Topic: intermittent problem where SMTP fails IMAP succeeds
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.7 MYSQL edition.
- Deployed with iRedMail Easy or the downloadable installer? Command line install on AWS Ec2, so must have been downloadable
- Linux/BSD distribution name and version: Ubuntu 16.04 xenial
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes, iRedAdmin-Pro v2.8.0 (MySQL)
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue. "Could not connect to this SMTP server"
I have been using iRedMail with iRedAdmin Pro since about March 2018. It is a simple mail server with one main user (me) and a few occasional users.
There would be pockets of time where sometimes it would not work to send and recieve mail. The mail accounts were all set up through the Apple Mail application on desktop for each user, not using the webmail service. It was a slight inconvenience for the team, but we would just wait some time to resend the email and it would go through without a problem.
After encountering this issue one too many times, I set out to get to the root of the problem and resolve it once and for all. After enough investigation, I found that using sudo iptables -n -L would return to me everything related to fail2ban, and that f2b was being very very sensitive and banning the ip addresses of some of our users for a certain amount of time.
I suppose that since everyone using the app was a VPN user, switching to a new VPN would make the previous IP ban a non-issue and temporarily resolve. Every time a user would run into this issue, I would SSH into the iRedMail server and run the command sudo fail2ban-sshd set dovecot-iredmail unbanip <ip-address> (or for postfix-iredmail, etc). Eventually we noticed this happening so frequently that we said let's just disable all of the f2b services since it wasn't actually capturing ANY IPs that weren't belonging to actual users of the mail server.
Mail was sending and recieving as normal for a bit, then suddenly a new intermittent issue comes up that the local mail client can connect to IMAP without issue, but cannot cannot to SMTP. I try with and without VPN to get the same results. This is really strange because my issue used to be solved by eliminating the fail2ban records, but now I see that fail2ban is not related at all.
I have iRedAdmin-Pro up on an AWS EC2 instance. I can open up the ports to access from 443 so that I can use the admin panel and Roundcube mail client. Roundcube outgoing mail works perfectly fine.
Keep in mind that I can recieve mail in my local mailclient over IMAP, but cannot send outbound over SMTP.
Usually I just get up and walk away and when I come back a few hours later the problem has solved itself. Then a few days later I get the exact same problem all over again. I have not fully tested when it works and when it does not for a period of 24 hours a day over 7 days yet, I only notice the issue when I want to send mail from this account which does not even happen every day.
ubuntu@mx:~$ postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases allow_min_user = no allow_percent_hack = no biff = no body_checks = pcre:/etc/postfix/body_checks.pcre command_directory = /usr/sbin compatibility_level = 2 content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix/sbin data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 enable_original_recipient = no header_checks = pcre:/etc/postfix/header_checks inet_interfaces = all inet_protocols = all lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 lmtp_tls_protocols = !SSLv2 !SSLv3 mail_owner = postfix mailbox_size_limit = 104857600 mailq_path = /usr/bin/mailq message_size_limit = 104857600 mydestination = $myhostname, localhost, localhost.localdomain mydomain = mx.maildrop.network myhostname = mx.maildrop.network mynetworks = 127.0.0.1 [::1] myorigin = mx.maildrop.network newaliases_path = /usr/bin/newaliases postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr postscreen_blacklist_action = enforce postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.[2..11]*2 postscreen_dnsbl_threshold = 2 postscreen_dnsbl_whitelist_threshold = -2 postscreen_greet_action = enforce proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps queue_directory = /var/spool/postfix recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf recipient_delimiter = + relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp-amavis_destination_recipient_limit = 1 smtp_tls_CAfile = $smtpd_tls_CAfile smtp_tls_loglevel = 1 smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_note_starttls_offer = yes smtp_tls_protocols = !SSLv2 !SSLv3 smtp_tls_security_level = may smtpd_data_restrictions = reject_unauth_pipelining smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes smtpd_sasl_path = private/dovecot-auth smtpd_sasl_type = dovecot smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA smtpd_tls_key_file = /etc/ssl/private/iRedMail.key smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtpd_tls_protocols = !SSLv2 !SSLv3 smtpd_tls_security_level = may swap_bangpath = no tls_random_source = dev:/dev/urandom transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf unknown_local_recipient_reject_code = 550 virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf virtual_gid_maps = static:2000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf virtual_minimum_uid = 2000 virtual_transport = dovecot virtual_uid_maps = static:2000