Hi, i've been having a strange issue for some months, but is very rare to me because it is not always. The problems is when a client try to connect to the email account, sometimes it is not possible because a login error, but 5 seconds later with the same credential can do it, and this happened with Outlook, Mail Mac, Mailbird, even from Roundcube. In the Roundcube we got the following message "Invalid request! Data was not saved.", but after that message you click again the login button and can access without problems checking the mail log i've found this: Code: Oct 16 18:59:19 server1 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=14194, secured, session=<vI5Ee2bqQrIAAAAAAAAAAAAAAAAAAAAB> Oct 16 18:59:21 server1 dovecot: imap([email protected])<14197><Vgple2bqqM8AAAAAAAAAAAAAAAAAAAAB>: Logged out in=413 out=2557 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Oct 16 19:00:21 server1 dovecot: auth-worker(17450): sql(myemail@mydomain,XXX.XXX.XX.XXX,<jxJofmbqvuzJiV6T>): Password mismatch Oct 16 19:00:21 server1 dovecot: auth-worker(15034): sql(myemail@mydomain,XXX.XXX.XX.XXX,<1BRofmbqv+zJiV6T>): Password mismatch Oct 16 19:00:23 server1 dovecot: imap-login: Aborted login (auth failed, 2 attempts in 12 secs): user=<[email protected]>, method=PLAIN, rip=XXX.XXX.XX.XXX, lip=YYY.YYY.Y.YYY, TLS, session=<jxJofmbqvuzJiV6T> Oct 16 19:00:23 server1 dovecot: imap-login: Aborted login (auth failed, 2 attempts in 12 secs): user=<[email protected]>, method=PLAIN, rip=XXX.XXX.XX.XXX, lip=YYY.YYY.Y.YYY, TLS, session=<1BRofmbqv+zJiV6T> As you can see in the first 2 lines i was able to connect and checks emails (i did that from an email administrator), and a minute later i couldn't checks emails, it says password mismatch, but thats not true because five minutes lattes with the same password i eas able to check it again. The thing is i don't know what can i do, to correct this I've got IPSConfig running on a Debian 10 server with a Xeon E3-1230 v6, and 32Gb Ram, and 2 HDD 1TB in RAID1
The following is the result from the test script: Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 10 (buster) [INFO] uptime: 15:10:50 up 27 days, 21:34, 1 user, load average: 0.25, 0.25, 0.27 [INFO] memory: total used free shared buff/cache available Mem: 31Gi 3.9Gi 9.5Gi 439Mi 18Gi 26Gi Swap: 18Gi 0B 18Gi [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.8p2 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.3.33-7+0~20220929.100+debian10~1.gbpdb2e49 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.33 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 421) [INFO] I found the following mail server(s): Unknown process (smtpd) (PID 471) [INFO] I found the following pop3 server(s): Dovecot (PID 9499) [INFO] I found the following imap server(s): Dovecot (PID 9499) [INFO] I found the following ftp server(s): PureFTP (PID 30441) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:110 (9499/dovecot) [anywhere]:143 (9499/dovecot) [anywhere]:465 (9126/master) [anywhere]:21 (30441/pure-ftpd) ***.***.***.***:53 (16738/named) ***.***.***.***:53 (16738/named) [localhost]:53 (16738/named) [anywhere]:22 (818/sshd) [localhost]:953 (16738/named) [anywhere]:25 (471/smtpd) [anywhere]:993 (9499/dovecot) [anywhere]:995 (9499/dovecot) [localhost]:11332 (17425/rspamd:) [localhost]:11333 (17425/rspamd:) [localhost]:11334 (17425/rspamd:) [localhost]:10023 (1006/postgrey) [localhost]:10024 (9332/amavisd-new) [localhost]:10025 (9126/master) [localhost]:10026 (9332/amavisd-new) [localhost]:10027 (9126/master) [anywhere]:587 (9126/master) [localhost]:6379 (887/redis-server) [localhost]:11211 (781/memcached) [localhost]10 (9499/dovecot) [localhost]43 (9499/dovecot) *:*:*:*::*:80 (421/apache2) *:*:*:*::*:8081 (421/apache2) *:*:*:*::*:465 (9126/master) *:*:*:*::*:21 (30441/pure-ftpd) *:*:*:*::*:53 (16738/named) *:*:*:*::*:22 (818/sshd) *:*:*:*::*:953 (16738/named) *:*:*:*::*:25 (471/smtpd) *:*:*:*::*:443 (421/apache2) *:*:*:*::*:993 (9499/dovecot) *:*:*:*::*:995 (9499/dovecot) *:*:*:*::*:11332 (17425/rspamd:) *:*:*:*::*:11333 (17425/rspamd:) *:*:*:*::*:11334 (17425/rspamd:) *:*:*:*::*:10023 (1006/postgrey) *:*:*:*::*:10024 (9332/amavisd-new) *:*:*:*::*:10026 (9332/amavisd-new) *:*:*:*::*:3306 (8820/mysqld) *:*:*:*::*:2763 (421/apache2) *:*:*:*::*:587 (9126/master) *:*:*:*::*:6379 (887/redis-server) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21 f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:20 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:2763 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:10000 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:11334 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:10040 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:5432 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:21 Chain ufw-user-output (1 references) target prot opt source destination Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-dovecot (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-pure-ftpd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ##### LET'S ENCRYPT ##### Certbot is installed in /opt/eff.org/certbot/venv/bin/certbot Also i'm using RSPAMD, but i don't think that is causing problems, because as far as i know, RSPAMD is for the incoming an outgoiung email, not for the connections to the email accounts.
