Help with Virtualmin/Usermin in email client.

33 posts / 0 new
Last post
#1 Mon, 12/02/2013 - 19:38
eiger3970

Help with Virtualmin/Usermin in email client.

Hi, I have setup some new email accounts in Virtualmin, which work using Usermin. When I setup email accounts in an email client, there are errors: Errors: mail.domain.com:admin@domain.com. SMTP. Trying to log in to this SMTP account failed. Verify that the username and password are correct.

domain.com. IMAP. Could not connect to thisSMTP server. Check your network connection and that you entered the correct information in the Account preferences. Also verify that the server supports SSL. If it does not, deselect the "Use SSL" checkbox in the Advanced tab of Account preferences.

smtp.domain.com:admin@domain.com. SMTP. Could not connect to thisSMTP server. Check your network connection and that you entered the correct information in the Account preferences. Also verify that the server supports SSL. If it does not, deselect the "Use SSL" checkbox in the Advanced tab of Account preferences.

I suspect there's a port setting or SSL setting needed in Virtualmin, however I cannot find any instructions to make it work yet.

Any suggestions welcome.

Mon, 12/02/2013 - 20:11
eiger3970

When I setup email accounts in an email client with the following settings:

Mail > Preferences > + > select radio button, Add Other Mail Account... > Continue > Full Name: admin@domain.com > Email Address: admin@domain.com > Password: > Create > Next > Account Type: IMAP > Mail Server: mail.domain.com > User Name: admin@domain.com > Password: > Next > Next > (Incoming Mail Server Info) Port: 993 > tick Use SSL > Authentication: Password > Next > (Outgoing Mail Server Info) SMTP Server: smtp.domain.com > User Name: admin@domain.com > Password: > Create.

Thu, 12/05/2013 - 01:40
eiger3970

So, tried all version of email client with Virtualmin/Usermin email. IMAP port 993 SSL IMAP port 143 SSL IMAP port 993 no SSL IMAP port 143 no SSL

Here's some of the /var/log/maillog data:

