Problem with Incoming Emails

Discussion in 'General' started by TomGrow, Aug 3, 2019.

  1. TomGrow

    TomGrow New Member

    Dear Sir,

    I have set up clean installation as per https://www.howtoforge.com/tutorial...-9-stretch-apache-bind-dovecot-ispconfig-3-1/

    My hostname is serverxxx.mydomain.com

    I can receive and send emails but some of the emails from a few clients are not coming

    I checked my mail log also ...it's okay

    All my DNS records like PRT, DKIM, SPF records are in place

    My server check details are as under;
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] ISPConfig is installed.

    ##### ISPCONFIG #####
    ISPConfig version is 3.1.14p2


    ##### VERSION CHECK #####

    [INFO] php (cli) version is 7.0.33-0+deb9u3

    ##### PORT CHECK #####


    ##### MAIL SERVER CHECK #####


    ##### RUNNING SERVER PROCESSES #####

    [INFO] I found the following web server(s):
    Apache 2 (PID 11768)
    [INFO] I found the following mail server(s):
    Postfix (PID 14752)
    [INFO] I found the following pop3 server(s):
    Dovecot (PID 14440)
    [INFO] I found the following imap server(s):
    Dovecot (PID 14440)
    [INFO] I found the following ftp server(s):
    PureFTP (PID 1315)

    ##### LISTENING PORTS #####
    (only ()
    Local (Address)
    [anywhere]:995 (14440/dovecot)
    [localhost]:10024 (1364/amavisd-new)
    [localhost]:10025 (14752/master)
    [localhost]:10026 (1364/amavisd-new)
    [localhost]:10027 (14752/master)
    [anywhere]:587 (14752/master)
    [localhost]:11211 (817/memcached)
    [anywhere]:110 (14440/dovecot)
    [anywhere]:143 (14440/dovecot)
    [anywhere]:8080 (11768/apache2)
    [anywhere]:80 (11768/apache2)
    [anywhere]:465 (14752/master)
    [anywhere]:8081 (11768/apache2)
    [anywhere]:21 (1315/pure-ftpd)
    ***.***.***.***:53 (814/named)
    [localhost]:53 (814/named)
    [anywhere]:22 (885/sshd)
    [anywhere]:25 (14752/master)
    [localhost]:953 (814/named)
    [anywhere]:443 (11768/apache2)
    [anywhere]:993 (14440/dovecot)
    *:*:*:*::*:995 (14440/dovecot)
    *:*:*:*::*:3306 (1035/mysqld)
    *:*:*:*::*:587 (14752/master)
    [localhost]10 (14440/dovecot)
    [localhost]43 (14440/dovecot)
    *:*:*:*::*:465 (14752/master)
    *:*:*:*::*:21 (1315/pure-ftpd)
    *:*:*:*::*:53 (814/named)
    *:*:*:*::*:22 (885/sshd)
    *:*:*:*::*:25 (14752/master)
    *:*:*:*::*:993 (14440/dovecot)




    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25
    f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,
    93,587,465,4190
    f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21
    f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain f2b-dovecot (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-postfix-sasl (1 references)
    target prot opt source destination
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachab
    e
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-pure-ftpd (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-sshd (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Request you to please advise, where could be problem

    B/R
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Looks like that is not your real FQDN. Did you setup hostname and FQDN according to the Perfecte Server Guide? Do commands
    Code:
    hostname
    hostname -f
    work like the guide says?
    So mail system works since you can send and receive e-mails?
    Was this set up just hours ago, so maybe the clients who could not send to your e-mail server had not yet received DNS name service updates about MX record?
    You wrote mail.log is OK. What exactly is OK? Do the emails arrive at your server but then do not go into mailbox? The sender should get some error message if the sending e-mail server can not send to your e-mail server.
     
