Imaps connectivity problem

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
Martinwiertz
Advanced member
Advanced member
Posts: 85
Joined: Sat Sep 13, 2014 3:55 am
Location: The Netherlands
ZCS/ZD Version: V10 FOSS Intalio on Ubuntu20.04

Imaps connectivity problem

Post by Martinwiertz »

Hi,

Last days I migrated my FOSS server to new hardware. Zimbra Suite Plus did it for me.
My new server version: Release 8.8.9.GA.3019.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.9_P6.

Https connectivity via webbrowser is ok, but imap ssl not (993). The smartphones were able to connect with imaps to the old server but not to the new server.
Also Zimbra Desktop is not connecting, 443.

I am puzzled what is causing this and how to change. Please help!

sudo ufw status
Status: active

To Action From
-- ------ ----
4444 ALLOW 192.168.2.0/24
7071 ALLOW 192.168.2.0/24
993/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
993/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)

zmprov gacf | grep BindPort
zimbraCBPolicydBindPort: 10031
zimbraExtensionBindPort: 7072
zimbraImapBindPort: 7143
zimbraImapProxyBindPort: 143
zimbraImapSSLBindPort: 7993
zimbraImapSSLProxyBindPort: 993
zimbraLmtpBindPort: 7025
zimbraMemcachedBindPort: 11211
zimbraMilterBindPort: 7026
zimbraNotifyBindPort: 7035
zimbraNotifySSLBindPort: 7036
zimbraPop3BindPort: 7110
zimbraPop3ProxyBindPort: 110
zimbraPop3SSLBindPort: 7995
zimbraPop3SSLProxyBindPort: 995
zimbraRemoteImapBindPort: 8143
zimbraRemoteImapSSLBindPort: 8993
zimbraReverseProxyImapPortAttribute: zimbraImapBindPort
zimbraReverseProxyImapSSLPortAttribute: zimbraImapSSLBindPort
zimbraReverseProxyPop3PortAttribute: zimbraPop3BindPort
zimbraReverseProxyPop3SSLPortAttribute: zimbraPop3SSLBindPort

sudo netstat -anltp | egrep '^tcp' | grep LISTEN | awk '{print $4 " "$7}' | sed -e 's/.*://' | sort -n | uniq

22 1108/sshd
25 11375/master
53 1065/dnsmasq
110 14130/nginx.conf
143 14130/nginx.conf
389 8651/slapd
443 14130/nginx.conf
465 11375/master
587 11375/master
993 14130/nginx.conf
995 14130/nginx.conf
3310 11130/clamd
7025 10582/java
7071 10582/java
7072 10582/java
7073 10582/java
7143 10582/java
7171 8671/java
7306 10453/mysqld
7780 11175/httpd
7993 10582/java
8080 10582/java
8443 10582/java
8465 11149/opendkim
8735 10582/java
8736 10582/java
10024 10892/amavisd
10025 11375/master
10026 10892/amavisd
10027 11375/master
10028 11375/master
10029 11375/master
10030 11375/master
10032 10892/amavisd
11211 10786/memcached
23232 10860/perl
23233 10862/perl
37717 10582/java
User avatar
vavai
Advanced member
Advanced member
Posts: 174
Joined: Thu Nov 14, 2013 2:41 pm
Location: Indonesia
ZCS/ZD Version: 0
Contact:

Re: Imaps connectivity problem

Post by vavai »

Hi,

What about disabling firewall for temporary case, looking at possible blacklist/banned IP and nmaping selected port from different IPs? You can also trying to telnet from localhost and different host.

Vavai
Labsy
Outstanding Member
Outstanding Member
Posts: 411
Joined: Sat Sep 13, 2014 12:52 am

Re: Imaps connectivity problem

Post by Labsy »

Maybe IPv6 problems?
Or like in my case few years ago, when I had ZCS behind NAT and it's inbound public IP was not the same as outbound public IP? I had to configure not only inbound NAT, but also outbound forwarding rules for all ports to match proper public IP.

I'd begin by installing iftop (apt-get install iftop) and monitor incoming IMAPS connection to port 993 (and internal 8993). What happens when you try to connect - do you see incoming connection on ZCS box?
Martinwiertz
Advanced member
Advanced member
Posts: 85
Joined: Sat Sep 13, 2014 3:55 am
Location: The Netherlands
ZCS/ZD Version: V10 FOSS Intalio on Ubuntu20.04

Re: Imaps connectivity problem

Post by Martinwiertz »

Firewall on or off has no effect. It looks like it related to the ports which are used for imap. If I change them manually various messages with port conflicts occur. I don't want to proceed and render the server useless. Currently we have access to webpage and mail/calendar/etc.

I installed Zimbra 8.8.9 default and restored the Suite plus backup. Default proxy and memcache should work fine but it seems it got broken after the backup.

Do appreciate help from the experts. :-)
Martinwiertz
Advanced member
Advanced member
Posts: 85
Joined: Sat Sep 13, 2014 3:55 am
Location: The Netherlands
ZCS/ZD Version: V10 FOSS Intalio on Ubuntu20.04

Re: Imaps connectivity problem

Post by Martinwiertz »

SOLVED !

The changes to the DSL Firewall were successful but needed a reboot. Traffic was routed to new machine but not all I think. Preventive reboot solved connectivity issues.
Thanks for your support.
Post Reply