Dec 3 12:54:06 localhost postfix/smtpd[1336]: connect from CPE-WANIP.oxqn1.cha.ISP.com[WANIP] Dec 3 12:54:08 localhost postfix/smtpd[1336]: warning: SASL authentication failure: Password verification failed Dec 3 12:54:08 localhost postfix/smtpd[1336]: warning: CPE-WANIP.oxqn1.cha.ISP.com[WANIP]: SASL PLAIN authentication failed: authentication failure Dec 3 12:54:10 localhost postfix/smtpd[1336]: warning: SASL authentication failure: Password verification failed Dec 3 12:54:10 localhost postfix/smtpd[1336]: warning: CPE-WANIP.oxqn1.cha.ISP.com[WANIP]: SASL PLAIN authentication failed: authentication failure Dec 3 12:54:10 localhost postfix/smtpd[1336]: lost connection after AUTH from CPE-WANIP.oxqn1.cha.ISP[WANIP] Dec 3 12:54:10 localhost postfix/smtpd[1336]: disconnect from CPE-WANIP.oxqn1.cha.ISP.com[WANIP] Dec 3 12:57:30 localhost postfix/anvil[987]: statistics: max connection rate 3/60s for (smtp:WANIP) at Dec 3 12:51:23 Dec 3 12:57:30 localhost postfix/anvil[987]: statistics: max connection count 1 for (smtp:WANIP) at Dec 3 12:50:23 Dec 3 12:57:30 localhost postfix/anvil[987]: statistics: max cache size 1 at Dec 3 12:50:23 Dec 3 12:59:39 localhost postfix/pickup[32319]: 1109A7687: uid=502 from=<domain> Dec 3 12:59:39 localhost postfix/cleanup[1796]: 1109A7687: message-id=<076c5e5a3757602fcb4e34d763c6181e@localhost> Dec 3 12:59:39 localhost postfix/qmgr[1920]: 1109A7687: from=<domain@centos.com>, size=1396, nrcpt=1 (queue active) Dec 3 12:59:40 localhost postfix/smtp[1799]: 1109A7687: to=<kuiperrj@hotmail.com>, relay=mx3.hotmail.com[65.54.188.72]:25, delay=1.5, delays=0.27/0.07/0.99/0.18, dsn=5.0.0, status=bounced (host mx3.hotmail.com[65.54.188.72] said: 550 OU-002 (BAY0-MC1-F47) Unfortunately, messages from WANIP weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command)) Dec 3 12:59:40 localhost postfix/smtp[1799]: 1109A7687: lost connection with mx3.hotmail.com[65.54.188.72] while sending RCPT TO Dec 3 12:59:40 localhost postfix/cleanup[1796]: 7725F7DEA: message-id=<20131203025940.7725F7DEA@centos.com> Dec 3 12:59:40 localhost postfix/qmgr[1920]: 7725F7DEA: from=<>, size=3758, nrcpt=1 (queue active) Dec 3 12:59:40 localhost postfix/bounce[1801]: 1109A7687: sender non-delivery notification: 7725F7DEA Dec 3 12:59:40 localhost postfix/qmgr[1920]: 1109A7687: removed Dec 3 12:59:53 localhost postfix/pickup[32319]: 23E197F2D: uid=502 from=<domain> Dec 3 12:59:53 localhost postfix/cleanup[1796]: 23E197F2D: message-id=<64731bf648870dd7c2ac869872519d00@localhost> Dec 3 12:59:53 localhost postfix/qmgr[1920]: 23E197F2D: from=<domain@centos.com>, size=1402, nrcpt=1 (queue active) Dec 3 12:59:54 localhost postfix/smtp[1799]: 23E197F2D: to=<araijovh@hotmail.com>, relay=mx1.hotmail.com[65.55.92.152]:25, delay=1.2, delays=0.15/0/0.69/0.4, dsn=5.0.0, status=bounced (host mx1.hotmail.com[65.55.92.152] said: 550 OU-002 (SNT0-MC2-F19) Unfortunately, messages from WANIP weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command)) Dec 3 12:59:54 localhost postfix/smtp[1799]: 23E197F2D: lost connection with mx1.hotmail.com[65.55.92.152] while sending RCPT TO Dec 3 12:59:54 localhost postfix/cleanup[1796]: 5E0218B91: message-id=<20131203025954.5E0218B91@centos.com> Dec 3 12:59:54 localhost postfix/qmgr[1920]: 5E0218B91: from=<>, size=3764, nrcpt=1 (queue active) Dec 3 12:59:54 localhost postfix/bounce[1801]: 23E197F2D: sender non-delivery notification: 5E0218B91 Dec 3 12:59:54 localhost postfix/qmgr[1920]: 23E197F2D: removed Dec 3 13:00:44 localhost postfix/pickup[32319]: 26BD98BFE: uid=502 from=<domain> Dec 3 13:00:44 localhost postfix/cleanup[1796]: 26BD98BFE: message-id=<77e542033f24e9503ba12eb322415a86@localhost> Dec 3 13:00:44 localhost postfix/qmgr[1920]: 26BD98BFE: from=<domain@centos.com>, size=1395, nrcpt=1 (queue active) Dec 3 13:00:45 localhost postfix/smtp[1799]: 26BD98BFE: to=<hriswellnick@hotmail.com>, relay=mx4.hotmail.com[65.55.37.88]:25, delay=1.6, delays=0.41/0.02/1/0.2, dsn=5.0.0, status=bounced (host mx4.hotmail.com[65.55.37.88] said: 550 OU-002 (COL0-MC2-F47) Unfortunately, messages from WANIP weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command)) Dec 3 13:00:45 localhost postfix/smtp[1799]: 26BD98BFE: lost connection with mx4.hotmail.com[65.55.37.88] while sending RCPT TO Dec 3 13:00:45 localhost postfix/cleanup[1796]: BD3A38D2B: message-id=<20131203030045.BD3A38D2B@centos.com> Dec 3 13:00:45 localhost postfix/qmgr[1920]: BD3A38D2B: from=<>, size=3764, nrcpt=1 (queue active) Dec 3 13:00:45 localhost postfix/bounce[1801]: 26BD98BFE: sender non-delivery notification: BD3A38D2B Dec 3 13:00:45 localhost postfix/qmgr[1920]: 26BD98BFE: removed Dec 3 13:00:53 localhost postfix/local[1802]: 7725F7DEA: to=<domain@centos.com>, relay=local, delay=73, delays=0.01/0.04/0/73, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME) Dec 3 13:00:53 localhost postfix/qmgr[1920]: 7725F7DEA: removed

No other options left on email client as needs to be IMAP. Anyone know of a link on Virtualmin on how to setup the settings correctly so email works on Usermin and an email client?

