Resolved error mail postfix

[lesny]

Hello

since my mail server I manage to send mail without worries but on the other hand I do not get to receive here is the error I receive

Sep 13 15:27:25 Forumeasy courier-imapd: Connection, ip=[::1]
Sep 13 15:27:25 Forumeasy courier-imapd: LOGIN, [email protected], ip=[::1], port=[36341], protocol=IMAP
Sep 13 15:27:25 Forumeasy courier-imapd: LOGOUT, [email protected], ip=[::1], headers=0, body=0, rcvd=379, sent=1602, time=0
Sep 13 15:27:26 Forumeasy courier-imapd: Connection, ip=[::1]
Sep 13 15:27:26 Forumeasy courier-imapd: LOGIN, [email protected], ip=[::1], port=[36343], protocol=IMAP
Sep 13 15:27:26 Forumeasy courier-imapd: LOGOUT, [email protected], ip=[::1], headers=0, body=0, rcvd=121, sent=537, time=0
Sep 13 15:27:33 Forumeasy courier-imapd: Connection, ip=[::1]
Sep 13 15:27:33 Forumeasy courier-imapd: LOGIN, [email protected], ip=[::1], port=[36345], protocol=IMAP
Sep 13 15:27:34 Forumeasy courier-imapd: LOGOUT, [email protected], ip=[::1], headers=230, body=334, rcvd=390, sent=1479, time=1
Sep 13 15:27:37 Forumeasy courier-imapd: Connection, ip=[::1]
Sep 13 15:27:37 Forumeasy courier-imapd: LOGIN, [email protected], ip=[::1], port=[36349], protocol=IMAP
Sep 13 15:27:37 Forumeasy courier-imapd: LOGOUT, [email protected], ip=[::1], headers=230, body=334, rcvd=390, sent=1479, time=0
Sep 13 15:27:38 Forumeasy courier-imapd: Connection, ip=[::1]
Sep 13 15:27:38 Forumeasy courier-imapd: LOGIN, [email protected], ip=[::1], port=[36351], protocol=IMAP
Sep 13 15:27:38 Forumeasy courier-imapd: LOGOUT, [email protected], ip=[::1], headers=230, body=334, rcvd=390, sent=1479, time=0
Sep 13 15:28:01 Forumeasy postfix/smtpd[5767]: connect from mail-lf0-f46.google.com[209.85.215.46]
Sep 13 15:28:01 Forumeasy postfix/trivial-rewrite[5771]: warning: do not list domain forumeasy.fr in BOTH virtual_alias_domains and virtual_mailbox_domains
Sep 13 15:28:01 Forumeasy postfix/smtpd[5767]: DD1021C02E1: client=mail-lf0-f46.google.com[209.85.215.46]
Sep 13 15:28:01 Forumeasy greylisting filter[5774]: Starting greylisting filter...
Sep 13 15:28:01 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[6511]: handlers_stderr: SKIP
Sep 13 15:28:01 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[6511]: SKIP during call 'grey' handler
Sep 13 15:28:01 Forumeasy postfix/cleanup[5773]: DD1021C02E1: message-id=<CAOukz0aCU-RSirt15MKWDm2R9jRQHFt4KCtC8Hg-VquR5ZbpXA@mail.gmail.com>
Sep 13 15:28:01 Forumeasy check-quota[5775]: Starting the check-quota filter...
Sep 13 15:28:02 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[6511]: handlers_stderr: SKIP
Sep 13 15:28:02 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[6511]: SKIP during call 'check-quota' handler
Sep 13 15:28:02 Forumeasy postfix/qmgr[5734]: DD1021C02E1: from=<[email protected]>, size=9633, nrcpt=1 (queue active)
Sep 13 15:28:02 Forumeasy postfix/trivial-rewrite[5771]: warning: do not list domain Forumeasy.fr in BOTH virtual_alias_domains and virtual_mailbox_domains
Sep 13 15:28:02 Forumeasy postfix/cleanup[5773]: 11D021C02EF: message-id=<CAOukz0aCU-RSirt15MKWDm2R9jRQHFt4KCtC8Hg-VquR5ZbpXA@mail.gmail.com>
Sep 13 15:28:02 Forumeasy postfix/local[5777]: DD1021C02E1: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.46, delays=0.43/0.01/0/0.03, dsn=2.0.0, status=sent (forwarded as 11D021C02EF)
Sep 13 15:28:02 Forumeasy postfix/qmgr[5734]: 11D021C02EF: from=<[email protected]>, size=9761, nrcpt=1 (queue active)
Sep 13 15:28:02 Forumeasy postfix/qmgr[5734]: DD1021C02E1: removed
Sep 13 15:28:02 Forumeasy postfix/trivial-rewrite[5771]: warning: do not list domain Forumeasy.fr in BOTH virtual_alias_domains and virtual_mailbox_domains
Sep 13 15:28:02 Forumeasy postfix/cleanup[5773]: 193721C02E1: message-id=<CAOukz0aCU-RSirt15MKWDm2R9jRQHFt4KCtC8Hg-VquR5ZbpXA@mail.gmail.com>
Sep 13 15:28:02 Forumeasy postfix/smtpd[5767]: disconnect from mail-lf0-f46.google.com[209.85.215.46]
Sep 13 15:28:02 Forumeasy postfix/local[5777]: 11D021C02EF: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.06, delays=0.03/0/0/0.03, dsn=2.0.0, status=sent (forwarded as 193721C02E1)
Sep 13 15:28:02 Forumeasy postfix/qmgr[5734]: 193721C02E1: from=<[email protected]>, size=9903, nrcpt=1 (queue active)
Sep 13 15:28:02 Forumeasy postfix/qmgr[5734]: 11D021C02EF: removed
Sep 13 15:28:02 Forumeasy postfix/cleanup[5773]: 217081C02F0: message-id=<CAOukz0aCU-RSirt15MKWDm2R9jRQHFt4KCtC8Hg-VquR5ZbpXA@mail.gmail.com>
Sep 13 15:28:02 Forumeasy postfix/local[5778]: 193721C02E1: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.09, delays=0.03/0/0/0.05, dsn=2.0.0, status=sent (forwarded as 217081C02F0)
Sep 13 15:28:02 Forumeasy postfix/qmgr[5734]: 217081C02F0: from=<[email protected]>, size=10039, nrcpt=1 (queue active)
Sep 13 15:28:02 Forumeasy postfix/qmgr[5734]: 193721C02E1: removed
Sep 13 15:28:02 Forumeasy postfix/smtp[5779]: 217081C02F0: to=<[email protected]>, orig_to=<[email protected]>, relay=none, delay=0.1, delays=0.05/0.01/0.03/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=domain.tld type=AAAA: Host not found)
Sep 13 15:28:02 Forumeasy postfix/cleanup[5773]: 42C031C02EF: message-id=<[email protected]>
Sep 13 15:28:02 Forumeasy postfix/bounce[5780]: 217081C02F0: sender non-delivery notification: 42C031C02EF
Sep 13 15:28:02 Forumeasy postfix/qmgr[5734]: 42C031C02EF: from=<>, size=11998, nrcpt=1 (queue active)
Sep 13 15:28:02 Forumeasy postfix/qmgr[5734]: 217081C02F0: removed
Sep 13 15:28:02 Forumeasy postfix/smtp[5779]: 42C031C02EF: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.35, delays=0.04/0/0.11/0.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1505309282 q143si1160332wmb.195 - gsmtp)
Sep 13 15:28:02 Forumeasy postfix/qmgr[5734]: 42C031C02EF: removed

