1

Topic: Big SMTP problem

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Debian 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

Hello,
An external domain is unable to send mail to my iRedMail server. All other domains work as expected.
The problem disapears during 5-10mn after a server reboot and come back again and again.
In my logs hardware firewall, I see that the iRedMail server is pinging the remote server. No SMTP packet is sent.

What the problem could be ?

Obviously, I don't have any errors in mail logfile... hmm

Thanks a lot

Nicolas

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Big SMTP problem

Is the IP address of the server which hosts this external domain banned in iptables (on your iRedMail server)? According to your description, it's banned in iptables, triggered by Fail2ban.

3

Re: Big SMTP problem

Hello,

How could I verify this ?
To be sure, I run a refresh of iptable every minute by cron (tests purposes)
How to check the content of fail2ban ?
Why this domain could be banned ?

Thanks

Nicolas

4

Re: Big SMTP problem

You can check banned IP address with command below

# iptables -L -n

If it's banned in iptables, which chain is it in?

5 (edited by nicolasfo 2015-09-11 17:13:20)

Re: Big SMTP problem

Hello,

I had to solve the problem fastly and don't see you post before to find the solution.

I had to add the remote domain into whitelist via iRedAdmin Pro.

For the future, what is the command to see "backlisted" domains to see what domains I could need to add to whitelist ?

Your command sends me results into fail2ban dovecot and fail2ban postfix :

Chain fail2ban-dovecot (1 references)
target     prot opt source               destination
REJECT     all  --  37.165.xxx.xxx        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  80.12.xxx.xxx          0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  90.47.xxx.xxx        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  80.12.xxx.xxx         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  176.144.xxx.xxx       0.0.0.0/0            reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-postfix (1 references)
target     prot opt source               destination
REJECT     all  --  185.40.xxx.xxx          0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  80.12.xxx.xxx         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  80.12.xxx.xxx         0.0.0.0/0            reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0 

Thanks

Nicolas

6

Re: Big SMTP problem

Blocked in chain fail2ban-dovecot means it's triggered by POP3/IMAP services related errors/failures. Fail2ban-postfix means SMTP service.

7

Re: Big SMTP problem

OK thanks for explanations.

And what is the log file to see wich domain is concerned by blacklist or blacklist.

Another way to say this : in wich log file I could yesterday see the remote domain I have to add in whitelist ?

Thanks

8

Re: Big SMTP problem

nicolasfo wrote:

And what is the log file to see wich domain is concerned by blacklist or blacklist.
Another way to say this : in wich log file I could yesterday see the remote domain I have to add in whitelist ?

Check /var/log/mail.log, all outbound/inboud emails are logged in this file.

9

Re: Big SMTP problem

Don't seems errors were loogged into this file or I passed throw it hmm