Skip to main content

Disabling Dovecot - Deciding when to Block Ports (465, 587, 2095, 2096)

The decision to block ports 465, 587, 2095 and 2096 should be made carefully. This tutorial is only for WHM/CPanel servers. Most server administrators begin considering the decision when there are relentless Brute Force attempts at these open ports. 

1)    Check if you are using your local server to deliver emails for your clients or your organization by doing an MX Entry Lookup 

2)    Enter your domain name and If you see entries like
aspmx.l.google.com    
alt1.aspmx.l.google.com    
alt1.aspmx.l.google.com

or an equivalent Microsoft entries, you can confirm that Google or Microsoft’s mailing service is handling all emails

Even if external emails are handled by Microsoft or Google, there might be scripts essential for your website (authentication) that would depend on dovecot. 

Follow these steps with CAUTION.

Dovecot cannot be completely disabled as internal services depend on the IMAP protocol

Steps to Check if your website Depends on Dovecot

1)    Run the tail command on your exim_mainlog. Exim Main Log captures all email related events
tail -f /var/log/exim_mainlog

2)    Reset your password 

3)    Check the Ports the script is accessing.

4)    If your see the sendmail script in the log (usr/sbin/sendmail), you can be certain that the website is using Port 25. 465 and 587 are not required.

Removing Ports 465 587 2095 2096 from CSF

465 – is the port used for SSL (now depreciated)
587 – is the port used for TLS
2095, 2096 – are the port used for webmail 

Note 1: When you enter <your_website>.com/webmail if it redirects to <your_website>.com:2095 or <your_website>.com:2096 the port is open

Note 2: This instruction is for servers with CSF

Removing 465, 587, 2095 and 2096 from CSF Firewall

1. Go to Firewall Configuration

2. Search for TCP_IN
Remove the ports 465, 587, 2095 and 2096

3. Search for TCP6_IN
Remove the ports 465, 587, 2095 and 2096

TCP6_IN and TCP_IN should include the following ports
22,25,53,80,443
22 – sshd
25 – sendmail
53 – DNS
80 – http
443 – https

Save the changes and Restart the CSF server

Check exim_mainlog

tail -f /var/log/exim_mainlog

Keep monitoring for errors, bruteforce attempts, and open ports
 

Technical
Dovecot