We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
SMTP/IMAP issue Topic is solved
SMTP/IMAP issue
Hi all,
I'm facing problem with recieving e-mails on app for phones. I'm guesssing that it's more related to dovecot issue but I can't be sure as I can't find that it's banned or blocked.
So, my problem is that sometimes I can recieve e-mails ( depends on internet which I'm using to) for instance, at work wi-fi it works fine, but when I'm switching to Cellular Data I can't update my mailbox. So, I thought that it might be some restriction from mobile operator, but I'm facing the same problem at home wi-fi. I can't find in log's anything about that ( and bit confused.. If you have or had this problem before, please help me. Any suggestion or tips are highly appriciated.
Thanks.
I'm facing problem with recieving e-mails on app for phones. I'm guesssing that it's more related to dovecot issue but I can't be sure as I can't find that it's banned or blocked.
So, my problem is that sometimes I can recieve e-mails ( depends on internet which I'm using to) for instance, at work wi-fi it works fine, but when I'm switching to Cellular Data I can't update my mailbox. So, I thought that it might be some restriction from mobile operator, but I'm facing the same problem at home wi-fi. I can't find in log's anything about that ( and bit confused.. If you have or had this problem before, please help me. Any suggestion or tips are highly appriciated.
Thanks.
Re: SMTP/IMAP issue
The problem was resolved by changing regex configuration of Fail2Ban.
Re: SMTP/IMAP issue
Can you post the regex fix? I'm having similar issues.
Re: SMTP/IMAP issue
Sure, here is my regex config for EXIM and Dovecot:
"exim.conf"
Code: Select all
# Fail2Ban filter for exim
#
# This includes the rejection messages of exim. For spam and filter
# related bans use the exim-spam.conf
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# exim-common.local
before = exim-common.conf
[Definition]
failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$
^%(pid)s (plain|login) authenticator failed for (\S+ )?\(\S+\) \[<HOST>\]: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user)\s*$
^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$
^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\]:\d+ )?dropped: too many nonmail commands \(last was "\S+"\)\s*$
\[<HOST>\]: 535 Incorrect authentication data
ignoreregex =
# DEV Notes:
# The %(host_info) defination contains a <HOST> match
#
# SMTP protocol synchronization error \([^)]*\) <- This needs to be non-greedy
# to void capture beyond ")" to avoid a DoS Injection vulnerabilty as input= is
# user injectable data.
Code: Select all
# Fail2Ban filter Dovecot authentication and pop3/imap server
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = (auth|dovecot(-auth)?|auth-worker)
failregex = ^%(__prefix_line)s(pam_unix(\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(\s+user=\S*)?\s*$
^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((no auth attempts|auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<\S*>,)?( method=\S+,)? rip=<HOST>, lip=(\d{1,3}\.){3}\d{1,3}(, session=<\w+>)?(, TLS( handshaking)?(: Disconnected)?)?\s*$
^%(__prefix_line)s(Info|dovecot: auth\(default\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$
(?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =
# DEV Notes:
# # * the first regex is essentially a copy of pam-generic.conf
# # * Probably doesn't do dovecot sql/ldap backends properly
# #
Re: SMTP/IMAP issue
I haven't implemented your regexes yet, but I'm pretty confident they will work. I see in my Dovecot logs the following:
After these login attempts, Fail2ban does it's job and bans the IP I'm trying to log in from. This happens especially when I'm travelling from network to network. However, it looks like your regex handles this, so I'll give it a try and see if it does the trick. Just the fact that you connected phone and fail2ban really helps get me pointed in the right direction with troubleshooting. So, thanks!
Code: Select all
Jan 08 12:17:04 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, session=<VV3kvfFC6Eb1>
Jan 08 12:17:04 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, session=<1V7lvC6Eb1>
Jan 08 12:17:04 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, session=<zjHnvFC6Eb1>
Jan 08 12:17:04 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, session=<4G7pvPFC6Eb1>
Jan 08 12:18:01 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, session=<+XRHwfJC6Eb1>
Jan 08 12:18:01 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, session=<wJxIPJC6Eb1>
Jan 08 12:18:01 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, session=<fnbBfJC6Eb1>
Jan 08 12:18:01 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, session=<T+JMwKJC6Eb1>
Jan 08 12:18:47 imap([email protected]): Info: Disconnected for inactivity in=33 out=824