Check the mysql log for errors, maybe mysql/mariadb is sometimes unreachable or has capacity problems.
Hi @till, i've check the Mysql log but doesn't appear anything there or at least is what i think because it doesn't say anything raveling: Code: 2022-10-21 13:02:02 2467172 [Warning] Access denied for user 'root'@'198.98.52.86' (using password: YES) 2022-10-21 13:20:33 2470001 [Warning] Access denied for user 'root'@'107.189.1.81' (using password: YES) 2022-10-21 13:22:34 2470281 [Warning] Access denied for user 'root'@'198.98.52.86' (using password: YES) Between those last 3 entries to the log yve try to send an email not less than 20 times and got the connection error. and i mean that those attempts are one hour after the last entry in the log. The log i took it from "/var/log/mysql", or the one i need to check is in another folder?
Yes, "/var/log/mysql is the right folder. These failed logins are not logins from the mail system, so they are not related to the issue.
I was trying to send an email and from the Mail-warn log i've got this message maybe this can bring some light to point me to the right direction Code: Oct 22 10:18:05 server1 postfix/smtps/smtpd[1400]: warning: unknown[87.246.7.77]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 22 10:18:08 server1 postfix/smtps/smtpd[2226]: warning: unknown[87.246.7.77]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 22 10:18:26 server1 postfix/smtpd[2366]: warning: unknown[212.70.149.22]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 22 10:18:32 server1 postfix/smtpd[2674]: warning: unknown[212.70.149.22]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 22 10:18:41 server1 postfix/smtpd[2366]: warning: unknown[212.70.149.22]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 22 10:18:42 server1 postfix/smtpd[2674]: warning: unknown[212.70.149.22]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 22 10:18:49 server1 postfix/smtps/smtpd[2206]: warning: hostname net6-ip77.linkbg.com does not resolve to address 87.246.7.77: Name or service not known Oct 22 10:18:53 server1 postfix/smtps/smtpd[1400]: warning: hostname net6-ip77.linkbg.com does not resolve to address 87.246.7.77: Name or service not known Oct 22 10:19:50 server1 postfix/smtps/smtpd[2206]: warning: unknown[87.246.7.77]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 22 10:19:54 server1 postfix/smtps/smtpd[1400]: warning: unknown[87.246.7.77]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Those IP address are not my server, or the one i have in place I'm right now, but the times match just when i try to send this email and i've got the error.
The "SASL LOGIN authentication failed: UGFzc3dvcmQ6" message is most likely just a bot that tries out passwords to break into an SMTP account.
I never had that issue and as it does not seem to cause any relevant log lines, it is not easy to debug. Did you check your DNS records at e.g. intodns.com? Maybe there is an issue that one of the DNS servers of the zones still points to a different server or something similar. I can also move your post to the public forum, maybe one of the other users has an idea.
Hi Till, sorry for not answer you earlier but i had some health issues that got me out of the way for some months, and the work get accumulated, but i'm retaking this issue. As you advice me, i went to intodns.com and i get a warning and an error: Warning Code: Name of nameservers are valid WARNING: At least one of your NS name does not seem a valid host name The ones that do not seem valid: ns2.mydomain.com ns1.mydomain.com Error Code: MX name validity The MX records that do not seem valid hostname: mail2.mydomain.com mail.mydomain.com This can cause problems But if I run a similar test in mxtoolbox.com, i've got everything ok
Does it say in what way those names are not valid? Have you verified all the domain names return the correct answer from all the name servers? Test them one by one. Since you do not say what the real domain names are, it is not possible for me to find out more.
No it does not said anything else. About the domains I get the same answer for all the domains. I'm going to put the domain of my panel so you can se the the full report of intodns, but as a security reason i will erase it in a couple of days. hospedaje dot website just erase the spaces and change the word for the symbol
This seems fine. I guess the tool that checks these at intoDNS ist not capable of handling ".website" and assumes the hostnames are not "valid" because of this, even tho they are. I don't see an issue with your configuration here.
Only thing out of ordinary I can find is the name server A records have TTL less than 3600. Maybe intodns considers this invalid? Did you lower the TTL on purpose?
Code: ;; ANSWER SECTION: hospedaje.website. 3600 IN MX 20 mail2.hospedaje.website. hospedaje.website. 3600 IN MX 10 mail.hospedaje.website. I this is a multiserver setup right? Why do both of your servers have the same PTR? Code: ;; ANSWER SECTION: 226.60.71.198.in-addr.arpa. 21494 IN PTR server1.hospedaje.website ;; ANSWER SECTION: 228.5.175.108.in-addr.arpa. 21471 IN PTR server1.hospedaje.website.
Yes and no. Originally it started as a standalone server, but after some time i had to add some additional servers, but these ones are only web servers, this is because the are some systems that need a biger mahcine with Postgres, etc. But the DNS server, email server, and for some small webs, is the original one "Server1". This is because at the very beginning i has only one public ip address in the server but i had some issues with the NS, and MX, servers and the recommendation was to have at least 2 different IPs address. This is because at the very beginning i has only one public ip address in the server, but i had some issues with the NS and MX services, and as far as i remember the recommendation to solve that issue was to have at least 2 different IPs address. But this was 4 or 5 years ago, so don't trust me much, my memory is not what used to be. Do you think that would be the problem?
The reverse DNS entry should always return the correct hostname and not just anything. But i don't belive this has anything to do with your issue at all, you should fix it anyways. What settings/hostname do you use to connect a local mailclient? Is there some kind of load balancing like haproxy for example in place?