Mon, 12/02/2013 - 23:30
eiger3970

I tried Virtualmin > Server Templates > Defaults Settings > Mail for Domain > Format for usernames that include domain > username@domain > Save and Next > Virtualmin > Edit Users > tick user to be deleted > Delete Selected Users > Yes, Delete Them > Add a user to this server., but same error.

# ps auxw | grep saslauth root 1827 0.0 0.1 66408 1232 ? Ss 08:01 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r root 1829 0.0 0.1 66408 1224 ? S 08:01 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r root 1830 0.0 0.1 66408 1224 ? S 08:01 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r root 1831 0.0 0.1 66408 1224 ? S 08:01 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r root 1832 0.0 0.1 66408 1224 ? S 08:01 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r root 9123 0.0 0.0 103248 808 pts/0 S+ 14:26 0:00 grep saslauth

Not quite sure if saslfinger will help. I installed and ran saslfinger with # saslfinger -c

saslfinger - postfix Cyrus sasl configuration Tue Dec 3 15:17:02 EST 2013 version: 1.0.2 mode: client-side SMTP AUTH   -- basics -- Postfix: 2.6.6 System: CentOS release 6.4 (Final)   -- smtp is linked to -- libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007fcd4c7c7000)   -- active SMTP AUTH and TLS parameters for smtp -- No active SMTP AUTH and TLS parameters for smtp in main.cf! SMTP AUTH can't work!
Tue, 12/03/2013 - 13:17
andreychek

Howdy,

You can verify what username to login as by going into Edit Users, and reviewing the "IMAP / POP3 / FTP login" field.

Also, to make sure that SMTPS and Submission are enabled, you can edit your /etc/postfix/master.cf file, and make sure the lines in there beginning with "Submission" and "SMTPS" are uncommented (along with all the lines following them that begin with "-o".

Then restart Postfix after making any changes to those.

-Eric

Tue, 12/03/2013 - 17:25
eiger3970

Thank you for the reply. Submission and SMTP are uncommented, so no changes needed there I think.

Not sure why but same error, so I'll keep researching, unless someone else has a suggestion?

Wed, 12/04/2013 - 00:48
eiger3970

Okay, so deleted all Virtualmin accounts, set format to user@domain.com and same error. Logs:

Dec 4 14:26:32 localhost dovecot: imap-login: Login: user=<admin@domain.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=8607, secured Dec 4 14:26:32 localhost dovecot: imap(admin@domain.com): Connection closed bytes=57/844 Dec 4 14:26:41 localhost postfix/local[8568]: 48C7470A0: to=<admin-domain.com@centos.com>, orig_to=<admin@domain.com>, relay=local, delay=36, delays=1/0.04/0/35, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME) Dec 4 14:26:41 localhost postfix/qmgr[1997]: 48C7470A0: removed Dec 4 14:26:46 localhost dovecot: imap-login: Login: user=<admin@domain.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=8616, secured Dec 4 14:26:47 localhost postfix/smtpd[8553]: connect from localhost.localdomain[127.0.0.1] Dec 4 14:26:47 localhost postfix/smtpd[8553]: 0B85C70A0: client=localhost.localdomain[127.0.0.1] Dec 4 14:26:47 localhost postfix/cleanup[8567]: 0B85C70A0: message-id=<1386131206.8599@domain.com> Dec 4 14:26:47 localhost postfix/qmgr[1997]: 0B85C70A0: from=<admin@domain.com>, size=702, nrcpt=1 (queue active) Dec 4 14:26:47 localhost postfix/smtpd[8553]: disconnect from localhost.localdomain[127.0.0.1] Dec 4 14:26:47 localhost dovecot: imap(admin@domain.com): Connection closed bytes=785/2243 Dec 4 14:27:00 localhost dovecot: imap-login: Login: user=<admin@domain.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=8635, secured Dec 4 14:27:00 localhost dovecot: imap(admin@domain.com): Connection closed bytes=1107/11696 Dec 4 14:27:14 localhost dovecot: imap-login: Login: user=<admin@domain.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=8678, secured Dec 4 14:27:15 localhost dovecot: imap(admin@domain.com): Connection closed bytes=1038/9182 Dec 4 14:27:19 localhost dovecot: imap-login: Login: user=<admin@domain.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=8697, secured Dec 4 14:27:20 localhost dovecot: imap(admin@domain.com): Connection closed bytes=1107/9080 Dec 4 14:27:33 localhost postfix/local[8568]: 0B85C70A0: to=<admin-domain.com@centos.com>, orig_to=<admin@domain.com>, relay=local, delay=47, delays=0.12/0.01/0/46, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME) Dec 4 14:27:33 localhost postfix/qmgr[1997]: 0B85C70A0: removed Dec 4 14:27:34 localhost dovecot: imap-login: Login: user=<admin@domain.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=8780, secured Dec 4 14:27:35 localhost dovecot: imap(admin@domain.com): Connection closed bytes=1038/10075 Dec 4 14:30:00 localhost postfix/qmgr[1997]: 26DC46A9B: from=<admin@domain.com>, size=714, nrcpt=1 (queue active) Dec 4 14:30:07 localhost postfix/anvil[8565]: statistics: max connection rate 1/60s for (smtp:209.85.128.170) at Dec 4 14:26:04 Dec 4 14:30:07 localhost postfix/anvil[8565]: statistics: max connection count 1 for (smtp:209.85.128.170) at Dec 4 14:26:04 Dec 4 14:30:07 localhost postfix/anvil[8565]: statistics: max cache size 1 at Dec 4 14:26:04 Dec 4 14:30:20 localhost postfix/smtp[8907]: 26DC46A9B: to=<emailAddress@gmail.com>, relay=none, delay=440, delays=420/0.08/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=gmail.com type=MX: Host not found, try again)
Wed, 12/04/2013 - 01:33
Locutus

