I'm trying to get a mail server to support IMAP-over-SSL services. Everything is fine inside my network: Clients can specify SSL and port 993 in their email client configuration, and mail gets through. However, it's not working from outside: Somewhere, the port is getting blocked.
Nmap tells me this for the internal network:
[root@linux2 ~]# nmap -p993 192.168.0.4
Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-18 09:54 PDT
Nmap scan report for example.com (192.168.0.4)
Host is up (0.00022s latency).
PORT STATE SERVICE
993/tcp open imaps
MAC Address: 00:1F:5B:35:F4:C8 (Apple)
And for the outside network:
[root@linux2 ~]# nmap -p993 xxx.xxx.xxx.xxx
Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-18 09:54
PDT Nmap scan report for example.com (xxx.xxx.xxx.xxx)
Host is up (0.0023s latency).
PORT STATE SERVICE
993/tcp filtered imaps
So, somebody is doing some filtering; the question is who. My router's firewall has 993 open; I've also experimented with (briefly) disabling the router firewall altogether, but with no improvement. I've checked with my service provider (AT&T DSL), but they say they're not blocking it.
Are you sure you're forwarding the port from the router to your mail server correctly?
What kind of router you've got? Does it run Linux? If so, please post the output of
iptables -nvL -t nat | grep 993. Also runtcpdump -nli ethN port 993on the router, with ethN replaced with the outside NIC, and try to connect from the outside (not from linux2). If you see the packet coming in but not through, repeat with ethN replaced with the inside NIC. That's a sure way to determine if it is being routed correctly to your mail server.If it isn't Linux, does it have a debug mode you can use to check something like the above?
Run
tcptraceroutefrom outside to see where the connection is getting blocked.