Email failing continuosly

Discussion in 'Installation/Configuration' started by phileras, Jan 23, 2017.

  1. phileras

    phileras New Member

    Hi,
    I have 2 emails addresses each one related to a website running on a ispconfig install on a vps with ubuntu 16, everything works smooth but since last weeks im having lots of problems with the mail server of ispconfig. im using my gmail account as client to read/send my emails.
    Since last weeks looks like im not receiving emails and when i notice it a have lost lots of emails, there are not even on the mail client built in ispconfig. im getting a bit paranoid thinking that someone is getting my emails due to a security break. I have changed my pass few times and when i notice my emails are not working again i change it again.

    What do you think guys? how can i check that everything is working as it must be?
    Thanks,
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Take a look at the mail.log to find out why it fails.
     
  3. webguyz

    webguyz Active Member HowtoForge Supporter

    Check your maillog at /var/log/maillog and see if someone logs in as you from a different IP then where you are at and block that IP.
     
  4. phileras

    phileras New Member

    thanks, im taking a look to the log but it looks hard to interpretate. anyway i have a dynamic ip, and im not sure if gmail uses the same ip also.

    :\
     
  5. phileras

    phileras New Member

    ohhh i just have seen this doing some tests:

    Jan 23 19:18:58 vps327633 postfix/smtp[10596]: 070B74240B: to=<myemail@myemail.com>, relay=none, delay=0.1, delays=0.07/0.03/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)

    I tried to send one email from the ispconfig mail client to my gmail account and that gave me that error.

    Any ideas about why is localhost refusing connections from itself??
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to restart amavis.
     
    phileras likes this.
  7. phileras

    phileras New Member

    amavisd: no process found

    :eek:

    Failed to start amavisd.service: Unit amavisd.service not found.
     
  8. phileras

    phileras New Member

    Ok, sorry, i was wrong. I restarted amavis:
    Code:
    sudo /etc/init.d/amavis restart
    then i blocked a ukranian IP which was doiing constant tryings to get into my email. btw the ukranian ip and hostname is one hosted in https://hidehost.net/

    then send few emails between my accounts and its working again finally.
    Thanks guys
     
  9. phileras

    phileras New Member

    Well, email failing again this morning.

    I really dont understand what is happening.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Does it start working again when you start amavis?
    How much RAM does your server has?
     
  11. phileras

    phileras New Member

    Hi Till, the first of all, thanks for your support.
    My vps have 2GB of ram, is not a big one. I have been taking a look constantly to the mail.log and other logs, looks like someone is attacking my server with a dictionary attack against my email server trying lots of passwords using different email protocols.

    I had to block 2 countries today, china and ukraine the attacks were coming from that countries.

    Now my emails are working again, i will also did few amavis restarts.

    If im wrong and this is not caused by that kind of attacks i will inform you here to see what is going on.

    Thanks.
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    That size is fine. If you would have said 500MB, then we would have a problem :)

    If you like to monitor your server more closely, I can recommend installing munin and monit. You can find several tutorials for these software packages here at howtoforge.
     
  13. webguyz

    webguyz Active Member HowtoForge Supporter

    Install fail2ban right now and that will start blocking these hackers after 3 failed attempts or whatever you set. Add a nice long bantime like a week and your mail service should be ok.
     

Share This Page