HI all, have a little big problem Have been running a production server for about 600 days know without any problems. Running Suse 10.1 with the perfect setup, and ISPconfig 2.2.18 Since last friday, i've been getting strange problems with pop3 mail retrieval. Since friday, i've had 2 clients that couldn't retrieve their e-mail, neither with Outlook 2003, Outlook 2007 or Outlook Express. @ first i tought it where errors from the clientside, cause i googled the outlook error messages, and they all said client errors. But since 2 different clients with two different ISP providers got the same errors, spread over 3 days, i'm thinking it's something related to the ISPconfig configuration. On friday it started with client A. Went over there, rebooted the modem and it works again for 15mins, rebooted the modem again, and works again for 15mins. On saturday, Client A worked fine again, didn't change anything @ their configuration. On sunday, Client B couldn't retrieve e-mail with the same errors as client A on friday. Client A worked fine on sunday. Tried different solution angles posted on this forum, altering postfix config, trying to connect the clients with secure connections, nothing helped. Set the Bastille firewall to max logging of failed attempts, when the client that get's errors tries to connect, it doesn't show anything. The error messages the clients get: http://www.rackserver.be/mailerrors/outlook 2007.JPG http://www.rackserver.be/mailerrors/outlook express.JPG My postfix main.cf file: http://www.rackserver.be/mailerrors/main.cf My postfix virtusertable: http://www.rackserver.be/mailerrors/virtusertable Telnetting to port 110 works fine, but not for my clients that get the error messages. They can't connect at all. Surfing to their domain works fine, so tried surfing to the webmail ( scuirrelmail ). Logging in trough webmail works fine, and the clients can see their e-mail. hope you guys can help greetz
As you get the errors when retrieving mail, its not a postfix problem. Postfix is only for sending emails. Wjich error messages do you get in the mail.log for the connection attempts of these clients? Do you use maildir or mbox format for storing the mailboxes?
Hi till, I'm using maildir. The strange thing is, the connection attempts of those clients don't even show up in the /var/log/mail log file. If i try it from my home, it shows up fine. Since this morning, client A and client B both can't connect. If i try to telnet to port 110, i just get a blinking cursor, not the hello line. If i try it from my own PC at home, both mail receiving and telnet work fine. I disabled the Bastille firewall, but that doens't help either. If i try to ping or nslookup to the mailserver mail.rackserver.be, i get a reply with the ip-adress, so it shouldn't be DNS either. The strange thing is, client A and client B are one different ISP networks...
Then I guess its a problem with a firewall at these clients. Maybe both use the same local firewall and e.g. a automatic update on this software causes the problem. If you are able to connect from other locations to your server, then its most likely not a server problem. Or do you use a software like fdenyhosts that blocks specific IP addresses on your server? The ISPConfig Bastille firewall is not capable of blocking single IP addresses.
Hi till, I do not use fdeny host. When you where replying, i set up tethereal for capturing. ( Ethereal / Wireshark ) The following file contains packets from client B: http://www.rackserver.be/mailerrors/capture_on_server_client_A.pcap The following file contains packets from client A: http://www.rackserver.be/mailerrors/capture_on_server_client_B.pcap http://www.rackserver.be/mailerrors/capture_on_server_client_B-2.pcap http://www.rackserver.be/mailerrors/capture_on_server_client_B-telnet.pcap As far as i can see, the client is connecting to the server, but packets don't get delivered ? Also some strange packets from pop3 in there ? greetz
UPDATE: When i try to connect trough IMAP (openend port first), then the clients receive the e-mail correctly. So i decided to dig a little on google: I tried altering the courier configuration, and changed the concurrent connections from 1 ip from 4 to 20, restarted courier-pop and it seems to do the trick for know. Tried altering the configuration again, changed it back from 20 to 4, and it still works. Very strange behavior ... Altough it works for know, i think someting is wrong with courier + i find the captured files from the server regarding the pop messages very strange. Hope someone knows what they are. greetz
Well, It worked fine for about one day, before it wen't wrong again... Had to restart courier-pop to get it working again. Could it have something to do with the max connections from 1 ip ? Is it possible to verify the courier-pop connections of 1 ip ? Changed the max connection from 30 to 100, this should be way sufficient. I also noticed some postfix/smtp errors: Jan 8 15:49:03 lisa postfix/smtp[31046]: 1AAF4569663: to=<[email protected]>, orig_to=<[email protected]>, relay=none, delay=1277, status=deferred (connect to in.mx.domain.be[195.238.5.129]: server refused to talk to me: 421 #4.4.5 Too many connections from your host. ) Very strange, since postfix is set to only allow outgoing mail from the local network/domains. Is it possible to display a smtp list of outgoing mails that are in que ? greetz
Please check on your mail log file how many connections you have from this IP. Maybe someone is trying to crack a pop3 account with a brute force attack.
Already checked the connections manually in the mail logs. The client connects every minute with all account, max 6. So this would mean a maximum of 6 connections a minute ( 12 if you count login/logout). This is why i changed the "max connections value"/ip first to 30, and know to 100. The strange thing is: when the errors occur, if i restart courrier-pop, all works fine again. Will try to check the postfix/anvil function this evening. greetz
