dovecot auth

dovecot auth and forwarding

in mail log I've got thousands of this:

Mar 1 09:39:52 biancocelesti dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=78.83.*.*, lip=212.7.*.*
Mar 1 09:39:56 biancocelesti dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=78.83.*.*, lip=212.7.*.*
Mar 1 09:40:00 biancocelesti dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=78.83.*.*, lip=212.7.*.*

mail are sent, but forwards don't work when coming from gmail

 

not forwarding could be a reverse DNS problem?

 

error in first post has quit (probably spam?)

forwarding is not working from gmail.

Code:

Mar 1 12:55:01 biancocelesti postfix/smtpd[28605]: connect from localhost.localdomain[127.0.0.1]
Mar 1 12:55:01 biancocelesti postfix/smtpd[28605]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Mar 1 12:55:01 biancocelesti postfix/smtpd[28605]: disconnect from localhost.localdomain[127.0.0.1]
Mar 1 12:55:36 biancocelesti postfix/anvil[21686]: statistics: max connection rate 1/60s for (smtp:64.20.227.133) at Mar 1 12:49:16
Mar 1 12:55:36 biancocelesti postfix/anvil[21686]: statistics: max connection count 1 for (smtp:64.20.227.133) at Mar 1 12:49:16
Mar 1 12:55:36 biancocelesti postfix/anvil[21686]: statistics: max cache size 2 at Mar 1 12:50:14
Mar 1 12:57:28 biancocelesti postfix/smtpd[32314]: connect from mail-ww0-f50.google.com[74.125.82.50]
Mar 1 12:57:29 biancocelesti postfix/smtpd[32314]: 037864A10733: client=mail-ww0-f50.google.com[74.125.82.50]
Mar 1 12:57:29 biancocelesti postfix/cleanup[32325]: 037864A10733: message-id=
Mar 1 12:57:29 biancocelesti postfix/qmgr[27853]: 037864A10733: from=, size=2029, nrcpt=1 (queue active)
Mar 1 12:57:29 biancocelesti postfix/smtpd[32331]: connect from unknown[127.0.0.1]
Mar 1 11:57:29 biancocelesti postfix/smtpd[32331]: 6ACDC4A10736: client=unknown[127.0.0.1]
Mar 1 12:57:29 biancocelesti postfix/cleanup[32325]: 6ACDC4A10736: message-id=
Mar 1 12:57:29 biancocelesti postfix/qmgr[27853]: 6ACDC4A10736: from=, size=2712, nrcpt=1 (queue active)
Mar 1 11:57:29 biancocelesti postfix/smtpd[32331]: disconnect from unknown[127.0.0.1]
Mar 1 12:57:29 biancocelesti amavis[9956]: (09956-07) Passed CLEAN, [74.125.82.50] [74.125.82.50] -> , Message-ID: , mail_id: XjTiw-tfNddC, Hits: 4.596, size: 2029, queued_as: 6ACDC4A10736, 410 ms
Mar 1 12:57:29 biancocelesti postfix/smtp[32326]: 037864A10733: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.55, delays=0.13/0.01/0/0.41, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=09956-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6ACDC4A10736)
Mar 1 12:57:29 biancocelesti postfix/qmgr[27853]: 037864A10733: removed
Mar 1 12:57:30 biancocelesti postfix/smtp[32334]: 6ACDC4A10736: to=, orig_to=, relay=gmail-smtp-in.l.google.com[74.125.77.27]:25, delay=1.5, delays=0.07/0/0.18/1.3, dsn=2.0.0, status=sent (250 2.0.0 OK 1298980650 w59si10393380eeh.37)
Mar 1 12:57:30 biancocelesti postfix/qmgr[27853]: 6ACDC4A10736: removed
Mar 1 12:57:59 biancocelesti postfix/smtpd[32314]: disconnect from mail-ww0-f50.google.com[74.125.82.50]
Mar 1 13:00:01 biancocelesti dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Mar 1 13:00:01 biancocelesti dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Mar 1 13:00:01 biancocelesti postfix/smtpd[1920]: connect from localhost.localdomain[127.0.0.1]
Mar 1 13:00:01 biancocelesti postfix/smtpd[1920]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Mar 1 13:00:01 biancocelesti postfix/smtpd[1920]: disconnect from localhost.localdomain[127.0.0.1]

it seems all ok, but if the message comes from gmail, and it is forwarded to gmail, it goes lost

