1 Topic by bodywise

  • bodywise
  • Member
  • Offline
  • Registered: 2017-08-09
  • Posts: 46

Topic: Site keeps crashing

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version:  Ubuntu 16
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache2
- Manage mail accounts with iRedAdmin-Pro?  No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I thought this had been solved been keeps recurring.   The virtual host seemed to cure the problem but it is back again.  The site keeps crashing.   It is a personal email server.   Nothing. No emails No screens  No entry.
Works for a day then starts crashing.

Now I have isolated it to dovecot (and occasionally postfix) crashing:

target     prot opt source               destination
f2b-sogo   tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 8                                       0,443,25,587,110,995,143,993,4190
f2b-roundcube  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dpor                                       ts 80,443,25,587,110,995,143,993,4190
f2b-postfix  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports                                        80,443,25,587,110,995,143,993,4190
f2b-dovecot  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports                                        80,443,25,587,110,995,143,993,4190
f2b-postfix  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports                                        80,443,25,587,110,995,143,993,4190
f2b-nginx  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 8                                       0,443,25,587,110,995,143,993,4190
f2b-sshd-ddos  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dpor                                       ts 22
f2b-sshd   tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 2                                       2
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTA                                       BLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:993

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-dovecot (1 references)
target     prot opt source               destination
REJECT     all  --  71.198.xxx.xx        0.0.0.0/0            reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain f2b-nginx (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain f2b-postfix (2 references)
target     prot opt source               destination
REJECT     all  --  74.6.xxx.xxx         0.0.0.0/0            reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain f2b-roundcube (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain f2b-sogo (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain f2b-sshd (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain f2b-sshd-ddos (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Then I found a series of bogus (hacking) login attempts

thank you

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Site keeps crashing

What do you mean "crashing"?

3 Reply by bodywise

  • bodywise
  • Member
  • Offline
  • Registered: 2017-08-09
  • Posts: 46

Re: Site keeps crashing

ZhangHuangbin wrote:

What do you mean "crashing"?

Meaning zero response.   No html screens.  No email.  Unable to login to admin screen or RoundCube.   Nothing.  Seems to be time sensitive because it just resolves in about 30-60 minutes.

I showed above that somehow these connections are denied with iptables -L -n :

target     prot opt source               destination
REJECT     all  --  71.198.xxx.xx        0.0.0.0/0            reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
Chain f2b-nginx (1 references)

target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
Chain f2b-postfix (2 references)

target     prot opt source               destination
REJECT     all  --  74.6.xxx.xxx         0.0.0.0/0            reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Site keeps crashing

It's blocked by Fail2ban due to some errors were triggered by this client. You can temporary disable Fail2ban service to avoid this issue, of, if you're connecting from a static IP address, whitelist this IP address in file /etc/fail2ban/jail.local.

5 Reply by bodywise

  • bodywise
  • Member
  • Offline
  • Registered: 2017-08-09
  • Posts: 46

Re: Site keeps crashing

Sorry I  might have missed this.  Thank you!!!

So would that be added to last line:

ignoreip    = 127.0.0.1 127.0.0.0/8  ...

I would never have considered that.   Is there any security issue to simply stopping the fail2 ban?

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Site keeps crashing

bodywise wrote:

So would that be added to last line:
ignoreip    = 127.0.0.1 127.0.0.0/8  ...

Yes, /etc/fail2ban/jail.local.

bodywise wrote:

Is there any security issue to simply stopping the fail2 ban?

Check fail2ban official website, if you understand what it does, it's easy for you to make the decision:
http://www.fail2ban.org/wiki/index.php/Main_Page

7 Reply by bodywise

  • bodywise
  • Member
  • Offline
  • Registered: 2017-08-09
  • Posts: 46

Re: Site keeps crashing

ZhangHuangbin wrote:
bodywise wrote:

So would that be added to last line:
ignoreip    = 127.0.0.1 127.0.0.0/8  ...

Yes, /etc/fail2ban/jail.local.

bodywise wrote:

Is there any security issue to simply stopping the fail2 ban?

Check fail2ban official website, if you understand what it does, it's easy for you to make the decision:
http://www.fail2ban.org/wiki/index.php/Main_Page

Thank you so much Zhang.  Like I always say.  So frequently problems are very simple to solve, once you know the very specific origin.  I would never have found this otherwise.