1. SH Avatar SH
  2. Untitled project
  3. MailServer
  4. Issues

auth: auth/poste Connections refused

Issue #564 resolved
Stephan Krebernik created an issue

Hi,

A Client gets blocked but it authenticates correctly. I have to whitelist the IP so it can send mails.

Comments (37)

  4. Scott MacDonald

    If so, they need to use 465 or 587.. port 25 is reserved for server-to-server inbound/outbound SMTP traffic.

  7. SH repo owner

    You have not received alert about blacklisting IP? Trigger to block IP is that it is testing passwords multiple times

  8. SB

    I can confirm that Outlook gives the blacklisted IP notification where applicable, I don't know about other clients though...

  9. Stephan Krebernik reporter

    Yes, I get that blacklisting-Info in the connection details. Bildschirmfoto 2019-01-17 um 11.54.15.png

    So th server is blacklisting me as authenticated user. a bit strange, isn't it?

  10. SB

    That IP address is blacklisted on dnsbl.spfbl.net, maybe this is why it failed? I am not sure if blacklist checks for connections.

  12. Stephan Krebernik reporter

    And of course it's a domestic IP. Because it's my Laptop and no SMTP server. So I guess this blacklisting-thing should be rethought. ;-)

  15. Stephan Krebernik reporter

    Okay, this escalation is a bit over the top

    How exactly am I supposed to admin my server now?

    Bildschirmfoto 2019-01-19 um 18.27.33.png

  17. Stephan Krebernik reporter

    That's my home IP address. here is nothing trying to access with wrong credentials. but 3 macs, 1 ipad and 2 iphones checking mails from several accounts.

  19. SB

    Maybe you can check authentication logs?

    I can't remember the path but if you do this command its in the /logs/ folder I think... It must be failing somewhere

    docker exec -it <container-name> bash

  20. SB

    "okay, I can receive mails, but not sending and not logging in." - Maybe wrong authentication protocol for smtp?

  25. Stephan Krebernik reporter

    If you could tell me which information from what logfile you need, that would be great.

  26. Scott MacDonald

    You are using v2.0.23 correct?

    And

    You have configured additional blacklists (RBL) beyond the default ones?

  28. SH repo owner

    @krebbi web administration ban happens only when there are bruteforce attempts to web administration

    SSH to your server and do zgrep "/admin/login-check" <mailserver_data_folder>/log/nginx/*

  30. SH repo owner

    I was wrong, looking at code now blacklist is shared to web administration too but the counters are stored differently

    please do grep "217.80.22.222" <mailserver_data_folder>/log/delivery/*-total

  31. SH repo owner

    Why do these connections don't send any email? Do you monitor uptime or some kind of availability testing?

    Last command should show us what is going on here find <mailserver_data_folder>/log/delivery/ -name '1153B954-F429-4F36-9DDF-296E5EC3B51E*' | xargs cat

  34. SH repo owner
    1. please change your password and delete last file (I didn't know that you have authenticated, sorry)
    2. are dates from previous file ok? were you using computer&email at that time?
    3. strange behaviour is that it just authenticate and quits. I've never seen that before for any proper client, it doesn't make sense. In any case I will update blocking to be not so strict - main target is blocking connections which brute force passwords and which are trying to guess recipicients
  35. Stephan Krebernik reporter

    With versions prior to 2.0.23 I had no issues.

    Couldn't you automatically whitelist IPs with a successful login?

  38. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!