postfix - Ubuntu + SSL ports + AVAST

07
2014-07
  • jurajvt

    I have an interesting problem with communication via standard SSL ports.

    Fresh installed Ubuntu 14.04 server + Postfix + Dovecot, SASL authentication provided by Dovecot, self-signed certificate generated trough the Dovecot script mkcert.sh. Redirected ports on ZyWALL USG 200.

    I can send and receive e-mails from outside with standard ports 25 and 110, but not over 587.

    I am connecting to my server from machine with Windows 8.1 + VMWare Player + Ubuntu 14.04 Desktop + ssh. On Windows host I have installed Avast! antivirus.

    When I am trying to telnet from virtual machine to server over 587, it refused connection. But when I turn on Avast! it let me in to message Connected to... Same with nmap. When Avast! is turned on it is show me all SSL ports. When I turned it off, only standard ports appeared. OpenSSL shows me CONNECTED(00000003).

    But outside virtual machine directly in Windows 8.1 using nmap with zenmap there are not opened SSL ports in both Avast! states.

    From other external linux machines are problems with touching SSL ports same - refused.

    I have turned on submission in master.cf and 587 port is correctly listening on 0.0.0.0 in process master.pid which belongs to Postfix. I can telnet, or nmap over port 587 to my domain directly from server. Other ports like 995, 993 are OK on localhost, too.

    It is true, that I can't send emails via 587 anyway (Avast! turned on/off), but I can see ports opened.

    It is possible, that I have simply bad certificate and Avast! has right one, so with turned it on I can see opened ports?

    EDIT: To be more clear, I can't see or using port 587 everywhere from outside (tried Thunderbird, telnet, openssl, nmap, putty, swaks; both from Linux or Windows machines) and that is my problem. It was only by chance that I saw opened ports when Avast! is turned on.

    • Answers
  • jurajvt

    As I commented above my description, problem with avast! is really about semi layer - confirmed by avast! tech support. I thought I am telneting destination server, but it was only avast! filtering interface.

    Main problem was that I can't communicate over 587 port. I tried tcpdump on server and step by step analysing details in Wireshark shows that packets to this port has never arrived, so problem lies elsewhere.


    • Related Question

    How to open TCP port in Ubuntu 10.10?
  • Questioner

    How to open TCP port in Ubuntu 10.10 ?


    • Related Answers
  • zengr 
    sudo iptables -A INPUT -p tcp --dport (port number) -j ACCEPT
  • Casual Coder

    Shooting in the darkness:

    sudo ufw allow 80

    Now there is a rule in your ubuntu firewall allowing external access to your 80 port. If you want more specific rule see man ufw. If you are on non-routable IP address you have to forward port in your router. If you provide more context to your question, then I can adjust this answer.

  • sleske

    Your question needs a lot more detail:

    • What do you mean by "open a port"? Do you want to do it in a program? Just run a program?
    • What is your network configuration? LAN structure, Internet uplink, OSes involved, which router/switch...
    • Do you have any firewalls / NAT in place? On your system, elsewhere in the network?

    That said, if you have the "typical" home setup (one or more computers hooked up to a combined switch/router with Internet uplink via DSL or cable): Typically the switch/router/modem combo has a built-in firewall. You'll probably need to open a port there. Usually these devices have a web interface for configuration, look into your manuals.

  • yhw42

    I suggest Netcat: The very basic way to do that (via Netcat) is:

    nc -l <port_number>

    Example:

    nc -l 12569