Announcement

Collapse
No announcement yet.

Mail server blocking imap and smtp connections

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mail server blocking imap and smtp connections

    Hello,

    I got a huge problem with IMAP/SMTP server. Some users get ip block from IMAP/SMTP server, webmail is working and websites working but IMAP/SMTP not working.
    If user is changing IP then it connects again. Also tryed to whitelist problematic IP's in firewall settings but no help.

    I think this may be maximum IMAP/SMTP connection problem but i can't find place when to configure this.
    Anybody knows what is causing my problem?

  • #2
    Hi Vmk

    Welcome to IW forums

    Would need more details to fully help

    What distro and IW-CP are you using

    What firewall

    Are you using BFD if APF

    What max connection setting are you using for imap

    What makes you think it is a firewall issue

    If you goto nodeworx, system settings, mail MTA MDA you should see the max connotations

    Is the server located in a Datacentre

    Many thanks

    John

    Comment


    • #3
      Hi,

      This is one week ago installed server (got cpanel install before this).
      Centos 7.7.1908
      InterWorx-CP v6.4.1
      Firewall: 1.7.5 (APF)

      I finally found problem source...it's MTA settings box: Realtime (SBL) Blacklists.
      Problem started after i added zen.spamhaus.org, b.barracudacentral.org, dnsbl.sorbs.net and cbl.abuseat.org. If some user IP is listed in some list then SMTP server blocks this user connection.
      It seems very weird practice, is it possible to disable this function or is it possible to add SBL's only for incoming spam filter (can't find any option in spam filter page)?
      Last edited by vmk; 12-30-2019, 01:32 PM.

      Comment


      • #4
        Hi vmk

        Glad you found the issue

        It makes perfect sense if connection is listed in an RBLS to drop connection

        It works on the fact if listed why continue the connection and use resources

        Removing the RBLs should allow normal connection from those clients as well as allowing more spam

        You should be able to add RBLs to spam assassin as either domain or global but I would expect a similar result

        Many thanks

        John

        Comment


        • #5
          Hi,

          This is a big problem if server blocks user network IP because it's listed in RBLS beacuse many users need to use e-mail in public aeroport's networks and simillar. Without RBLS's we get lot's of spam ant this is also not acceptable.

          Anyway i would like to try rbl's in spammassassin but can't find option to add global RBL's in spam filter settings (in IW panel).
          Seems like only option is ad those using CLI or there's option in IW panel?

          Comment


          • #6
            Hi Vmk

            To add rbls to sa in IW you would do the following:

            Global

            login to nodeworx, goto system services, mail, filtering

            Add spam preference

            preference
            header CUSTOM_LOOKUP_1 eval:check_rbl_txt('dnsrbl','dnsrbl.org.')
            describe CUSTOM_LOOKUP_1 Entries listed in dnsrbl.org RBL
            score CUSTOM_LOOKUP_1 2.0

            you can do this for any new rbl's you want to add which are not already included in sa.

            remember adjust score as you need and for additional rbl's, use custom_lookup_2 etc...

            Many thanks

            John

            Comment


            • #7
              Hello John,

              Thanks for quick answers but still got one problem.
              This preference what You told is 3 lines but i got only one line and also no preference option.

              Is it working if i add this directly to spammassassin config file (/etc/mail/spamassassin/local.cf) ?
              Last edited by vmk; 12-30-2019, 04:11 PM.

              Comment


              • #8
                Hi vmk

                Yes you could add directly if you wish (thatís one benefit of IW-CP)

                The 3 lines are first preference followed by value so first would be preference header then remaining would value

                I believe anyway but sorry if Iím wrong

                Many thanks

                John

                Comment


                • #9
                  Originally posted by vmk View Post
                  Hi,

                  This is one week ago installed server (got cpanel install before this).
                  Centos 7.7.1908
                  InterWorx-CP v6.4.1
                  Firewall: 1.7.5 (APF)

                  I finally found problem source...it's MTA settings box: Realtime (SBL) Blacklists.
                  Problem started after i added zen.spamhaus.org, b.barracudacentral.org, dnsbl.sorbs.net and cbl.abuseat.org. If some user IP is listed in some list then SMTP server blocks this user connection.
                  It seems very weird practice, is it possible to disable this function or is it possible to add SBL's only for incoming spam filter (can't find any option in spam filter page)?
                  SORBS blacklisting is notoriously overzealous and the hassles of using their RBLs may out-weigh the benefits.

                  If you are seeing SMTP 451 errors relating to Spamhaus PBL or DNSBL lists, the client is blocked because it isn't authenticating. In Nodeworx you might try SMTP-auth required with TLS optional instead of SMTP-auth over TLS. If that solves anything try switching back to SMTP-auth over TLS once clients are authenticating.

                  Comment


                  • #10
                    After i added SBL list's manualy as preference got one small problem left...

                    Still get some spam like this:
                    Spam detection software, running on the system,
                    has identified this incoming email as possible spam. The original
                    message has been attached to this so you can view it or label
                    similar future email. If you have any questions, see
                    the administrator of that system for details.

                    Content preview: Dear friends, Good day to you! We are the supplier for plastic
                    mold. I am sure our products will help for your business.

                    Content analysis details: (10.9 points, 5.0 required)

                    If allowed score is 5.0 then why system won't block/delete these messages and user get this into mailbox?

                    Comment


                    • #11
                      Hi vmk

                      I think your getting a little confused over spamassassin

                      The SA score is higher then the trigger value so the part missing is the action you want to happen

                      Your post shows attach email and send through

                      You need to either tell SA to delete or send to spam account if spam account is available

                      SA cannot stop email from been delivered at initial connection as it has to be delivered before it is scan at mail server level

                      Many thanks

                      John

                      Comment


                      • #12
                        Hi vmk

                        Just a quick post to make sure in nodeworx, system services, mail server, spam filtering you have SA options set to enabled and smtp spam score threshold set correctly

                        This I think is the SA part that should stop local mail delivery

                        Many thanks

                        John

                        Comment


                        • #13
                          Originally posted by d2d4j View Post
                          Hi vmk

                          Just a quick post to make sure in nodeworx, system services, mail server, spam filtering you have SA options set to enabled and smtp spam score threshold set correctly

                          This I think is the SA part that should stop local mail delivery

                          Many thanks

                          John
                          Hello again,
                          Still getting spam messages like those before (Content analysis details: (24.1 points, 5.0 required)).

                          I looked those and they all are redirected messages.
                          No spam directly to john@john.com but if it's sent to info@john.com and got directed to john@john.com mailbox then spammassassin wont delete those messages.

                          Any ideas how to force spammassassin to erase redirected spam messages to?

                          Comment

                          Working...
                          X