Error log:
IMAP Error: Could not connect to localhost at port 143: Permission denied in on line 0
I got this after a 'yum update'. I tried "everything"
, but still the same.
After on my knees begging the server to work (it did not help), I remember that I use modsecurity, and after checking the logs I see modsecurity_crs_30_http_policy.conf has seen the login script.
Not strange yet... I excluded modsecurity_crs_30_http_policy.conf in mod_security.conf and restarted httpd -> It works again. And I'm happy
Then I wanted to know what in modsecurity_crs_30_http_policy.conf stopped the login so I made a new blank modsec_auidit.log file and included modsecurity_crs_30_http_policy.conf in mod_security.conf again and then restarted httpd -> Now I wanted a fresh log in modsec_auidit.log... But the login still works... Now it's strange, but it works... But I'm still happy
Maybe this helps somebody...
Extra info, if you like, from modsec_auidit.log after last login
--307f772a-A--
[17/Dec/2008:16:07:05 +0100] SUkVmX8AAAEAABF6NKIAAAAA 127.0.0.1 57370 127.0.0.1 80
--307f772a-B--
POST /rcm/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://localhost/rcm/?_task=mail&_action=logout
Cookie: mailviewsplitterv=165; mailviewsplitter=200; roundcube_sessid=22375626e347984c2ff8f7940aca372a
Content-Type: application/x-www-form-urlencoded
Content-Length: 77
--307f772a-C--
_action=login&_timezone=1&_user=user%40mydomain.com&_pass=secretpassword
--307f772a-F--
HTTP/1.1 302 Found
X-Powered-By: PHP/5.2.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: roundcube_sessid=deleted; expires=Tue, 18-Dec-2007 15:07:04 GMT
Set-Cookie: roundcube_sessid=632c05bb78dace0f265590d95cdee265; path=/
Location: ./?_task=mail
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 26
Connection: close
Content-Type: text/html; charset=UTF-8
--307f772a-H--
Message: Warning. Operator EQ matched 0 at GLOBAL. [file "/etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf"] [line "120"] [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"]
Apache-Handler: php5-script
Stopwatch: 1229526425007517 498585 (558* 3674 497397)
Producer: ModSecurity for Apache/2.5.6 (http://www.modsecurity.org/); core ruleset/1.6.1.
Server: Apache
--307f772a-K--
SecRule "REQUEST_METHOD" "@rx ^POST$" "phase:2,chain,t:none,deny,log,auditlog,status:400,msg:'POST request must have a Content-Length header',id:960012,tag:PROTOCOL_VIOLATION/EVASION,severity:4"
SecRule "REQUEST_METHOD" "!@rx ^(?:get|head|propfind|options)$" "phase:2,chain,t:none,t:lowercase,deny,log,auditlog,status:501,msg:'Request content type is not allowed by policy',id:960010,tag:POLICY/ENCODING_NOT_ALLOWED,severity:4"
SecRule "RESPONSE_HEADERS:Content-Encoding" "!@rx ^Identity$" "phase:4,t:none,pass,log,auditlog,msg:'ModSecurity does not support content encodings',id:960903,severity:4,chain,initcol:global=global"
SecRule "&GLOBAL:alerted_960903_compression" "@eq 0" "phase:2,log,auditlog,pass,setvar:global.alerted_960903_compression"
--307f772a-Z--
The error when it did'nt work
--ce549040-A--
[17/Dec/2008:15:00:03 +0100] SUkF4n8AAAEAAAsNFOMAAAAA 123.123.123.123 58583 172.0.0.1 80
--ce549040-B--
POST / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-silverlight, application/x-shockwave-flash, */*
Referer: http://smtp.mydomain.com/
Accept-Language: sv
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727)
Host: smtp.mydomain.com
Content-Length: 75
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: mailviewsplitterv=165; addressviewsplitter=250; language=sv; mailviewsplitter=236; roundcube_sessid=i0975jqlu4ndabfp0r7iv2afc5
--ce549040-C--
_action=login&_timezone=1&_user=user@mydomain.com&_pass=secretpassword
--ce549040-F--
HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sessauth=-del-; expires=Wed, 17-Dec-2008 13:59:03 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1137
Connection: close
Content-Type: text/html; charset=UTF-8
--ce549040-H--
Message: Warning. Operator EQ matched 0 at GLOBAL. [file "/etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf"] [line "120"] [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"]
Apache-Handler: php5-script
Stopwatch: 1229522402416709 793984 (348* 3619 654363)
Producer: ModSecurity for Apache/2.5.6 (http://www.modsecurity.org/); core ruleset/1.6.1.
Server: Apache
--ce549040-K--
SecRule "REQUEST_METHOD" "@rx ^POST$" "phase:2,chain,t:none,deny,log,auditlog,status:400,msg:'POST request must have a Content-Length header',id:960012,tag:PROTOCOL_VIOLATION/EVASION,severity:4"
SecRule "REQUEST_METHOD" "!@rx ^(?:get|head|propfind|options)$" "phase:2,chain,t:none,t:lowercase,deny,log,auditlog,status:501,msg:'Request content type is not allowed by policy',id:960010,tag:POLICY/ENCODING_NOT_ALLOWED,severity:4"
SecRule "RESPONSE_HEADERS:Content-Encoding" "!@rx ^Identity$" "phase:4,t:none,pass,log,auditlog,msg:'ModSecurity does not support content encodings',id:960903,severity:4,chain,initcol:global=global"
SecRule "&GLOBAL:alerted_960903_compression" "@eq 0" "phase:2,log,auditlog,pass,setvar:global.alerted_960903_compression"
--ce549040-Z--