Are you still trying to use your home Internet connection for a server? Because in your first log excerpt I can see bounce messages from Hotmail: they rejected your mail because your IP is blacklisted.

I can't see any errors though in your last log, what's the problem there exactly?

Wed, 12/04/2013 - 05:38
eiger3970

Okay, so seems the consistent error is: Could not connect to this IMAP server. Check your network connection and that you entered the correct information in the Account preferences. Also verify that the server supports SSL. If it does not, deselect the "Use SSL" checkbox in the Advanced tab of Account preferences.

Wed, 12/04/2013 - 06:20
Locutus

Try telnetting to the server's IP, port 143 (IMAP) or 993 (IMAPS), from the computer where you're doing these tests. If that fails, try a traceroute from that computer to the server. Check if Dovecot is listening on those ports on the server, and make sure no firewall is blocking access. If you're still doing your home-server thing, make sure ports are forwarded correctly and not blocked by your ISP.

And note that - as I said - your IP is on a blacklist. You won't be able to change that, so if you use this system as your server, you won't be able to send emails to a number of destinations, here Hotmail.

Wed, 12/04/2013 - 23:36
eiger3970

Thanks. Telnet failed on 143 and 993, but worked on 25.

telnet domain.com 25 Trying WANIP... Connected to domain.com. Excape character is '^]'. 220 centos.com ESMTP Postfix 421 4.4.2 centos.com Error: timeout exceeded Connection closed by foreign host.

telnet domain.com 143 Trying WANIP... telnet: connect to address WANIP: Operation timed out telnet: Unable to connect to remote host

telnet domain.com 993 Trying WANIP... telnet: connect to address WANIP: Operation timed out telnet: Unable to connect to remote host

Checked iptables in Terminal > localhost > iptables -L -n

Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:20 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:21 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20000 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited   Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited   Chain OUTPUT (policy ACCEPT) target prot opt source destination postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_percent_hack = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, localhost.localdomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sender_bcc_maps = hash:/etc/postfix/bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem smtpd_tls_key_file = /etc/postfix/postfix.key.pem smtpd_tls_mandatory_ciphers = high smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual

service iptables stop

telnet domain.com 143 Trying WANIP... telnet: connect to address WANIP: Operation timed out telnet: Unable to connect to remote host

telnet domain.com 993 Trying WANIP... telnet: connect to address WANIP: Operation timed out telnet: Unable to connect to remote host

traceroute localhost

traceroute to domain.com (WANIP), 64 hops max, 52 byte packets 1 main (routerIP) 0.686 ms 0.323 ms 0.265 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * 31 * * * 32 * * * 33 * * * 34 * * * 35 * * * 36 * * * 37 * * * 38 * * * 39 * * * 40 * * * 41 * * * 42 * * * 43 * * * 44 * * * 45 * * * 46 * * * 47 * * * 48 * * * 49 * * * 50 * * * 51 * * * 52 * * * 53 * * * 54 * * * 55 * * * 56 * * * 57 * * * 58 * * * 59 * * * 60 * * * 61 * * * 62 * * * 63 * * * 64 * * *

I port forwarded IMAPS 993 to localhost, telnet domain.com 993 now works. Email client still has same error, so deleted email accounts, restarted email and added back again. 1 of 2 email accounts seems to register, but unable to send or receive emails.

