1 (edited by mikek 2020-09-17 03:53:07)

Topic: This site cannot be reached ERR_CONNECTION_TIMED_OUT

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version: v1.3.1
- Deployed with iRedMail Easy or the downloadable installer? No
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
-
====
Some customers I set up fine and could access webmail and connect IMAP OK yesterday. Now today the get error ERR_CONNECTION_TIMED_OUT from their office trying to connect to /mail or /iredadmin. This only happens from their office IP. If they try outside the office it works. It they disconnect from WIFI and use cellular, it works. They can connect to different servers at my location OK. Just cannot connect to webmail or iredadmin or IMAP. This is happening with many customers. At first they connect and set up ok, then it stops working for them. They get This site cannot be reached ERR_CONNECTION_TIMED_OUT

Where are settings to increase the connections?

2

Re: This site cannot be reached ERR_CONNECTION_TIMED_OUT

I found that fail2ban was blocking them.

To see banned Ips:
# Iptables -L -n
To un-ban Ips:
# nano /etc/fail2ban/jail.local (add ips to this file)
# service fail2ban restart
To figure out why banned, see dovecot logs.
/var/log/dovecot

I still have not figured out if there is a way to prevent legitimate users from being banned.

3 (edited by mikekgr 2020-09-17 04:09:34)

Re: This site cannot be reached ERR_CONNECTION_TIMED_OUT

mikek wrote:

I found that fail2ban was blocking them.

To see banned Ips:
# Iptables -L -n
To un-ban Ips:
# nano /etc/fail2ban/jail.local (add ips to this file)
# service fail2ban restart
To figure out why banned, see dovecot logs.
/var/log/dovecot

I still have not figured out if there is a way to prevent legitimate users from being banned.

You can unban an IP using the command:
fail2ban-client unban xxx.xxx.xxxx.xxx
ex fail2ban-client unban 213.249.16.2
Using this way, it is not necessary to edit  jail.local  file although "my way" is not permanent unban. If the user again do ex mistakes in his password then the fail2ban will ban his IP again...

4

Re: This site cannot be reached ERR_CONNECTION_TIMED_OUT

Thank you for your reply. Do you know how to reduce the bans?
I am getting many accounts complaining that many legitimate emails are being blocked and bounced.
The documentation on this is very weak and the settings are hard to understand and set. So many config files to edit. The error log files are very hard to filter or even find.