RE: Email Problems

alifopensrc · Post by **alifopensrc** » Thu Feb 21, 2019 5:26 am

Hey guys,

It has always bothered me why my mails setup with VestCP from scratch has never been able to function. Has it bothered anyone else?
I have ensured that the ports are unblocked. The accounts exists and i can login with roundcube. However all emails that i send out shows the following:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
retry timeout exceeded
Reporting-MTA: dns; sub.domain.com

Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0

Additionally, mails from my gmail also never seem to reach no matter how many times i refresh the mailbox.

I use cloudflare and i add all DNS records churned from VestaCP into cloudflare. Anyone has any ideas why? It can't possibly be that this is a know bug and not been fixed all this time vesta has been around, can it?

-AOS.

plutocrat · Post by **plutocrat** » Thu Feb 21, 2019 6:45 am

I haven't experienced any problems with the mail setup out of the box.
What happens if you type
exim -bt [email protected]
It will tell you where its trying to send it.
Also, what do you see in the /var/log/exim4/mainlog when you do this.
Should be more clues in there

alifopensrc · Post by **alifopensrc** » Thu Feb 21, 2019 7:21 am

plutocrat wrote: ↑
Thu Feb 21, 2019 6:45 am
I haven't experienced any problems with the mail setup out of the box.
What happens if you type
exim -bt [email protected]
It will tell you where its trying to send it.
Also, what do you see in the /var/log/exim4/mainlog when you do this.
Should be more clues in there

Hi,

This is what i got from the log

2019-02-21 07:00:32 no host name found for IP address a.a.a.a
2019-02-21 07:00:35 dovecot_login authenticator failed for (b.b.b.b) [a.a.a.a]: 535 Incorrect authentication data (set_id=youth)
2019-02-21 07:01:06 no host name found for IP address c.c.c.c
2019-02-21 07:01:09 dovecot_login authenticator failed for (b.b.b.b) [c.c.c.c]: 535 Incorrect authentication data (set_id=purchasing)
2019-02-21 07:03:36 no host name found for IP address d.d.d.d
2019-02-21 07:03:39 dovecot_login authenticator failed for (User) [d.d.d.d]: 535 Incorrect authentication data (set_id=sauvegarde)
2019-02-21 07:04:21 no host name found for IP address e.e.e.e
2019-02-21 07:04:27 dovecot_login authenticator failed for (User) [e.e.e.e]: 535 Incorrect authentication data (set_id=[email protected])
2019-02-21 07:05:06 no host name found for IP address e.e.e.e
2019-02-21 07:05:12 dovecot_login authenticator failed for (User) [e.e.e.e]: 535 Incorrect authentication data (set_id=[email protected])
2019-02-21 07:05:51 no host name found for IP address e.e.e.e
2019-02-21 07:05:58 dovecot_login authenticator failed for (User) [e.e.e.e]: 535 Incorrect authentication data (set_id=[email protected])
2019-02-21 07:06:36 no host name found for IP address e.e.e.e
2019-02-21 07:06:43 dovecot_login authenticator failed for (User) [e.e.e.e]: 535 Incorrect authentication data (set_id=[email protected])
2019-02-21 07:07:16 1gwiRw-0003Az-EA <= [email protected] U=sub P=local S=861 id=[email protected]
2019-02-21 07:07:21 no host name found for IP address e.e.e.e
2019-02-21 07:07:27 dovecot_login authenticator failed for (User) [e.e.e.e]: 535 Incorrect authentication data (set_id=[email protected])
2019-02-21 07:08:12 no host name found for IP address a.a.a.a
2019-02-21 07:08:15 dovecot_login authenticator failed for (b.b.b.b) [a.a.a.a]: 535 Incorrect authentication data (set_id=accountant)

Somehow it says authentication is the issue. I have no problems logging into roundcube though and results testing the gmail address resolves correctly to gmail mailservers.
-AOS.

plutocrat · Post by **plutocrat** » Thu Feb 21, 2019 8:27 am

The dovecot login authentication errors are caused by random people trying to brute-force your mailserver via POP or IMAP (guessing user/password combos). That's just part of life on the internet.
It seems that your mail server is having problems resolving IP addresses to hostnames though, so I'd look at the DNS system.
What do you have in /etc/resolv.conf

And what does dig -x e.e.e.e say (using one of the IP addresses that you have above).

americanninja · Post by **americanninja** » Sat Apr 10, 2021 12:18 am

Hi there,

It seems the original poster has not replied on this, but you seem very knowledgeable. I'm having lots of issues with annoying people trying to bruteforce my mail server. I regularly see this in my exim4 logs:

2021-04-09 17:04:29 dovecot_login authenticator failed for (User) [IPADDRESS]: 535 Incorrect authentication data (set_id=[email protected])
2021-04-09 17:04:43 SMTP command timeout on connection from (lasting.marketintegral.com.) [IPADDRESS]
2021-04-09 17:04:44 no host name found for IP address IPADDRESS

This happens like every 5 seconds and of course when its happening, I see a degradation on performance of my websites on this server. I'm finally getting around to dealing with this, and wondering what options I have.

I also, don't understand why fail2ban doesn't seem to be dealing with this. I would think the user would be getting banned after 3-5 failed attempts, but it seems they can keep trying. It does seem like they are changing the IP quite often. Anyway, is there some way to deal with this. I'm almost at the point where I am thinking to just close down the email server and host my email on google workspace.

I'm the only user on this web server and I have all email simply forwarded to my gmail account. I send outbound email from gmail using my web servers SMTP server. Is there a way that I can simply block ALL external access to the mail server except for google's IP and that way these attacks would stop?

Any advice?

Vesta Control Panel - Forum