Wed, 12/04/2013 - 17:50
lp86

You left your domain in your last post, I checked the IP and it is classified as a residential connection. You can run your own mail server, but to 99% of the internet, the mail you send out will end up either blocked or flagged as SPAM.

Your hostname on your server also seems to be incorrect as well. Your server claims to be "centos.com" which is incorrect and invalid.

Also a lot of residential ISPs block traceroute, it can be used maliciously. So don't take too much heart in what you see.

I use IntoVPS, they have worldwide locations, and their basic VPS is $10/month. No email problems, and no changing things around when DHCP gives you a new IP. Depends on how much this is worth to you.

Thu, 12/05/2013 - 01:45
eiger3970
Thu, 12/05/2013 - 03:06
Locutus

With "residential" he meant using your home DSL to operate a server. Like I myself noted multiple times, a lot of issues you're seeing is stemming from that. So here's once more and a final time my suggestion to NOT use your home connection for a server! If you insist on doing that, I wish, you good luck, because I can't really help any further.

Thu, 12/05/2013 - 08:44
andreychek

I see a number of DNS lookup failures in your logs.

You may want to verify that the DNS server listed in /etc/resolv.conf is correct, and that the BIND service is running.

Also, I see you have a firewall setup on your server.

With all the problems you seem to be having, I'd suggest keeping that turned off, until you've gotten everything working.

-Eric

Thu, 12/12/2013 - 01:19
eiger3970

Okay, so I have setup a dynamic dns which is running. Researching Virtualmin forum for how to configure Virtualmin with the dyndns.

Thu, 12/12/2013 - 19:52
eiger3970

Is anyone able to help with setting up Virtualmin now with the dyndns I have setup? Research says this should fix the email issue and future Virtualmin use.

Fri, 12/13/2013 - 02:48
Locutus

Having a dyndns hostname will not help you when your IP is blacklisted due to being a dialup. Also, operating nameservers on a dynamic DHCP-assigned home IP is a no-go. You'll run into a lot of trouble with your setup.

Mon, 12/16/2013 - 21:21
eiger3970

Thank you for the replies. Well, my ISP is setting my IP as a business account. Internet connection is not a dialup connection. Look forward to some positive feedback and help how to get the email going on Virtualmin, as I now have my regular email not getting through ports 143 and 993.

Still working on finalising the ddns setup which seems to be needed according to research. Any help welcome.

Mon, 12/16/2013 - 22:31
eiger3970

Okay, so testing Virtualmin/Usermin works internally between email@domain1.com to email@domain2.com and email@domain3.com. email@domain3.com receives external email okay on Virtualmin/Usermin.

Mac and iPhone give similar errors of: The IMAP server "mail.domain3.com" is not responding. Check your network connection and that you entered the correct information in the "Incoming Mail Server" field.

Mac and iPhone have similar settings: Advanced Incoming Settings Use SSL: ON Authentication: Password IMAP Path Prefix: INBOX Server Port: 993

Mon, 12/16/2013 - 23:24
andreychek

Are you able to telnet into port 143 and 993?

If not -- then you're still seeing some sort of NAT, firewall, or routing issue.

You'd need to make sure your firewall on your server isn't preventing access to those ports, and verify that your router is forwarding those ports to your server.

-Eric

Tue, 12/17/2013 - 01:33
eiger3970

Yes, telnet results are same as several weeks ago with connection.

Port 143.

Trying 192.168.1.163... Connected to 192.168.1.163. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

Port 993.

Trying 192.168.1.163... Connected to 192.168.1.163. Escape character is '^]'.

iptables -L -n shows all ports are open

Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:20 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:21 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20000 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited   Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited   Chain OUTPUT (policy ACCEPT) target prot opt source destination

/etc/postfix/master.cf file has details below:

# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes #submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # ==================================================================== # # The Cyrus deliver program has changed incompatibly, multiple times. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes

The maillog gives 12000 lines of similar looking errors like this sample: (also, I don't know who those email addresses are as I don't know any of them? Seem to have been automatically generated).

