Today I was setting up UFW in my Ubuntu VPS server and discovered that even with port 993 open I wasn't able to authenticate into my mail.
After some investigation I realized that UFW was blocking local requests to itself! This was a problem because while I was connecting successfully to 993 from outside, the VM was trying to connect to itself to authenticate with the TLS server and database.
The solution was a simple UFW rule:
ufw allow 127.0.0.1
Or, allow me to talk to myself on any port. Works!
I also had to explicitly allow pings for some reason as an after filter to UFW. Otherwise performance was terrible.
-A ufw-after-input -p icmp --icmp-type echo-request -j ACCEPT