  3. TomGrow

    TomGrow New Member

    Sir,
    My hostname is very much correct;
    hostname : server
    hostname -f : server.mydomain.com
    Sir, it was done almost 48 hours prior to server set up
    Further, it's been over a week now
    Sender is my bank email notification alerts, so can not check what message are they getting
    Thanks
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

     
  5. TomGrow

    TomGrow New Member

    Sir,
    Most of the emails coming to server and getting delivered except one from the Bank

    mail log is
    Aug 5 13:23:19 server postfix/smtps/smtpd[21876]: lost connection after AUTH from unknown[111.76.137.213]
    Aug 5 13:23:19 server postfix/smtps/smtpd[21876]: disconnect from unknown[111.76.137.213] ehlo=1 auth=0/1 commands=1/2
    Aug 5 13:23:19 server postfix/smtpd[22039]: disconnect from unknown[185.137.111.00] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Aug 5 13:23:19 server postfix/smtps/smtpd[21934]: connect from unknown[111.76.137.213]
    Aug 5 13:23:19 server dovecot: pop3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/40, size=1426454
    Aug 5 13:23:21 server dovecot: pop3-login: Login: user=<[email protected]>, method=PLAIN, rip=106.201.7.135, lip=xxx.xxx.xxx.xxx, mpid=24061, TLS, session=<H1l871yPY8dqyQeH>
    Aug 5 13:23:21 server dovecot: pop3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/69, size=28013763
    Aug 5 13:23:28 server dovecot: pop3-login: Login: user=<[email protected]>, method=PLAIN, rip=106.201.7.135, lip=xxx.xxx.xxx.xxx, mpid=24063, session=<ck7q71yPpMlqyQeH>
    Aug 5 13:23:29 server dovecot: pop3-login: Login: user=<[email protected]>, method=PLAIN, rip=106.201.7.135, lip=xxx.xxx.xxx.xxx, mpid=24065, TLS, session=<+6f571yPEspqyQeH>
    Aug 5 13:23:29 server dovecot: pop3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/12, size=8086437
    Aug 5 13:23:30 server dovecot: pop3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/179, size=50885784
    Aug 5 13:23:32 server postfix/smtps/smtpd[21934]: warning: unknown[111.76.137.213]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug 5 13:23:32 server postfix/smtps/smtpd[21934]: lost connection after AUTH from unknown[111.76.137.213]
    Aug 5 13:23:32 server postfix/smtps/smtpd[21934]: disconnect from unknown[111.76.137.213] ehlo=1 auth=0/1 commands=1/2
    Aug 5 13:23:32 server dovecot: pop3-login: Login: user=<[email protected]>, method=PLAIN, rip=106.201.7.135, lip=xxx.xxx.xxx.xxx, mpid=24067, session=<WcYt8FyPAdJqyQeH>
    Aug 5 13:23:32 server postfix/smtps/smtpd[21876]: connect from unknown[111.76.137.213]
    Aug 5 13:23:33 server dovecot: pop3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/7, size=510305
    Aug 5 13:23:34 server postfix/smtpd[21127]: timeout after AUTH from unknown[58.209.92.169]
    Aug 5 13:23:34 server postfix/smtpd[21127]: disconnect from unknown[58.209.92.169] ehlo=1 auth=0/1 commands=1/2
    Aug 5 13:23:44 server dovecot: pop3-login: Login: user=<[email protected]domain.com>, method=PLAIN, rip=106.201.7.135, lip=xxx.xxx.xxx.xxx, mpid=24069, session=<j0XZ8FyPSM1qyQeH>
    Aug 5 13:23:44 server postfix/smtps/smtpd[21876]: warning: unknown[111.76.137.213]: SASL LOGIN authentication failed: Connection lost to authentication server
    Aug 5 13:23:44 server postfix/smtps/smtpd[21876]: lost connection after AUTH from unknown[111.76.137.213]
    Aug 5 13:23:44 server postfix/smtps/smtpd[21876]: disconnect from unknown[111.76.137.213] ehlo=1 auth=0/1 commands=1/2
    Aug 5 13:23:44 server dovecot: pop3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/21, size=2932064
    Aug 5 13:23:44 server postfix/smtps/smtpd[21934]: connect from unknown[111.76.137.213]
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Which of those log lines are from the failed attempt of bank trying to send e-mail?
     

Share This Page