We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
RE: Email Problems
-
- Posts: 21
- Joined: Sun Nov 09, 2014 12:20 pm
RE: Email Problems
Hey guys,
It has always bothered me why my mails setup with VestCP from scratch has never been able to function. Has it bothered anyone else?
I have ensured that the ports are unblocked. The accounts exists and i can login with roundcube. However all emails that i send out shows the following:
I use cloudflare and i add all DNS records churned from VestaCP into cloudflare. Anyone has any ideas why? It can't possibly be that this is a know bug and not been fixed all this time vesta has been around, can it?
-AOS.
It has always bothered me why my mails setup with VestCP from scratch has never been able to function. Has it bothered anyone else?
I have ensured that the ports are unblocked. The accounts exists and i can login with roundcube. However all emails that i send out shows the following:
Additionally, mails from my gmail also never seem to reach no matter how many times i refresh the mailbox.This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
retry timeout exceeded
Reporting-MTA: dns; sub.domain.com
Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0
I use cloudflare and i add all DNS records churned from VestaCP into cloudflare. Anyone has any ideas why? It can't possibly be that this is a know bug and not been fixed all this time vesta has been around, can it?
-AOS.
Re: RE: Email Problems
I haven't experienced any problems with the mail setup out of the box.
What happens if you type
exim -bt [email protected]
It will tell you where its trying to send it.
Also, what do you see in the /var/log/exim4/mainlog when you do this.
Should be more clues in there
What happens if you type
exim -bt [email protected]
It will tell you where its trying to send it.
Also, what do you see in the /var/log/exim4/mainlog when you do this.
Should be more clues in there
-
- Posts: 21
- Joined: Sun Nov 09, 2014 12:20 pm
Re: RE: Email Problems
Hi,plutocrat wrote: ↑Thu Feb 21, 2019 6:45 amI haven't experienced any problems with the mail setup out of the box.
What happens if you type
exim -bt [email protected]
It will tell you where its trying to send it.
Also, what do you see in the /var/log/exim4/mainlog when you do this.
Should be more clues in there
This is what i got from the log
Somehow it says authentication is the issue. I have no problems logging into roundcube though and results testing the gmail address resolves correctly to gmail mailservers.2019-02-21 07:00:32 no host name found for IP address a.a.a.a
2019-02-21 07:00:35 dovecot_login authenticator failed for (b.b.b.b) [a.a.a.a]: 535 Incorrect authentication data (set_id=youth)
2019-02-21 07:01:06 no host name found for IP address c.c.c.c
2019-02-21 07:01:09 dovecot_login authenticator failed for (b.b.b.b) [c.c.c.c]: 535 Incorrect authentication data (set_id=purchasing)
2019-02-21 07:03:36 no host name found for IP address d.d.d.d
2019-02-21 07:03:39 dovecot_login authenticator failed for (User) [d.d.d.d]: 535 Incorrect authentication data (set_id=sauvegarde)
2019-02-21 07:04:21 no host name found for IP address e.e.e.e
2019-02-21 07:04:27 dovecot_login authenticator failed for (User) [e.e.e.e]: 535 Incorrect authentication data (set_id=[email protected])
2019-02-21 07:05:06 no host name found for IP address e.e.e.e
2019-02-21 07:05:12 dovecot_login authenticator failed for (User) [e.e.e.e]: 535 Incorrect authentication data (set_id=[email protected])
2019-02-21 07:05:51 no host name found for IP address e.e.e.e
2019-02-21 07:05:58 dovecot_login authenticator failed for (User) [e.e.e.e]: 535 Incorrect authentication data (set_id=[email protected])
2019-02-21 07:06:36 no host name found for IP address e.e.e.e
2019-02-21 07:06:43 dovecot_login authenticator failed for (User) [e.e.e.e]: 535 Incorrect authentication data (set_id=[email protected])
2019-02-21 07:07:16 1gwiRw-0003Az-EA <= [email protected] U=sub P=local S=861 id=[email protected]
2019-02-21 07:07:21 no host name found for IP address e.e.e.e
2019-02-21 07:07:27 dovecot_login authenticator failed for (User) [e.e.e.e]: 535 Incorrect authentication data (set_id=[email protected])
2019-02-21 07:08:12 no host name found for IP address a.a.a.a
2019-02-21 07:08:15 dovecot_login authenticator failed for (b.b.b.b) [a.a.a.a]: 535 Incorrect authentication data (set_id=accountant)
-AOS.
Re: RE: Email Problems
The dovecot login authentication errors are caused by random people trying to brute-force your mailserver via POP or IMAP (guessing user/password combos). That's just part of life on the internet.
It seems that your mail server is having problems resolving IP addresses to hostnames though, so I'd look at the DNS system.
What do you have in /etc/resolv.conf
And what does dig -x e.e.e.e say (using one of the IP addresses that you have above).
It seems that your mail server is having problems resolving IP addresses to hostnames though, so I'd look at the DNS system.
What do you have in /etc/resolv.conf
And what does dig -x e.e.e.e say (using one of the IP addresses that you have above).
-
- Posts: 11
- Joined: Mon Feb 01, 2021 7:38 am
- Os: Ubuntu 17x
- Web: apache + nginx
Re: RE: Email Problems
Hi there,
It seems the original poster has not replied on this, but you seem very knowledgeable. I'm having lots of issues with annoying people trying to bruteforce my mail server. I regularly see this in my exim4 logs:
2021-04-09 17:04:29 dovecot_login authenticator failed for (User) [IPADDRESS]: 535 Incorrect authentication data (set_id=[email protected])
2021-04-09 17:04:43 SMTP command timeout on connection from (lasting.marketintegral.com.) [IPADDRESS]
2021-04-09 17:04:44 no host name found for IP address IPADDRESS
This happens like every 5 seconds and of course when its happening, I see a degradation on performance of my websites on this server. I'm finally getting around to dealing with this, and wondering what options I have.
I also, don't understand why fail2ban doesn't seem to be dealing with this. I would think the user would be getting banned after 3-5 failed attempts, but it seems they can keep trying. It does seem like they are changing the IP quite often. Anyway, is there some way to deal with this. I'm almost at the point where I am thinking to just close down the email server and host my email on google workspace.
I'm the only user on this web server and I have all email simply forwarded to my gmail account. I send outbound email from gmail using my web servers SMTP server. Is there a way that I can simply block ALL external access to the mail server except for google's IP and that way these attacks would stop?
Any advice?
It seems the original poster has not replied on this, but you seem very knowledgeable. I'm having lots of issues with annoying people trying to bruteforce my mail server. I regularly see this in my exim4 logs:
2021-04-09 17:04:29 dovecot_login authenticator failed for (User) [IPADDRESS]: 535 Incorrect authentication data (set_id=[email protected])
2021-04-09 17:04:43 SMTP command timeout on connection from (lasting.marketintegral.com.) [IPADDRESS]
2021-04-09 17:04:44 no host name found for IP address IPADDRESS
This happens like every 5 seconds and of course when its happening, I see a degradation on performance of my websites on this server. I'm finally getting around to dealing with this, and wondering what options I have.
I also, don't understand why fail2ban doesn't seem to be dealing with this. I would think the user would be getting banned after 3-5 failed attempts, but it seems they can keep trying. It does seem like they are changing the IP quite often. Anyway, is there some way to deal with this. I'm almost at the point where I am thinking to just close down the email server and host my email on google workspace.
I'm the only user on this web server and I have all email simply forwarded to my gmail account. I send outbound email from gmail using my web servers SMTP server. Is there a way that I can simply block ALL external access to the mail server except for google's IP and that way these attacks would stop?
Any advice?