Dec 17 16:14:21 localhost postfix/error[18758]: B4BE01373B: to=<teetsfxwy@hotmail.com>, relay=none, delay=326867, delays=326846/21/0/0.02, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) Dec 17 16:14:21 localhost postfix/error[18755]: B25EC134B1: to=<ugaldetpsad@hotmail.com>, relay=none, delay=327770, delays=327750/21/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) Dec 17 16:14:21 localhost postfix/error[18758]: B47E813751: to=<bennoleco@hotmail.com>, relay=none, delay=325065, delays=325045/21/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) Dec 17 16:14:21 localhost postfix/error[18756]: B1A09136E6: to=<apoilkospa@hotmail.com>, relay=none, delay=426070, delays=426050/21/0/0.02, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) Dec 17 16:14:21 localhost postfix/error[18760]: B532C13717: to=<nanaswndf@hotmail.com>, relay=none, delay=424222, delays=424201/21/0/0.02, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) Dec 17 16:14:21 localhost postfix/error[18758]: B8BEC13740: to=<deweydnjfc@hotmail.com>, relay=none, delay=325967, delays=325946/21/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) Dec 17 16:14:21 localhost postfix/error[18755]: BE46F1375A: to=<lisletvo@hotmail.com>, relay=none, delay=325064, delays=325043/21/0/0.01, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) Dec 17 16:14:21 localhost postfix/error[18755]: 89E3B1370A: to=<naparta3975@gmail.com>, relay=none, delay=425769, delays=425748/21/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=gmail.com type=MX: Host not found, try again) Dec 17 16:14:21 localhost postfix/error[18756]: B328213724: to=<searbyly@hotmail.com>, relay=none, delay=424219, delays=424198/21/0/0.02, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) Dec 17 16:14:21 localhost postfix/error[18760]: B4BBE136F4: to=<carrolnmejh@hotmail.com>, relay=none, delay=426069, delays=426048/21/0/0.01, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) Dec 17 16:20:11 localhost dovecot: imap-login: Login: user=<myEmail@domain.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=18983, secured Dec 17 16:20:12 localhost dovecot: imap(myEmail@domain.com): Connection closed bytes=1083/42562 Dec 17 16:20:16 localhost dovecot: imap-login: Login: user=<myEmail@domain.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=19001, secured Dec 17 16:20:16 localhost dovecot: imap-login: Login: user=<myEmail@domain.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=19003, secured Dec 17 16:20:17 localhost dovecot: imap(myEmail@domain.com): Connection closed bytes=1083/42562 Dec 17 16:20:17 localhost dovecot: imap(myEmail@domain.com): Connection closed bytes=408/3282
Tue, 12/17/2013 - 02:43
Locutus

You did your telnet test in your LAN apparently. To be meaningful for a connectivity test, you need to do them over the internet. What's the external IP in question?

The error messages in your log indicate two things: you still have DNS issues, and a spammer/hacker possibly already got a hold of your server and is trying to use it to send out spam. I don't see why else your system would be trying to send 12000 mails to random Hotmail addresses.

You should immediately disconnect it from the internet until you get this issue fixed. This is no joke anymore! Your experimental server is beginning to constitute a danger for the internet.

Tue, 12/17/2013 - 04:27
eiger3970

Thank you for the reply.

12000 lines of code I mentioned aren't 12000 emails/hackers, so please don't jump to conclusions too hastily. The setup of Virtualmin is not a joke, so please post serious posts to assist in addressing the setup of Virtualmin. If you have any constructive suggestions re possible hackers, please post some info on that, as turning off Virtualmin is not a viable solution.

Tested WAN and error: telnet WAN_IP 143 Connecting To WAN_IP...Could not open connection to the host, on port 143: Connect failed

telnet WAN_IP 993 Connecting To WAN_IP...Could not open connection to the host, on port 993: Connect failed

Router has ports 23, 143 and 993 forwarded to the server's LAN IP.

Tue, 12/17/2013 - 04:19
Locutus

Please read my posts closely. I did not say "12000 hackers". I said SOME hacker potentially found a security issue and is abusing your server to send out spam.

Your log clearly indicates - since you said you don't know these addresses and there's 12000 of those lines - that your server is trying to send thousands of email to random Hotmail addresses. No server or software is doing that just like that! So my post was very serious!

