auth: auth/poste Connections refused
Hi,
A Client gets blocked but it authenticates correctly. I have to whitelist the IP so it can send mails.
Comments (37)
-
repo owner -
reporter in which file are the blocked connections saved?
-
Are your clients using port 25 for sending?
-
If so, they need to use 465 or 587.. port 25 is reserved for server-to-server inbound/outbound SMTP traffic.
-
reporter We use Port 587
-
reporter The IP was blacklisted...
-
repo owner You have not received alert about blacklisting IP? Trigger to block IP is that it is testing passwords multiple times
-
I can confirm that Outlook gives the blacklisted IP notification where applicable, I don't know about other clients though...
-
reporter Yes, I get that blacklisting-Info in the connection details.
So th server is blacklisting me as authenticated user. a bit strange, isn't it?
-
That IP address is blacklisted on dnsbl.spfbl.net, maybe this is why it failed? I am not sure if blacklist checks for connections.
-
reporter Even if Karma is Good for this IP it gets on the blocklist?
-
reporter And of course it's a domestic IP. Because it's my Laptop and no SMTP server. So I guess this blacklisting-thing should be rethought. ;-)
-
Should not be using port 25 for non SMTP server connections. Use 465 or 587.
-
reporter yeah...
-
reporter Okay, this escalation is a bit over the top
How exactly am I supposed to admin my server now?
-
Do you have a device setup that is trying to connect with the wrong credentials? Phone/tablet etc.?
-
reporter That's my home IP address. here is nothing trying to access with wrong credentials. but 3 macs, 1 ipad and 2 iphones checking mails from several accounts.
-
reporter okay, I can receive mails, but not sending and not logging in.
-
Maybe you can check authentication logs?
I can't remember the path but if you do this command its in the /logs/ folder I think... It must be failing somewhere
docker exec -it <container-name> bash
-
"okay, I can receive mails, but not sending and not logging in." - Maybe wrong authentication protocol for smtp?
-
reporter I can't change that on macOS. It's using 465.
-
reporter and:
-
Are these errors from your mail client, or your actual server auth logs?
-
reporter thats's the mail client. still searching for the server logs.
-
reporter If you could tell me which information from what logfile you need, that would be great.
-
You are using v2.0.23 correct?
And
You have configured additional blacklists (RBL) beyond the default ones?
-
reporter yes, I'm using 2.0.23 .
No additional Blacklists. I use the systems defaults.
-
repo owner @krebbi web administration ban happens only when there are bruteforce attempts to web administration
SSH to your server and do
zgrep "/admin/login-check" <mailserver_data_folder>/log/nginx/*
-
reporter -
repo owner I was wrong, looking at code now blacklist is shared to web administration too but the counters are stored differently
please do
grep "217.80.22.222" <mailserver_data_folder>/log/delivery/*-total
-
repo owner Why do these connections don't send any email? Do you monitor uptime or some kind of availability testing?
Last command should show us what is going on here
find <mailserver_data_folder>/log/delivery/ -name '1153B954-F429-4F36-9DDF-296E5EC3B51E*' | xargs cat
-
reporter -
reporter No, I don't have any watchdogs running against this server.
-
repo owner - please change your password and delete last file (I didn't know that you have authenticated, sorry)
- are dates from previous file ok? were you using computer&email at that time?
- strange behaviour is that it just authenticate and quits. I've never seen that before for any proper client, it doesn't make sense. In any case I will update blocking to be not so strict - main target is blocking connections which brute force passwords and which are trying to guess recipicients
-
reporter With versions prior to 2.0.23 I had no issues.
Couldn't you automatically whitelist IPs with a successful login?
-
repo owner - changed status to resolved
fix
#564don't be strict on non-bruteforce and connect only clients→ <<cset 6599c0d34069>>
-
repo owner There was no changes lately. This patch should solve this entirely...
- Log in to comment
Please paste here or send me log of blocked connection to info@poste.io