[CentOS] CentOS 6 connection with sieveshell failed

Tue Mar 6 21:07:58 UTC 2012
Michael Nausch <michael at nausch.org>

Hello,

I've some difficulties with my installation, specially with sieveshell.

O.K., just have a look on my site:

intranet : 10.0.10.0/24
DMZ      : 10.0.0.0/24

My IMAP-server is based on DMZ-site on my host vml000070 (10.0.0.70):
# netstat -penlut
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address
    State       User       Inode      PID/Program name
tcp        0      0 0.0.0.0:143                 0.0.0.0:*
    LISTEN      0          137240     25617/cyrus-master
tcp        0      0 0.0.0.0:2000                0.0.0.0:*
    LISTEN      0          137252     25617/cyrus-master
tcp        0      0 0.0.0.0:22                  0.0.0.0:*
    LISTEN      0          8777       1314/sshd
tcp        0      0 0.0.0.0:24                  0.0.0.0:*
    LISTEN      0          137258     25617/cyrus-master
tcp        0      0 127.0.0.1:25                0.0.0.0:*
    LISTEN      0          8977       1392/master
tcp        0      0 0.0.0.0:993                 0.0.0.0:*
    LISTEN      0          137246     25617/cyrus-master

I've no problem to connect with sieveshell on my IMAP-host:
[django at vml000070 ~]$ sieveshell --user=django --authname=django
127.0.0.1:2000
connecting to 127.0.0.1:2000
Please enter your password:

BUT, if I try to connect from an other host inside my DMZ a see this error:

[django at vml000090 ~]$  sieveshell --user=django --authname=django
10.0.0.70:2000
connecting to 10.0.0.70:2000
unable to connect to server at /usr/bin/sieveshell line 170.

O.K., so far so "good" :( Just look, I can connect with telnet to port
2000 on my IMAP-host:

[django at vml000090 ~]$ telnet 10.0.0.70 2000
Trying 10.0.0.70...
Connected to 10.0.0.70.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.el6_1.4"
"SASL" "CRAM-MD5 DIGEST-MD5"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags
notify envelope relational regex subaddress copy"
"STARTTLS"
OK

SELinux is deactivated and the personal firewall on my IMAP-Host accepts
connections to Port: 143, 993 and 2000:
[root at vml000070 ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
tcp dpt:993
ACCEPT     tcp  --  10.0.0.80            0.0.0.0/0           state NEW
tcp dpt:24
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
tcp dpt:2000
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
tcp dpt:443
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

And here comes the strangest thing I can report:
If I try to connect from my intranet to my IMAP-Server on port 2000:
[django at pml010002 ~]$ sieveshell --user=django --authname=django
10.0.0.70:2000
connecting to 10.0.0.70:2000
Please enter your password:

IT WORKS! Im very very confused! :(

O.K. all hosts are based on CentOS:

DMZ-host:
[django at vml000090 ~]$ cat /etc/redhat-release
CentOS release 6.2 (Final)
[root at vml000090 ~]# yum list cyrus-imapd-utils
Installed Packages
cyrus-imapd-utils.x86_64                             2.3.16-6.el6_1.4


IMAP-host
[django at vml000070 ~]$ cat /etc/redhat-release
CentOS release 6.2 (Final)
[root at vml000070 ~]# yum list cyrus-imapd-utils
Installed Packages
cyrus-imapd-utils.x86_64                             2.3.16-6.el6_1.4
[root at vml000070 ~]# yum list cyrus-imapd
Installed Packages
cyrus-imapd.x86_64                                   2.3.16-6.el6_1.4


Intranet-host
[django at pml010002 ~]$ cat /etc/redhat-release
CentOS release 6.2 (Final)
[root at pml010002 ~]# yum list cyrus-imapd-utils
Installed Packages
cyrus-imapd-utils.x86_64                             2.3.16-6.el6_1.4


I'm very confused about that behavior. Why it is possible to connet to
Port 2000 from an intranet-host and why it fails inside my DMZ?

Any ideas ond/or hints?


ttyl
Django
-- 
"Bonnie & Clyde der Postmaster-Szene!" approved by Postfix-God
http://wetterstation-pliening.info
http://dokuwiki.nausch.org
http://wiki.piratenpartei.de/Benutzer:Django