IMAP POP3 issue for login webmail accounts in outlook

10 posts / 0 new
Last post
#1 Tue, 05/14/2019 - 13:04
amritmatti

IMAP POP3 issue for login webmail accounts in outlook

Hi, i want to login my email accounts in outlook. but i am unable to login in outlook. but mails from webmail are working fine.' when i am trying to get login in outlook client it says password wrong below are the mail logs

May 14 20:38:56 domain dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=52.125.137.246, lip=187.68.19.2, session=<nlHXgdyIPJI0fYn2>
May 14 20:38:56 domain dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=52.125.137.246, lip=187.68.19.2, session=<cl3XgdyIOpI0fYn2>
May 14 20:38:56 domain dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=52.125.137.246, lip=187.68.19.2, session=<713XgdyIPpI0fYn2>
May 14 20:38:58 domain dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<amrit@domain.ee>, method=PLAIN, rip=52.125.137.246, lip=187.68.19.2, session=<FXDdgdyISJI0fYn2>
May 14 20:38:58 domain dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<amrit@domain.ee>, method=PLAIN, rip=52.125.137.246, lip=187.68.19.2, session=<+XndgdyISpI0fYn2>
May 14 20:39:02 domain dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<amrit@domain.ee>, method=PLAIN, rip=52.125.137.246, lip=187.68.19.2, session=<i4ndgdyIUJI0fYn2>
May 14 20:39:02 domain sendmail[21419]: gethostbyaddr(10.8.0.1) failed: 1
May 14 20:39:15 domain dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<amrit@domain.ee>, method=PLAIN, rip=167.6.19.2, lip=187.68.19.2, session=<rpPagtyILKw0fYmD>
May 14 20:39:19 domain dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<amrit@domain.ee>, method=PLAIN, rip=167.6.19.2, lip=187.68.19.2, session=<oLDagtyIKqw0fYmD>
May 14 20:39:19 domain dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<amrit@domain.ee>, method=PLAIN, rip=167.6.19.2, lip=187.68.19.2, session=<27fagtyILqw0fYmD>

please help me in this case

Tue, 05/14/2019 - 16:46
adamjedgar

hi, I am only a novice when it comes to webserver/email security. I have been experiencing these kinds of entries in my server logs for email as well.

Now my understanding is that what one needs to do in order to at least look after your server, is check to see if fail2ban is running on your system Webmin>Servers>fail2ban and, that it is correctly configured to monitor hacking attempts.

If not, install and activate "fail2ban" in virtualmin.

https://www.virtualmin.com/documentation/security/fail2ban

One you have done that, then the following resources may help get started

https://www.howtoforge.com/tutorial/protect-your-server-computer-with-badips-and-fail2ban/<br>
https://blog.rimuhosting.com/2017/02/24/whitelist-your-own-computer-in-fail2ban/<br>
https://www.badips.com/

Please note that you wont suddenly see a complete stop of all the above entries in server logs or mail logs or fail2ban logs, the idea is, that fail2ban monitors the incoming hacking attempts against the various log files you configure it to use, and if a suspicious user is constantly trying to break in, it will ban their ip address for a given period of time and store this information in a log file for future reference.

As a final thought...someone once mentioned to me on a forum, that in maintaining a webserver, they essentially live on the server log files...ie eat, sleep, and drink server logs. Now that i am venturing into fail2ban, i have found myself consumed with this very issue that you have asked about with this thread here.

Now one very very important thing to remember... https://blog.rimuhosting.com/2017/02/24/whitelist-your-own-computer-in-fail2ban/

And...just in case you lock yourself out of webserver

fail2ban-client set ssh-iptables unbanip IPADDRESSHERE

fail2ban-client set JAILNAMEHERE unbanip IPADDRESSHERE

example
fail2ban-client set ssh-iptables unbanip 123.34.345.78

the ipaddress is the ip of your home/work internet gateway usually. So if your internet service provider has given you a static home or office ip address, that would be the ipaddress you use.

A simple and easy way of finding out what your home/office public ip address is, can be done simply by navigating to the following URL and it will display your ip address on screen. https://www.hashemian.com/whoami/

Good luck with it.

