1 (edited by heron 2019-07-16 00:31:38)

Topic: intermittent problem where SMTP fails IMAP succeeds

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.7 MYSQL edition.
- Deployed with iRedMail Easy or the downloadable installer? Command line install on AWS Ec2, so must have been downloadable
- Linux/BSD distribution name and version: Ubuntu 16.04 xenial
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes, iRedAdmin-Pro v2.8.0 (MySQL)
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue. "Could not connect to this SMTP server"
====

INTRODUCTION:

I have been using iRedMail with iRedAdmin Pro since about March 2018. It is a simple mail server with one main user (me) and a few occasional users.

There would be pockets of time where sometimes it would not work to send and recieve mail. The mail accounts were all set up through the Apple Mail application on desktop for each user, not using the webmail service. It was a slight inconvenience for the team, but we would just wait some time to resend the email and it would go through without a problem.

After encountering this issue one too many times, I set out to get to the root of the problem and resolve it once and for all. After enough investigation, I found that using sudo iptables -n -L would return to me everything related to fail2ban, and that f2b was being very very sensitive and banning the ip addresses of some of our users for a certain amount of time.

I suppose that since everyone using the app was a VPN user, switching to a new VPN would make the previous IP ban a non-issue and temporarily resolve. Every time a user would run into this issue, I would SSH into the iRedMail server and run the command sudo fail2ban-sshd set dovecot-iredmail unbanip <ip-address> (or for postfix-iredmail, etc). Eventually we noticed this happening so frequently that we said let's just disable all of the f2b services since it wasn't actually capturing ANY IPs that weren't belonging to actual users of the mail server.

Mail was sending and recieving as normal for a bit, then suddenly a new intermittent issue comes up that the local mail client can connect to IMAP without issue, but cannot cannot to SMTP. I try with and without VPN to get the same results. This is really strange because my issue used to be solved by eliminating the fail2ban records, but now I see that fail2ban is not related at all.

I have iRedAdmin-Pro up on an AWS EC2 instance. I can open up the ports to access from 443 so that I can use the admin panel and Roundcube mail client. Roundcube outgoing mail works perfectly fine.

Keep in mind that I can recieve mail in my local mailclient over IMAP, but cannot send outbound over SMTP.

Usually I just get up and walk away and when I come back a few hours later the problem has solved itself. Then a few days later I get the exact same problem all over again. I have not fully tested when it works and when it does not for a period of 24 hours a day over 7 days yet, I only notice the issue when I want to send mail from this account which does not even happen every day.

===

ubuntu@mx:~$ postconf -n

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
command_directory = /usr/sbin
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mail_owner = postfix
mailbox_size_limit = 104857600
mailq_path = /usr/bin/mailq
message_size_limit = 104857600
mydestination = $myhostname, localhost, localhost.localdomain
mydomain = mx.maildrop.network
myhostname = mx.maildrop.network
mynetworks = 127.0.0.1 [::1]
myorigin = mx.maildrop.network
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.[2..11]*2
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_whitelist_threshold = -2
postscreen_greet_action = enforce
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
queue_directory = /var/spool/postfix
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname
smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

2

Re: intermittent problem where SMTP fails IMAP succeeds

Additionally, I tried to restart all of the services in this order. Did not change anything, IMAP still working fine SMTP not.

ubuntu@mx:~$ sudo service mysql stop
ubuntu@mx:~$ sudo service apache2 stop
ubuntu@mx:~$ sudo service postfix stop
ubuntu@mx:~$ sudo service dovecot stop
ubuntu@mx:~$ sudo service iredapd stop
ubuntu@mx:~$ sudo service amavis stop
ubuntu@mx:~$ sudo service clamav-daemon stop
ubuntu@mx:~$ sudo service clamav-freshclam stop
ubuntu@mx:~$ sudo service mysql start
ubuntu@mx:~$ sudo service apache2 start
ubuntu@mx:~$ sudo service postfix start
ubuntu@mx:~$ sudo service dovecot start
ubuntu@mx:~$ sudo service iredapd start
ubuntu@mx:~$ sudo service amavis start
ubuntu@mx:~$ sudo service clamav-daemon start
ubuntu@mx:~$ sudo service clamav-freshclam start

3

Re: intermittent problem where SMTP fails IMAP succeeds

Usually this is caused by Fail2ban due to not expect (by human beings) ban, but without fail2ban, how could it happen? This confused me too.

- When you cannot send email, what error message did you get with Outlook?
- Does sending work with webmail in the meantime?
- Is it possible that it's caused by your home/local firewall or VPN?

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee