in both lists. 2) CSF is restarted as usual. 3) Dovecot (WHM --> Mailserver Configuration) was still set to accept insecure connections (this solves my original issue) BUT: I understood the connection shouldn't even reach Dovecot because the port (143) should be blocked from accessing the server by the firewall. How can I confirm this? What info,. have I missed to ensure this happens? Cheers

Comments

7 comments

Date Votes
  • keat63
    Removing port 143 in CSF should do what you want. Unless the client is whitelisted in CSF, or maybe using IP6 and you left it in there ? Also check CC_ALLOW_PORTS_TCP
    0
  • martin MHC
    Removing port 143 in CSF should do what you want. Unless the client is whitelisted in CSF, or maybe using IP6 and you left it in there ? Also check CC_ALLOW_PORTS_TCP

    CC_ALLOW_PORTS_TCP is blank the CSF configuration page on WHM. I believe I have double and triple checked the configuration page already....
    0
  • keat63
    Try MXToolbox port checker
    0
  • martin MHC
    Try MXToolbox port checker
    0
  • cPRex Jurassic Moderator
    I wouldn't expect Dovecot to be able to use that port at all if it is blocked on the system. You could also perform a telnet test to the port much like we often do with Apache or port 25 to test connectivity: telnet x.x.x.x 143
    where the x.x.x.x is the IP address of your server and you're running this command from a remote workstation. You can also just search /etc/csf/csf.conf for the string "143" to see if that gives you any results, ensuring you don't accidentally have this in a UDP_IN field or other odd location.
    0
  • martin MHC
    I don't know why there was an inconsistency before, but it's all resolved now. Thanks for the guidance!!
    0
  • cPRex Jurassic Moderator
    Glad to hear things are working well now!
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post