dovecot auth

Discussion in 'Installation/Configuration' started by ataru, Mar 1, 2011.

  1. ataru

    ataru Member

    dovecot auth and forwarding

    in mail log I've got thousands of this:

    Mar 1 09:39:52 biancocelesti dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=78.83.*.*, lip=212.7.*.*
    Mar 1 09:39:56 biancocelesti dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=78.83.*.*, lip=212.7.*.*
    Mar 1 09:40:00 biancocelesti dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=78.83.*.*, lip=212.7.*.*

    mail are sent, but forwards don't work when coming from gmail
     
    Last edited: Mar 1, 2011
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no auth needed for forwarding and the lines above are for pop3 and not smtp, so they are not related to your forwarding problem.

    Please forward a email and then check the mail log file and post the messages that you get there for the forwarding session.
     
  3. ataru

    ataru Member

    not forwarding could be a reverse DNS problem?
     
  4. ataru

    ataru Member

    error in first post has quit (probably spam?)

    forwarding is not working from gmail.

    Code:
    Mar 1 12:55:01 biancocelesti postfix/smtpd[28605]: connect from localhost.localdomain[127.0.0.1]
    Mar 1 12:55:01 biancocelesti postfix/smtpd[28605]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Mar 1 12:55:01 biancocelesti postfix/smtpd[28605]: disconnect from localhost.localdomain[127.0.0.1]
    Mar 1 12:55:36 biancocelesti postfix/anvil[21686]: statistics: max connection rate 1/60s for (smtp:64.20.227.133) at Mar 1 12:49:16
    Mar 1 12:55:36 biancocelesti postfix/anvil[21686]: statistics: max connection count 1 for (smtp:64.20.227.133) at Mar 1 12:49:16
    Mar 1 12:55:36 biancocelesti postfix/anvil[21686]: statistics: max cache size 2 at Mar 1 12:50:14
    Mar 1 12:57:28 biancocelesti postfix/smtpd[32314]: connect from mail-ww0-f50.google.com[74.125.82.50]
    Mar 1 12:57:29 biancocelesti postfix/smtpd[32314]: 037864A10733: client=mail-ww0-f50.google.com[74.125.82.50]
    Mar 1 12:57:29 biancocelesti postfix/cleanup[32325]: 037864A10733: message-id=
    Mar 1 12:57:29 biancocelesti postfix/qmgr[27853]: 037864A10733: from=, size=2029, nrcpt=1 (queue active)
    Mar 1 12:57:29 biancocelesti postfix/smtpd[32331]: connect from unknown[127.0.0.1]
    Mar 1 11:57:29 biancocelesti postfix/smtpd[32331]: 6ACDC4A10736: client=unknown[127.0.0.1]
    Mar 1 12:57:29 biancocelesti postfix/cleanup[32325]: 6ACDC4A10736: message-id=
    Mar 1 12:57:29 biancocelesti postfix/qmgr[27853]: 6ACDC4A10736: from=, size=2712, nrcpt=1 (queue active)
    Mar 1 11:57:29 biancocelesti postfix/smtpd[32331]: disconnect from unknown[127.0.0.1]
    Mar 1 12:57:29 biancocelesti amavis[9956]: (09956-07) Passed CLEAN, [74.125.82.50] [74.125.82.50] -> , Message-ID: , mail_id: XjTiw-tfNddC, Hits: 4.596, size: 2029, queued_as: 6ACDC4A10736, 410 ms
    Mar 1 12:57:29 biancocelesti postfix/smtp[32326]: 037864A10733: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.55, delays=0.13/0.01/0/0.41, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=09956-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6ACDC4A10736)
    Mar 1 12:57:29 biancocelesti postfix/qmgr[27853]: 037864A10733: removed
    Mar 1 12:57:30 biancocelesti postfix/smtp[32334]: 6ACDC4A10736: to=, orig_to=, relay=gmail-smtp-in.l.google.com[74.125.77.27]:25, delay=1.5, delays=0.07/0/0.18/1.3, dsn=2.0.0, status=sent (250 2.0.0 OK 1298980650 w59si10393380eeh.37)
    Mar 1 12:57:30 biancocelesti postfix/qmgr[27853]: 6ACDC4A10736: removed
    Mar 1 12:57:59 biancocelesti postfix/smtpd[32314]: disconnect from mail-ww0-f50.google.com[74.125.82.50]
    Mar 1 13:00:01 biancocelesti dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Mar 1 13:00:01 biancocelesti dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Mar 1 13:00:01 biancocelesti postfix/smtpd[1920]: connect from localhost.localdomain[127.0.0.1]
    Mar 1 13:00:01 biancocelesti postfix/smtpd[1920]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Mar 1 13:00:01 biancocelesti postfix/smtpd[1920]: disconnect from localhost.localdomain[127.0.0.1]
    it seems all ok, but if the message comes from gmail, and it is forwarded to gmail, it goes lost
     
