I inherited a long time working postfix with courier imap box that runs run of the mill smtp. It seems to use fail2ban for firewall protection of some sort (never used fail2ban) and according to /var/log/messages we are getting a ton of attempts on our box, which is probably normal.
htop on the mail machine looks fine except for maybe memory 2.53 out 6ish being used. Seems kinda high. Regardless from a client now clicking send on your email the email takes many minutes to finally 'send'. A lot of users also got signed out of their clients (i did on my outlook app on my android). I removed the account off phone completely and tried to add it, and it will not connect to the outgoing mail server even though I know for a fact the password is right.
(I could see in /var/log/maillog entries like this)
2020-06-22 09:45:45.459 xmail postfix/smtpd[2592]: connect from c-98-230-220-31.hsd1.nm.comcast.net[98.230.224.38]
2020-06-22 09:48:39.527 xmail imapd: Connection, ip=[::ffff:98.230.224.38]
2020-06-22 09:48:40.006 xmail imapd: LOGIN, user=me@mycompany.com, ip=[::ffff:98.230.224.38], port=[50411], protocol=IMAP
2020-06-22 09:48:55.932 xmail postfix/smtpd[2592]: lost connection after AUTH from c-98-230-220-31.hsd1.nm.comcast.net[98.230.224.38]
...is what i see when I try to get my mobile to connect. (on the mobile side it just fails and says timed out)
I am not sure where to start looking for the cause of the slowdown, and the cause that some clients cannot connect or got disconnected and cannot reconnect.
To me all this feels like a certification issue some where (on server or client) but not sure where to look or how to check that theory. We do have a cronjob that weekly does a cert-bot auto renew and then does a change directory to /etc/letsencrypt/live/xmail.... and copies over some privkey.pem, cert.pem and fullchain.pem all into a courrier.pem. Then it says courier-imap-ssl restart and pop3d-ssl restart
I have looked through logs it doesn't tell me any errors but does say a lot of the like from above in the maillog (About connections being refused or dropped etc)
When using squirrel mail, there is no issues connecting or sending mail, it works like a charm.
All of these issues sprung up about a week to a week and a half ago it seems, again things have worked well for years it seems.
centos box courier imap postfix/smtp
Also got a new message in my inbox when i tried to send an email from my client:
Your message did not reach some or all of the intended recipients.
Subject: postfix issue
Sent: 6/22/2020 1:31 PM
The following recipient(s) cannot be reached:
'dude@gmail.com' on 6/22/2020 1:35 PM
Server error: '451 4.3.0 <me@mycompany.com>: Temporary lookup failure'
Is this a DNS issue with our dns server maybe?
Shane p.s. I just did a simple settup from my WSL install of Ubuntu of Mutt. Configured it I think correctly and now hitting send always says:
Could not connect to mysmtp.blah.com (Resource temporarily unavailable) .
So maybe explains why clients like thunderbird etc take forever to send an email out? but no idea what would all of a sudden cause this slowness (restarted the VM imap/postfix run on also several times)
Some log entries from /var/log/maillog | grep error
2020-06-23 06:47:26.253 xmail amavis[7427]: (07427-01-7) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:47:41.895 xmail amavis[7111]: (07111-02-3) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:47:57.085 xmail amavis[7427]: (07427-01-8) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:48:11.329 xmail amavis[7111]: (07111-02-4) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:48:27.362 xmail amavis[7427]: (07427-01-9) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:48:48.961 xmail amavis[7111]: (07111-02-5) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:48:56.723 xmail amavis[7427]: (07427-01-10) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:49:21.196 xmail amavis[7111]: (07111-02-6) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:49:29.393 xmail amavis[7427]: (07427-02) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:49:51.207 xmail amavis[7111]: (07111-02-7) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:50:00.136 xmail amavis[7427]: (07427-02-2) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:50:29.001 xmail amavis[7111]: (07111-02-8) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:50:31.521 xmail amavis[7427]: (07427-02-3) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
2020-06-23 06:51:05.472 xmail amavis[7111]: (07111-02-9) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 132) line 659.\n
also a tail of /var/log/maillog (squirrel mail has now been taking a while to send out going messages too.
2020-06-23 07:04:35.879 xmail imapd: LOGIN FAILED, user=eu-west-2@nmsu.edu, ip=[::ffff:127.0.0.1]
2020-06-23 07:04:36.690 xmail imapd: LOGIN FAILED, user=pallas@nmsu.edu, ip=[::ffff:127.0.0.1]
2020-06-23 07:04:36.977 xmail imapd: Disconnected, ip=[::ffff:127.0.0.1], time=7
2020-06-23 07:04:36.988 xmail postfix/smtpd[5865]: warning: unknown[46.38.148.2]: SASL LOGIN authentication failed: authentication failure
2020-06-23 07:04:36.989 xmail postfix/smtpd[5865]: disconnect from unknown[46.38.148.2]
2020-06-23 07:04:36.990 xmail postfix/smtpd[5865]: connect from unknown[46.38.148.10]
2020-06-23 07:04:36.990 xmail postfix/smtpd[5865]: disconnect from unknown[46.38.148.10]
2020-06-23 07:04:36.990 xmail postfix/smtpd[5865]: connect from unknown[46.38.145.6]
2020-06-23 07:04:36.995 xmail imapd: Connection, ip=[::ffff:127.0.0.1]
Btw this @nmsu.edu we have seen a ton of tries on, it is almost like someone is taking a dictionary of names and concatenating @nmsu.edu and seeing what sticks? we have fail2ban running some how on this server (I am learning more about it constantly through this)