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Tue, 05/14/2019 - 17:22 (Reply to #2)
amritmatti

Thanks for reply. but i dont think so that you have write above will solve the issue. My problem is server is not authorizing user amrit@domain.com but it's recognizing as amrit. so main issue is that.

Tue, 05/14/2019 - 17:21
andreychek

Howdy,

Which webmail client is it that you were able to log in as -- was it by chance Usermin?

Also, if you look in Edit Users in Virtualmin, and look at the "Login" column, is the login name listed there what you're using to log in with Outlook?

-Eric

Tue, 05/14/2019 - 17:24 (Reply to #4)
amritmatti

yes via usermin webmail it's working.

but issue is server not authorizing my user amrit@domain.com . in usermin webmail we are login with amrit user without domain. so is there any way that we can change?

Tue, 05/14/2019 - 17:27
andreychek

Howdy,

Usermin is particularly forgiving with the username you can use to log in... it will allow you to use the real system username, along with any email addresses or aliases associated with that user.

Other clients don't work that way though -- a client like Outlook, Thunderbird, or even RoundCube will authenticate with Dovecot using IMAP, and Dovecot will strictly require the actual username.

So if the username on your server is just "amrit", you would need to use "amrit" in Outlook... you wouldn't be able to use the full email address in that case.

-Eric

Tue, 05/14/2019 - 17:56 (Reply to #6)
amritmatti

ok but now i am getting this in logs

May 15 01:53:15 server dovecot: auth-worker(12687): Error: passwd(amrit,122.173.242.239,<mPbq5eCI/sl6rfLv>): Invalid password in passdb: crypt() failed: Invalid argument
May 15 01:53:21 server dovecot: auth-worker(12687): Error: passwd(amrit,122.173.242.239,<mPbq5eCI/sl6rfLv>): Invalid password in passdb: crypt() failed: Invalid argument
May 15 01:53:23 server dovecot: imap-login: Disconnected (auth failed, 2 attempts in 9 secs): user=<amrit>, method=PLAIN, rip=122.173.242.239, lip=167.86.113.20, session=<mPbq5eCI/sl6rfLv>
May 15 01:53:39 server dovecot: imap-login: Disconnected (auth failed, 2 attempts in 16 secs): user=<amrit@server.ee>, method=PLAIN, rip=122.173.242.239, lip=167.86.113.20, session=<RJdx5uCICMp6rfLv>
May 15 01:54:09 server sendmail[12743]: gethostbyaddr(10.8.0.1) failed: 1
May 15 01:54:57 server dovecot: auth-worker(12855): Error: passwd(amrit,122.173.242.239,<Pm0C7OCIW8p6rfLv>): Invalid password in passdb: crypt() failed: Invalid argument
May 15 01:55:03 server dovecot: auth-worker(12855): Error: passwd(amrit,122.173.242.239,<Pm0C7OCIW8p6rfLv>): Invalid password in passdb: crypt() failed: Invalid argument
May 15 01:55:05 server dovecot: imap-login: Disconnected (auth failed, 2 attempts in 8 secs): user=<amrit>, method=PLAIN, rip=122.173.242.239, lip=167.86.113.20, session=<Pm0C7OCIW8p6rfLv>
Tue, 05/14/2019 - 17:42
adamjedgar

for someone who is manually trying to login...that is an awful lot of tries in a short period of time. Is this your server you are trying to log into or someone elses? Something seems suspicious here

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Tue, 05/14/2019 - 18:05
andreychek

Hmm, it looks like something may be awry with the Dovecot configuration there. This is an unusual error message:

Invalid password in passdb: crypt() failed: Invalid argument

Can you run the command "dovecot -n", and paste in the output?

Also, what distro/version is this?

-Eric

Tue, 05/14/2019 - 18:25 (Reply to #9)
amritmatti

root@server:/etc/dovecot# dovecot -n

2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf Pigeonhole version 0.4.16 (fed8554) OS: Linux 4.9.0-9-amd64 x86_64 Debian 9.9

disable_plaintext_auth = no namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = passwd } protocols = imap pop3 pop3 ssl = no userdb { driver = passwd }

root@server:/etc/dovecot# cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 9 (stretch)" NAME="Debian GNU/Linux" VERSION_ID="9" VERSION="9 (stretch)" ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" root@server:/etc/dovecot#