You're most likely going to be blocked by DNSBL lists, and your ISP is going to receive complaints about your server if you don't resolve this issue. So disconnecting your server from the net until this is resolved is not only viable, but necessary! As long as you keep it connected with the possible security hole present, even more hackers are going to find their way into it. In addition to it contributing to the threat that hacked servers on the net constitute.

As for "constructive suggestions": My apologies. Normally I'd gladly help you out, but with the myriads of problems you've been having since you started setting up this server, in this and other forum threads, my main suggestion would be doing a clean reinstall. Since you're not able to get paid support, anything else would probably be too time consuming to try and debug from my end.

Tue, 12/17/2013 - 04:29
Locutus

Port 23? I suppose you mean port 25?

If you can't connect to those ports from the outside, and you are 100% sure you forwarded them correctly in your router, they are blocked along the way. It's possible your ISP is blocking them; potentially (and especially port 25) they are blocking them due to the possible hacker issue. So before you do further debugging, you might want to contact them and ask them if any blocks are in place or complaints have been received.

I've seen ISPs that block some specific ports that are prone to abuse by hackers by default for their users. So if you want to operate a server on your home connection, you might want to ask them if such generic blocks are in place and if they can be lifted. Of course, before you do that, you need to make sure that your server is clean.

Tue, 12/17/2013 - 23:18
eiger3970

Hi, I did mean port 23, to ensure Telnet packets can be sent and received. Port 25 is also another port that's forwarded.

So, does anyone know how to fix this Virtualmin security flaw if my server is having hackers send random emails from my email?

Would paid support fix it or is it impossible?

Working on clean up now and testing port again to get emails working.

Tue, 12/17/2013 - 22:14
andreychek

It's unlikely that you're experiencing a Virtualmin security issue.

The issue you're seeing normally happens either when a web app installed in one of your domains is compromised, or when the passwords to one of your accounts is guessed.

You would need to review the headers of the emails in your mail queue in order to determine where they are coming from.

-Eric

Tue, 12/17/2013 - 23:40 (Reply to #28)
eiger3970

Thank you, I updated all email passwords and will monitor this. I checked the maillogs which seems to determine which email account the hacker is using, so I should be able to notice any difference shortly.

Having thought about this, it could also be occurring from the website's forum, which has Captcha security, however spam accounts still seem to be generated.

I have checked the ISP who has the ports open and the router has the ports forwarded, so all I can think of is setting a static IP address. I have a static WAN IP setup, however if there are any suggestion how to configure, this would be helpful.

Wed, 12/18/2013 - 02:15
Locutus

What would you need telnet for? It's unencrypted and sends everything in clear text including passwords, you should definitely use SSH instead.

Sat, 01/25/2014 - 02:22
eiger3970

Okay, after much ado, the ISP says cable won't be given a static IP. I have setup a DDNS, however some German sites have still blacklisted the email server. Still can't get the email working on email clients, but the email does work on the local server?

Any suggestions on how to setup the static IP? or get the DDNS working?

Sat, 01/25/2014 - 04:33
Locutus

If your ISP does not give you a static IP, there's nothing you can do. If your dynamic IPs are on blacklists, there's also nothing you can do.

You simply can NOT (reliably) use your home-hosted machine as an outgoing email server, you should accept that fact. All you can use it for is incoming email, provided the MX records are set properly, since that direction is not affected by blacklists.

Make sure you get a DynDNS service with a very low TTL (time to live) for its dynamic host entries. Otherwise, when your IP changes, mail to your server can get delivered to the wrong machine while the dynamic host is updated. That means, if the user who gets your old IP after you happens to also be running a mail server, he'll receive the mail that's meant to go to you. Also take note that there are DNS servers/relays that don't accept very short TTLs and still cache entries for a while, so receiving email using that method on your home-hosted machine can be unreliable.

For outgoing mail, your best bet is using a smarthost, which means getting an email account on some external service and instruct your local Postfix to send all outgoing email via that service, and authenticate itself with your credentials.

That has some implications of course. For one, the service you choose must allow you using it for a local server as opposed for "private use". And, you are potentially personally responsible for the email your users send, since it all goes through your email account.

Sat, 04/12/2014 - 04:01
eiger3970

All fixed. All fixed, doesn't work through email client, only webmail, but good enough for now until the ISP allow a static IP.