Odd outgoing email issues...

Good morning all.

I’ve been having an intermittent issue the last week or so with the authenticated outgoing email from my Interworx box. I haven’t been able to nail down exactly what leads to it, but when it happens everyone who sends mail through the authenticated smtp gets a “user has been rejected” message from the server. Rebooting the server makes it work again, but it generally recurs a few days later.

Any ideas from anyone on what might be going on, or what I should check? I’ve looked at the logs (smtp, send, imap4, messages, etc.) but don’t see anything out of the ordinary.

Any thoughts would be welcomed. Thanks!

Phil Malmstrom
philm@diamondcomputer.com

Well the default setup of Iworx is that you have to authenticate on the SMTP server which is good because it prevents you from being a mail relay server which can get you blacklisted on every blacklist in a heartbeat.

The easiest thing to do is log into imap/pop and then you get a 15-30 mins window (not sure the exact window of time) where you can send mail. Most people will have POP3/IMAP checking for new messages faster than that window so it works pretty transparent. If someone just tries to send an email without checking mail first they will get blocked unless they have auth before send setting.

Not sure if this is your problem, but its an easy thing to check so would be a good place to start.

Odd Outgoing email issues…

Hi Justec and thanks for the reply.

I understand that’s how it’s setup, and normally it works perfectly. For example I use IMAP on mine, and outgoing mail is sent by authenticating through the mail server. When the problem occurs, each time anyone using the server on any domain tries to send using authenticated sending, they get a “user has been rejected” message. If I reboot, all works again.

It’s an odd one…

-Phil

Are you getting an SMTP error or a bounce back email? Restarting just SMTP doesn’t resolve the issue? Maybe you need to also restart the POP3/IMAP since that’s where the user database is.

Also, not sure maybe restarting mysql would help? At least help you track down where the issue is. Not sure if vpop is on the user mysql or the iworx mysql though.

No, no smtp error and just resetting the smtp service doesn’t solve it. Just for grins I’ve tried restarting the smtp and imap services, still no dice.

As I said, it’s odd.

-Phil

Ok, it happened again tonight and I got a little more information before I had to restart it.

The /var/log/maillog showed that the smtp auth plain login was processed and successful when the send was attempted, even though the message back to the client was “The Sender Address me@domain.com was rejected by the server mail.domain.com”. If I watch the /var/log/send/current and /var/log/smtp/current logs, it never shows the send attempt.

I restarted all the various mail services, Spam checking, virus checking independently… No improvement. Once again, a reboot of the whole server fixed it.

This is getting to be a real problem for me, so I’d appreciate any ideas any of you might have. Thanks.

Phil Malmstrom
philm@diamondcomputer.com

Hi Phil,

It’s very strange that rebooting seems to fix the problem. How often would you say this happens? You’re looking in all the right places as far as I can tell, another thing I might try was strace’ing the qmail-smtpd process while the problem occurs and see if any more details can be found that way. That can be tricky and hard to read though. It may be best to open a support ticket and let us try to debug things the next time it happens.

Paul

Hi Paul, and thanks for replying on this one.

It seems to vary as to when it happens. I’ve been looking for a pattern, but haven’t been able to determine one as of yet. If I had to generalize, I’d say it’s every three or four days on average, although it happened twice yesterday.

My biggest issue is that when it does occur, I have to get it back up and functional rapidly, so troubleshooting is rushed and complicated. I’ll be happy to open a support ticket though, maybe you can find something I missed.

Thanks!

Phil Malmstrom
philm@diamondcomputer.com

After it happens with that first user it happens for every single other email that is trying to be sent after that? With the same error message?

Hi Justec.

Yes, it happens to everyone that authenticates prior to sending. And yes, everyone gets the same message when it happens. It’s happened a couple of times this week, same result, same band-aid.

I opened a ticket with the Interworx folks, so we’ll see if they can dig up an answer to this.

Phil Malmstrom
philm@diamondcomputer.com

Did you ever find a cause or fix for this? I’m seeing this on two different servers lately. It’s the same sort of deal: once it happens for one user it happens for all (for all domains), restarting SMTP doesn’t work, restarting all mail services doesn’t work, but restarting the server does work.

Had the same issue. now outgoing email does no longer require auth in IW4.4.0 !?

Hi all, (long post, but bear with me pls.)
I had the same issue, in the last 3-4 months.
We could not send emails. Sometimes after waiting few hours , sending worked again. Other times only server (container) restart solved the issue.

Have submitted tickets with my host (logic web) - i have a VPS, and they said it is just “some sort of spike load” and offered to change the VPS to a new server, to upgrade to Centos 5. (did that)

Now Logic web moved our VPS with:
InterWorx-CP Version: InterWorx-CP v4.4.0 [Unlimited Domain] VPS
Distribution: CentOS release 5.5 (Final)
Operating System: Linux 2.6.18-028stab069.6-ent (SMP)

But now the SMTP-AUTH REQUIRED is NOT available for the default SMTP 25 port!
(it is only for the alternative SMTP on 587 port)

With outlook, I managed to send emails to addresses outside domains hosted, without knowing the email account password, because outgoing email does no longer require auth…

Spammers are using our server now.
We just had 2000 emails / day send out in the last couple of days, checked smtp-sent logs, got warning emails from mail-queue manager etc. …
submitted a new ticket with Logic web.
Logic web said they were waiting a reply from Interworx about it, and after 2 days replied that this is an “INCOMMING” spam issue, we should fix with filters.
But it is an OUTGOING mail lack of security issue.

here some logs: with email sent OUT by spammers:

@400000004c2d00a81ce60494 starting delivery 314: msg 14978772 to remote [edited by me] lorrana @ oi.com.br
@400000004c2d00a81ce61434 status: local 0/10 remote 7/120
@400000004c2d00a81ceb3c84 starting delivery 315: msg 14978702 to remote [email] lorranayes @ yahoo. com.br
@400000004c2d00a81ceb500c status: local 0/10 remote 8/120

@400000004c2d00aa185e49f4 delivery 314: success: 200.222.115.71_accepted_message./Remote_host_said:_250_2.0.0_Ok:_queued_as_A08701D003A/
@400000004c2d00aa1870c46c status: local 0/10 remote 5/120
@400000004c2d00aa1870d024 end msg 14978772
@400000004c2d00aa2092014c delivery 321: success: 200.222.115.71_accepted_message./Remote_host_said:_250_2.0.0_Ok:_queued_as_8102B8A8206/
@400000004c2d00aa209210ec status: local 0/10 remote 4/120
@400000004c2d00aa20921ca4 end msg 14978820


any advice why now the IW does not offer AUTH on the default SMTP server ?

Thx.
Marius
my server is offshoresimple.com if you need to check it…