Can't fetch mail from Gmail anymore, not sure if upgrade to 3.2 related

Hi, Server was running fine, then last last week I upgraded to 3.2, and everything was still running fine, including fetching from Gmail, but 2 days ago, it can longer fetch email. I don't remember changing anything 2 days ago that would cause this. Been troubleshooting by looking at UFW and it looks ok, has the correct open port 995. Also thought it may be because of fail2ban blocking it, so I turned it off, but still same problem. Also tried not using SSL on port 110 and not working either. As well it works fine from Roundcube webmail on the same server. From mail.log it looks like it tries to connect, but then disconnects right away.

Here's the lines from mail log that shows up when Gmail tries to connect.

Code:

Jan 17 18:25:03 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<uBfEBBa5ApoAAAAAAAAAAAAAAAAAAAAB>
Jan 17 18:25:03 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<vhfEBBa5oIwAAAAAAAAAAAAAAAAAAAAB>

Not sure what to check next, as postfix works fine. When I send an email to the mailboxes on the server, they are received fine. Even when I use Gmail and "Send mail as" from a mailbox on the server, it works fine too. So the smtp relay with auth is working fine. It just can't connect pop3 or imap from Gmail.

Here is what Gmail says

Code:

Connection Error.
Server returned error "Connection timed out: There may be a problem with the settings you added. Ple..."

And here is the troubleshooting log as per the posting rules.
(Actually the file is attached as I could not post here, it was over the 10000 word count)

Here's the ports on my firewall,

Code:

20,21,22,25,53,80,110,143,443,465,510,587,993,995,3306,8080,8081,10000,40110:40210

Thanks for any suggestions, as I'm really stuck on this.

 

Yes, trying to fetch mail from my Ispconfig server running on Debian 10, that was upgraded to 3.2 just over a week ago. Gmails say it hasn't fetched the pop3 properly since 2 days ago though. I did have to reverse the Letsencrypt SSL for ispconfig/postfix/ftp setup, so that Ispconfig 3.2 can use the new built in setup, but I think I reversed it correctly, as I was quite careful and SSL seems fine for all services.

Here's the results of what you requested

Code:

root@server1:~# fail2ban-client status dovecot
Status for the jail: dovecot
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- File list:        /var/log/mail.log
`- Actions
   |- Currently banned: 1
   |- Total banned:     1
   `- Banned IP list:   148.66.8.154

I tried to lookup the one banned ip, but could not tell if it was from Gmail. I did however stop fail2ban service to make sure it was not the problem, and I still could not fetch email when the service was shutdown.

Also my setup on gmail was working for as long as I can remember, I added a "Check mail from other accounts:" email and username is my full email from the Ispconfig box, plus password, server is the fqdn for the mx server, and port I'm using is 995, and also have "Always use a secure connection (SSL) when retrieving mail" selected, but I tested it with it off, and also tested it with it off and using port 110, both no go.

Thanks for the help

 

Hm good idea, I haven't installed TB in so many years because never had the need to, I'll install and check it out.

 

That Link is what I had setup before the 3.2 upgrade for Letsencrypt, and it worked beautifully with the incron job, but from what I read people suggested to reverse the instructions and go with the default on Ispconfig. Maybe I shouldn't have done it.

Either way though, TB seems to works fine, for both Imap and Pop3, so it may have to do with Gmail. Not sure if Gmail is blocking my server IP, or if it was because I had the accounts setup before and the SSL is not matching after the upgrade? Would that be an issue? maybe the change in SSL caused my IP to be banned? I may have to contact Gmail support if there is even such a thing.

But it's strange though if Gmail were blocking my server IP, would I still see the auth attempts on the mail.log? Cuz I'm pretty sure the ones I posted were from Gmail.

 

Yes, I tried to use the identical configuration, so for mail server I used the exact same thing, same port (I even tried with pop3), and username and password, in addition to using both "ssl/tls" and "startssl" on TB. They all seem to work to get the updated mail.

 

I just tried with Gmail again and still can't connect. So strange. This is the connection details from Gmail, but does not explain much.

Code:

There was a problem connecting to server1.mydomain.com
Server returned error: "Connection timed out: There may be a problem with the settings you added. Please contact your other email provider to verify the correct server name and port."

But there's not much settings, just username, password, server, port and to use SSL or not. It has always worked, and I've tried multiple combinations including without ssl. It's as if my server is blocking gmail. I am using Rspamd instead of spamassasin, would that block a server(gmail) by any means?

 

Oh it's very possible that it's IPV6 issue, I do have both IPV4 and IPV6 setup as it seems to work best for mail sending, it's really a pain in the ass to get both working well. I have reboot the server several times today even though, but I'll give it another go.

 

Just tried from an ssh session on the server and no replies. What should I be looking for?

 

It's a VPS at Hostus.us I'm not sure what I should be looking for unfortunately, sorry. I tested ping at
ping ipv4.amsterdamtech.net and it worked, but not sure where to check on the IPV6 issue. I checked the client settings and I still have the same IPV6 address, setup correctly with a rDNS and PTR.

 

Ok, I'll contact them. Thanks so much for your help.

 

also check any firewalls you may have in front of that server, it may be that the mail ports are only open to traffic with the ipv4 destination address, you may need to add the ipv6 ports there as well.