    Last edited: Mar 1, 2011
  5. ataru

    ataru Member

    and, when a message comes to a mailbox, and i choose to auto send a copy to my gmail account:

    Code:
    Mar 1 13:09:55 biancocelesti postfix/qmgr[27853]: 744F34A10733: from=, size=7678, nrcpt=1 (queue active)
    Mar 1 13:09:55 biancocelesti amavis[9956]: (09956-08) Passed CLEAN, [81.208.73.101] [81.208.73.101] -> , Message-ID: <[email protected]p>, mail_id: BEuS684uylPY, Hits: 0.001, size: 7227, queued_as: 744F34A10733, 437 ms
    Mar 1 13:09:55 biancocelesti postfix/smtp[14010]: C6B8E4A1072B: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.8, delays=1.4/0.01/0.01/0.43, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=09956-08, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 744F34A10733)
    Mar 1 13:09:55 biancocelesti postfix/qmgr[27853]: C6B8E4A1072B: removed
    Mar 1 13:09:55 biancocelesti dovecot: deliver([email protected]): msgid=<[email protected]p>: saved mail to INBOX
    Mar 1 13:09:55 biancocelesti postfix/pipe[14015]: 744F34A10733: to=, relay=dovecot, delay=0.15, delays=0.06/0.04/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
    Mar 1 13:09:55 biancocelesti postfix/qmgr[27853]: 744F34A10733: removed
    and in my gmail account there is nothing
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Go to the email account settings, empty the "send copy to" field and click on save. Then edit the email settings again and enter the email address again and click on save. Wait a few minutes and test again.
     
  7. ataru

    ataru Member

    ok, now forwarding fron an account is working.

    still can't send/receive forwards coming from gmail redirected to gmail
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Post the exact messages that appear in the log file when you do the forward that does not work.
     
  9. ataru

    ataru Member

    here it is

     
  10. falko

    falko Super Moderator ISPConfig Developer

  11. ataru

    ataru Member

    :confused:

    i'm blacklisted!

    and now?

    what can I do?
     
  12. falko

    falko Super Moderator ISPConfig Developer

    Does that blacklist give you a reason why you are blacklisted? Maybe it is because your server is really sending spam, but it could as well be that some other server from your server's subnet is sending spam, and the whole subnet got blacklisted. Another reason could be because you have a dynamic IP.
     
  13. ataru

    ataru Member

    i think it's caused by a reverse dns failure
     
  14. falko

    falko Super Moderator ISPConfig Developer

    What's the exact reason that the blacklist gives you?
     
  15. ataru

    ataru Member

    Information about 212.7.203.234

    Below is the information we have on record about 212.7.203.234
    Standards Compliance

    Does IP Address resolve to a reverse hostname... Passed!

    Does IP Address comply with reverse hostname naming convention... Passed!
    List Status

    RATS-Dyna - Not on the list

    RATS-NoPtr - On the list. Worst Offender Alert

    RATS-Spam - Not on the list
    Alert: Your IP is part of a network listed as a Worst Offender

    This is a Worst Offender Alert and this means that not only this IP address, but the whole class 'C' is also on the indicated SpamRats List. Usually this means the whole range has the same issue of naming conventions or no reverse DNS AND that many IP's from this Class C have been used in Spam Attacks, Dictionary attacks or other forms of attacks, as detected by Mail Servers in the Data Collection Grid. You will NOT be able to use the removal form to remove your IP Addresses. If you have recently been assigned the IP Addresses, or have changed what these IP Addresses are used for, you can use the contact form and ask for a reclassification, but you will have to provide full disclosure, including whois for the ip addresses, your affiliation with the company that owns them, and a description of what the IP's were previously used for, and what they will be used for, in order for a Spam Auditor to consider reclassification. Remember, the majority of the IP's in this space WERE detected as being involved in some form of attack or abusive behaviour, so you had better have a good reason to ask for removal, and you need to own or control the IP addresses, as evidenced by ARIN whois.
     
  16. falko

    falko Super Moderator ISPConfig Developer

    Ok, this means that your whole subnet is blacklisted, probably because some others hosts in the subnet sent spam.
     

Share This Page