Mail server blocking imap and smtp connections

Hello,

I got a huge problem with IMAP/SMTP server. Some users get ip block from IMAP/SMTP server, webmail is working and websites working but IMAP/SMTP not working.
If user is changing IP then it connects again. Also tryed to whitelist problematic IP’s in firewall settings but no help.

I think this may be maximum IMAP/SMTP connection problem but i can’t find place when to configure this.
Anybody knows what is causing my problem?

Hi Vmk

Welcome to IW forums

Would need more details to fully help

What distro and IW-CP are you using

What firewall

Are you using BFD if APF

What max connection setting are you using for imap

What makes you think it is a firewall issue

If you goto nodeworx, system settings, mail MTA MDA you should see the max connotations

Is the server located in a Datacentre

Many thanks

John

Hi,

This is one week ago installed server (got cpanel install before this).
Centos 7.7.1908
InterWorx-CP v6.4.1
Firewall: 1.7.5 (APF)

I finally found problem source…it’s MTA settings box: Realtime (SBL) Blacklists.
Problem started after i added zen.spamhaus.org, b.barracudacentral.org, dnsbl.sorbs.net and cbl.abuseat.org. If some user IP is listed in some list then SMTP server blocks this user connection.
It seems very weird practice, is it possible to disable this function or is it possible to add SBL’s only for incoming spam filter (can’t find any option in spam filter page)?

Hi vmk

Glad you found the issue

It makes perfect sense if connection is listed in an RBLS to drop connection

It works on the fact if listed why continue the connection and use resources

Removing the RBLs should allow normal connection from those clients as well as allowing more spam

You should be able to add RBLs to spam assassin as either domain or global but I would expect a similar result

Many thanks

John

Hi,

This is a big problem if server blocks user network IP because it’s listed in RBLS beacuse many users need to use e-mail in public aeroport’s networks and simillar. Without RBLS’s we get lot’s of spam ant this is also not acceptable.

Anyway i would like to try rbl’s in spammassassin but can’t find option to add global RBL’s in spam filter settings (in IW panel).
Seems like only option is ad those using CLI or there’s option in IW panel?

Hi Vmk

To add rbls to sa in IW you would do the following:

Global

login to nodeworx, goto system services, mail, filtering

Add spam preference

preference
header CUSTOM_LOOKUP_1 eval:check_rbl_txt(‘dnsrbl’,‘dnsrbl.org.’)
describe CUSTOM_LOOKUP_1 Entries listed in dnsrbl.org RBL
score CUSTOM_LOOKUP_1 2.0

you can do this for any new rbl’s you want to add which are not already included in sa.

remember adjust score as you need and for additional rbl’s, use custom_lookup_2 etc…

Many thanks

John

Hi vmk

Yes you could add directly if you wish (that?s one benefit of IW-CP)

The 3 lines are first preference followed by value so first would be preference header then remaining would value

I believe anyway but sorry if I?m wrong

Many thanks

John

SORBS blacklisting is notoriously overzealous and the hassles of using their RBLs may out-weigh the benefits.

If you are seeing SMTP 451 errors relating to Spamhaus PBL or DNSBL lists, the client is blocked because it isn’t authenticating. In Nodeworx you might try SMTP-auth required with TLS optional instead of SMTP-auth over TLS. If that solves anything try switching back to SMTP-auth over TLS once clients are authenticating.

After i added SBL list’s manualy as preference got one small problem left…

Still get some spam like this:
Spam detection software, running on the system,
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Dear friends, Good day to you! We are the supplier for plastic
mold. I am sure our products will help for your business.

Content analysis details: (10.9 points, 5.0 required)

If allowed score is 5.0 then why system won’t block/delete these messages and user get this into mailbox?

Hi vmk

I think your getting a little confused over spamassassin

The SA score is higher then the trigger value so the part missing is the action you want to happen

Your post shows attach email and send through

You need to either tell SA to delete or send to spam account if spam account is available

SA cannot stop email from been delivered at initial connection as it has to be delivered before it is scan at mail server level

Many thanks

John

Hi vmk

Just a quick post to make sure in nodeworx, system services, mail server, spam filtering you have SA options set to enabled and smtp spam score threshold set correctly

This I think is the SA part that should stop local mail delivery

Many thanks

John

Hello again,
Still getting spam messages like those before (Content analysis details: (24.1 points, 5.0 required)).

I looked those and they all are redirected messages.
No spam directly to john@john.com but if it’s sent to info@john.com and got directed to john@john.com mailbox then spammassassin wont delete those messages.

Any ideas how to force spammassassin to erase redirected spam messages to?