SOLVED How to block port 143 from sending emails?

martin MHC

Well-Known Member
Sep 14, 2016
214
35
28
UK
cPanel Access Level
Root Administrator
I have a server that usually uses 993 for IMAP connections, I have found from a client recently that they have been able to connect to their IMAP on Port 143 and are able to send emails simply by giving their username and password (apparently in plaintext across the network). This is obviously not great.

I want to double check the correct method of disabling this insecure IMAP access:

1) I use CSF firewall to remove 143 from TCP_IN and from TCP_OUT and ensure that 993 is present in both lists.
2) CSF is restarted as usual.

3) Dovecot (WHM --> Mailserver Configuration) was still set to accept insecure connections (this solves my original issue)

BUT: I understood the connection shouldn't even reach Dovecot because the port (143) should be blocked from accessing the server by the firewall. How can I confirm this? What info,. have I missed to ensure this happens?

Cheers
 
Last edited by a moderator:

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
Removing port 143 in CSF should do what you want.
Unless the client is whitelisted in CSF, or maybe using IP6 and you left it in there ?

Also check CC_ALLOW_PORTS_TCP
 

martin MHC

Well-Known Member
Sep 14, 2016
214
35
28
UK
cPanel Access Level
Root Administrator
Removing port 143 in CSF should do what you want.
Unless the client is whitelisted in CSF, or maybe using IP6 and you left it in there ?

Also check CC_ALLOW_PORTS_TCP
CC_ALLOW_PORTS_TCP is blank the CSF configuration page on WHM.
I believe I have double and triple checked the configuration page already....
 

martin MHC

Well-Known Member
Sep 14, 2016
214
35
28
UK
cPanel Access Level
Root Administrator
Try MXToolbox port checker


Also whilst inside CSF config, maybe use your browser search function for 143.
I also fond an entry in PORTS_imapd =
Thanks for this, I'm familiar with some of MXToolbox's stuff, but hadn't realised they did this as well.
All the expected blocked ports are coming back blank ("Filtered"), and all the expected valid ports are coming back as such with feedback timestamps.

I'm happy as long as I've not missed an obivious step re CSF, and Mxtoolbox does appear to confirm the case. It just seemed wyrd that Dovecot was accepting data from a supposedly blocked port.

Cheers
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,852
904
313
cPanel Access Level
Root Administrator
I wouldn't expect Dovecot to be able to use that port at all if it is blocked on the system. You could also perform a telnet test to the port much like we often do with Apache or port 25 to test connectivity:

Code:
telnet x.x.x.x 143
where the x.x.x.x is the IP address of your server and you're running this command from a remote workstation.

You can also just search /etc/csf/csf.conf for the string "143" to see if that gives you any results, ensuring you don't accidentally have this in a UDP_IN field or other odd location.