need details on port 4190:sieve

Discussion in 'Installation/Configuration' started by inka, May 16, 2023.

Tags:
  1. inka

    inka Member

    Hi, it is unclear to me if an open 4190 on a single server setup is really needed?
    My setup is just for email and Roundcube isn't installed either, for better understanding i installed:

    Code:
    wget -O - https://get.ispconfig.org | sh -s -- --no-dns --use-unbound --no-roundcube --no-pma --no-mailman --no-quota --unattended-upgrades=autoclean,reboot --monit [email protected]  --ssh-port=xxx --ssh-permit-root=no --ssh-password-authentication=no --ssh-harden --interactive --use-php=system
    QUESTION 1:
    From what i gather i could config dovecot.conf to allow sieve only accept local connections but i am unclear if,
    1) i should in my setup scenario and 2) neither do i know how correctly disable external connection except by blocking the port via ufw/fw


    QUESTION 2:
    About MariaDB to only listen to local ports, whats the current way?
    Removing 3306 from default allowed ufw ports setup and also wanted to make sure that mariaDB is only listening to local ports but run into errors, see below.

    Code:
     vim /etc/mysql/mariadb.conf.d/50-server.cnf
    and removed the remark from,
    Code:
     bind-address            = 127.0.0.1
    But i do see
    Code:
    [Warning] Aborted connection 1627 to db: 'unconnected' user: 'unauthenticated' host: 'localhost' (This connection closed normally without authentication)
    in the logs.
    Tried with,
    Code:
     bind-address            = 127.0.0.1,127.0.1.1
    but then web UI wasn't working anymore.
     
    Last edited: May 16, 2023
    inka, May 16, 2023
    #1
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    It is not needed to open port 4190.

    Why only let MariaDB listen on local ports?
     
    Th0m, May 16, 2023
    #2
  3. inka

    inka Member

    Safety precaution, what am i not understanding here, if you please would be so kind to elaborate why i would need the port to be accessible from the outside world with my setup?

    PS
    I do still see the,
    Code:
     [Warning] Aborted connection 3926 to db: 'unconnected' user: 'unauthenticated' host: 'localhost' (This connection closed normally without authentication)
    after remarking the bind to localhost back to original setting. Only the port is blocked by ufw now.
     
    inka, May 16, 2023
    #3
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    It does not need to be open to the world, just set up a firewall and don't allow access to that port.
     
    Th0m, May 16, 2023
    #4
  5. inka

    inka Member

    Ok, as i have it right now.
    What can you tell me about this warning i see in syslog, what is trying to authenticate exactly every minute two times and fails both?

    Code:
    ~# mariadb --version
mariadb  Ver 15.1 Distrib 10.6.12-MariaDB, for debian-linux-gnu (x86_64) using  EditLine wrapper
~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.2 LTS
Release:        22.04
Codename:       jammy
     
    Last edited: May 16, 2023
    inka, May 16, 2023
    #5

Share This Page