1

Topic: email clients disconnect from the iRedMail server

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4 and 0.9.5-1
- Linux/BSD distribution name and version: CentOS Linux release 7.2.1511
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have two iredmail mail servers (0.9.4 and 0.9.5-1). On these servers there is a problem - mail clients (MS outlook 2010, Thunderbird, the Bat) fall off from the server . The accounts type is IMAP.  So, in MS Outlook the inscription appears in the status bar-Disconnected. IMAP data becomes unavailable. But the server continues to work correctly through the web interface. This disable is fixed by closing and opening mail clients. This disconnection is unpredictable, maillog did not find suspicious entries in the logs. Please help to find the problem

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: email clients disconnect from the iRedMail server

How many mail accounts do you have on this server? do most of them use IMAP in MUA?

3

Re: email clients disconnect from the iRedMail server

15 accounts. Yes, use IMAP in MUA

4

Re: email clients disconnect from the iRedMail server

Do all users connect to server from same public IP address (e.g. in same office)? If yes, it sounds like your public IP was blocked in iptables firewall (triggered by Fail2ban) on server. Please check iptables firewall rules (with command "iptables -L -n") to figure it out.

5

Re: email clients disconnect from the iRedMail server

for clarification:
our users connect from local computers to the terminal server via RDP. Each user has their own remote desktop with MUA. Disconnecting the mail client from the iredmail server is not at all at once, but for example only two users out of 15. As I wrote above, this shutdown is fixed by closing and opening the mail client. The iptables configuration has not changed after installing iRedMail

6

Re: email clients disconnect from the iRedMail server

*) did you see any related error / warning in Dovecot log files (/var/log/dovecot/*)?
*) did you try other MUA? like Thunderbird.
*) does your server have valid ssl cert for imap service (Dovecot)?

7

Re: email clients disconnect from the iRedMail server

*) Today I caught my problem in Outlook. May be this problem with TLS? Below is a part of dovecot log:

May 25 11:00:38 imap(maxim@aurelia-laki.ru): Info: Logged out in=87087 out=73667
May 25 11:01:54 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.0.20, lip=192.168.0.14, TLS handshaking: Disconnected, ses$
May 25 11:01:54 imap(maxim@aurelia-laki.ru): Info: Logged out in=306 out=7993

-----------------------------------------------------------------------------------------------

May 25 11:05:47 imap(maxim@aurelia-laki.ru): Info: Logged out in=125468 out=447481
May 25 11:05:47 imap-login: Info: Login: user=<maxim@aurelia-laki.ru>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3108, secured, session=<tG5PPANt7Np/$
May 25 11:05:48 imap(maxim@aurelia-laki.ru): Info: Logged out in=819 out=71858
May 25 11:05:49 imap-login: Info: Login: user=<maxim@aurelia-laki.ru>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3112, secured, session=<3TBtPANt9Np/$
May 25 11:05:56 imap(maxim@aurelia-laki.ru): Info: Logged out in=12500 out=86769
May 25 11:05:56 imap-login: Info: Login: user=<maxim@aurelia-laki.ru>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3116, secured, session=<injaPANt/Np/$
May 25 11:05:57 imap(maxim@aurelia-laki.ru): Info: Logged out in=445 out=48269
May 25 11:05:58 imap-login: Info: Login: user=<maxim@aurelia-laki.ru>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3118, secured, session=<FCr7PANtAtt/$
May 25 11:06:23 imap-login: Info: Login: user=<maxim@aurelia-laki.ru>, method=PLAIN, rip=192.168.0.20, lip=192.168.0.14, mpid=3134, TLS, session=<yYZzPgNtF+$
May 25 11:06:25 imap-login: Info: Login: user=<maxim@aurelia-laki.ru>, method=PLAIN, rip=192.168.0.20, lip=192.168.0.14, mpid=3136, TLS, session=<pRqXPgNtNO$
May 25 11:06:27 imap-login: Info: Login: user=<maxim@aurelia-laki.ru>, method=PLAIN, rip=192.168.0.20, lip=192.168.0.14, mpid=3138, TLS, session=<fsirPgNtO+$
May 25 11:07:51 imap(maxim@aurelia-laki.ru): Info: Logged out in=26173 out=365576
May 25 11:07:51 imap(maxim@aurelia-laki.ru): Info: Logged out in=111 out=12632




*) Thunderbird we not use
*) we have only self-signed SSL certificate (after installation iRedmail)

8

Re: email clients disconnect from the iRedMail server

Maxim Kozlov wrote:

May 25 11:01:54 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.0.20, lip=192.168.0.14, TLS handshaking: Disconnected, ses$

It says no imap auth.

Try to setup this account in Thunderbird also. If the account works with Thunderbird all the time, but not Outlook, it might be a Outlook related issue. I suggest requesting a free ssl cert from Lets Encrypt, Outlook sometimes is picky with ssl cert.

9

Re: email clients disconnect from the iRedMail server

Today I changed my MS Outlook IMAP port to 993 with SSL. And found in the dovecot log this entry:

May 28 16:04:28 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.0.20, lip=192.168.0.14, TLS handshaking: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac, session=<UG//wUNtw//AqAAU>

Perhaps this is due to a self-signed SSL certificate or IMAP service?

10

Re: email clients disconnect from the iRedMail server

Maybe caused by ssl cert. I suggest try again with a free letsencrypt cert.

11

Re: email clients disconnect from the iRedMail server

Hello,

We bought an SSL certificate (Certum) but the problem was not solved:

imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.0.20, lip=192.168.0.14, TLS handshaking: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac, session=<lPuIc7p07+fAqAAU>

As usual, disconnection the MUA from the server is treated by restarting the MUA

12

Re: email clients disconnect from the iRedMail server

No idea. I suggest try different MUAs together, it's probably a MUA issue (either misconfigured settings, or bug). sad