 

and, when a message comes to a mailbox, and i choose to auto send a copy to my gmail account:

Code:

Mar 1 13:09:55 biancocelesti postfix/qmgr[27853]: 744F34A10733: from=, size=7678, nrcpt=1 (queue active)
Mar 1 13:09:55 biancocelesti amavis[9956]: (09956-08) Passed CLEAN, [81.208.73.101] [81.208.73.101] -> , Message-ID: <627592036D8CB34FBB9F45ABE6AF2E76044FFC78@SEEX3211.agrileasing.corp>, mail_id: BEuS684uylPY, Hits: 0.001, size: 7227, queued_as: 744F34A10733, 437 ms
Mar 1 13:09:55 biancocelesti postfix/smtp[14010]: C6B8E4A1072B: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.8, delays=1.4/0.01/0.01/0.43, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=09956-08, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 744F34A10733)
Mar 1 13:09:55 biancocelesti postfix/qmgr[27853]: C6B8E4A1072B: removed
Mar 1 13:09:55 biancocelesti dovecot: deliver(admin@biancocelesti.org): msgid=<627592036D8CB34FBB9F45ABE6AF2E76044FFC78@SEEX3211.agrileasing.corp>: saved mail to INBOX
Mar 1 13:09:55 biancocelesti postfix/pipe[14015]: 744F34A10733: to=, relay=dovecot, delay=0.15, delays=0.06/0.04/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
Mar 1 13:09:55 biancocelesti postfix/qmgr[27853]: 744F34A10733: removed

and in my gmail account there is nothing

 

ok, now forwarding fron an account is working.

still can't send/receive forwards coming from gmail redirected to gmail

 

here it is

 

Please check if your server is blacklisted: http://mxtoolbox.com/blacklists.aspx

 

i'm blacklisted!

and now?

what can I do?

 

Does that blacklist give you a reason why you are blacklisted? Maybe it is because your server is really sending spam, but it could as well be that some other server from your server's subnet is sending spam, and the whole subnet got blacklisted. Another reason could be because you have a dynamic IP.

 

i think it's caused by a reverse dns failure

 

What's the exact reason that the blacklist gives you?

 

Information about 212.7.203.234

Below is the information we have on record about 212.7.203.234
Standards Compliance

Does IP Address resolve to a reverse hostname... Passed!

Does IP Address comply with reverse hostname naming convention... Passed!
List Status

RATS-Dyna - Not on the list

RATS-NoPtr - On the list. Worst Offender Alert

RATS-Spam - Not on the list
Alert: Your IP is part of a network listed as a Worst Offender

This is a Worst Offender Alert and this means that not only this IP address, but the whole class 'C' is also on the indicated SpamRats List. Usually this means the whole range has the same issue of naming conventions or no reverse DNS AND that many IP's from this Class C have been used in Spam Attacks, Dictionary attacks or other forms of attacks, as detected by Mail Servers in the Data Collection Grid. You will NOT be able to use the removal form to remove your IP Addresses. If you have recently been assigned the IP Addresses, or have changed what these IP Addresses are used for, you can use the contact form and ask for a reclassification, but you will have to provide full disclosure, including whois for the ip addresses, your affiliation with the company that owns them, and a description of what the IP's were previously used for, and what they will be used for, in order for a Spam Auditor to consider reclassification. Remember, the majority of the IP's in this space WERE detected as being involved in some form of attack or abusive behaviour, so you had better have a good reason to ask for removal, and you need to own or control the IP addresses, as evidenced by ARIN whois.

 

Ok, this means that your whole subnet is blacklisted, probably because some others hosts in the subnet sent spam.