1

Topic: Communication Issue

==== Required information ====
- iRedMail version: 1.9.1 PRO
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Linux/BSD distribution name and version: RedHat Enterprise Linux 6 64-bit
- Related log if you're reporting an issue:
====

Hello bit of a strange one here.

We have several servers, they can all communicate with each other fine except that the mail server (which is running iRedMail) appears to be blocking traffic from 2 of our servers. Up until this morning there were no issues and all servers could communicate with each other fine.

The mail server can connect to the two servers fine, however when they try and connect to the mail server it blocks it.

The mail server is allowing other servers (which are in a different data centre) to connect fine, but anything that is in the same data centre as the mail server is no longer able to connect to it.

Anyone have any thoughts on this or how we can prevent this block? I have tried disabling iptables and fail2ban with no luck.

My phone/Thunderbird etc can connect fine to these servers.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Communication Issue

Could you run
iptables -L
when the issue is happning
(on the iRedMail Server)

3

Re: Communication Issue

As @7t3chguy mentioned, it might be triggered by Fail2ban. i suggest add IP addresses of all your mail servers in Fail2ban config file (/etc/fail2ban/jail.local), parameter 'ignoreip =', then restart fail2ban service.

4

Re: Communication Issue

Hello, I have tried adding our IP addresses to the jail.local file and then stopped then started Fail2Ban as well as ran the reload command, sadly this hasn't helped.

The result of the IP tables output while the script being blocked is running is as follows:

# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
fail2ban-postfix  tcp  --  anywhere             anywhere            multiport dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
fail2ban-roundcube  tcp  --  anywhere             anywhere            multiport dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
fail2ban-default  tcp  --  anywhere             anywhere
fail2ban-default  tcp  --  anywhere             anywhere
fail2ban-dovecot  tcp  --  anywhere             anywhere            multiport dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
fail2ban-postfix  tcp  --  anywhere             anywhere            multiport dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
fail2ban-roundcube  tcp  --  anywhere             anywhere            multiport dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
fail2ban-default  tcp  --  anywhere             anywhere
fail2ban-default  tcp  --  anywhere             anywhere
fail2ban-dovecot  tcp  --  anywhere             anywhere            multiport dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-default (4 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain fail2ban-dovecot (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-postfix (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-roundcube (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

5

Re: Communication Issue

We managed to work this one out.

It turns out our host changed some settings last night (they haven't admitted as much but it's pretty obvious) that now mean that if a domain is hosted in the same VLAN as another domain it can no longer be resolved by it's public URL.

Their 'solution' is that for every domain and every server we have we have to modify the Linux hosts file so that it can resolve based on the internal IP and not try and do a DNS lookup.

So not an iRedMail issue after all, but thanks for all the help and keep up the amazing work!