 

[UFHH01]

Hi lesny,

Sep 13 15:28:02 Forumeasy postfix/smtp[5779]: 217081C02F0: to=<[email protected]>, orig_to=<[email protected]>, relay=none, delay=0.1, delays=0.05/0.01/0.03/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=domain.tld type=AAAA: Host not found)

This reflects the report from => https://mxtoolbox.com/domain/forumeasy.fr/
Pls. check your DNS settings to avoid the mentioned issues/errors/problems.

Another way to check your mail - server and it's configuration is to visit: => Newsletters spam test by mail-tester.com

 

[lesny]

Thank you for your reply


I did a betise and I can not get the mail again

plesk repair mail

Repairing the mail server configuration

Reconfigure all domains and mailboxes? [Y/n] y
Reconfiguring all domains and mailboxes ......................... [2017-09-13 18:33:47] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/mchk'] with exit code [1]
Error occured while sending feedback. HTTP code returned: 502
[FAILED]
- mchk failed: ==> Checking for: mailsrv_conf_init... fail

Error messages: 0; Warnings: 0; Errors resolved: 0


exit status 1

 

[UFHH01]

Hi lesny,

could you pls. provide the output of the command ( logged in as user "root" over SSH ):

cat /etc/hosts

 

[lesny]

127.0.0.1       Forumeasy.fr Forumeasy 76500hd42077.ikexpress.com 76500hd42077 76500hd42077.ikexpress.com 76500hd42077 localhost localhost.localdomain
::1     Forumeasy.fr Forumeasy 76500hd42077.ikexpress.com 76500hd42077 76500hd42077.ikexpress.com 76500hd42077 localhost localhost.localdomain
213.246.42.77    76500hd42077.ikexpress.com 76500hd42077 localhost localhost.localdomain

 

[UFHH01]

Hi lesny,

o.k.... as you can see with my next example, you have to correct your misconfigurations.

Example "hosts" for Ubuntu/Debian - based systems look like:

127.0.0.1       localhost.localdomain   localhost
::1             ip6-localhost ip6-loopback
fe00::0         ip6-localnet
ff00::0         ip6-mcastprefix
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.0.1       servername.your-domain.com          servername

XXX.XXX.XXX.XXX     servername.your-domain.com          servername

( pls. leave out any IPv6 - related entries, if you don't have any IPv6 setup on your server! )

In addition, pls. check as well your configuration file "/etc/hostname", while you are correcting the "hosts" - file.
​

After your corrections, pls repeat the Plesk Repair Utility command.

 

[lesny]

hi,

like this ?

127.0.0.1       localhost.localdomain   localhost
::1             ip6-localhost ip6-loopback
fe00::0         ip6-localnet
ff00::0         ip6-mcastprefix
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.0.1       servername.forumeasy.fr          servername

213.246.42.77     servername.forumeasy.fr          servername

 

[UFHH01]

Hi lesny,

( pls. leave out any IPv6 - related entries, if you don't have any IPv6 setup on your server! )

So pls. LEAVE OUT this part from my example:

::1             ip6-localhost ip6-loopback
fe00::0         ip6-localnet
ff00::0         ip6-mcastprefix
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

... if you don't configure as well a possible additional IPv6.

AND

"servername.your-domain.com" should be replaced with the setup from "/etc/hostname" / check it with:

cat /etc/hostname

... which is currently provided by your previous post with:

76500hd42077.ikexpress.com

So the correct entry would be:

127.0.0.1       76500hd42077.ikexpress.com         76500hd42077

and

213.246.42.77     ik04277.ikexpress.com         ik04277

... is the current REVERSE entry for your IP ( pls. see for example: => Reverse DNS Lookup for 213.246.42.77 )

 

[lesny]

hi

like this ?

 cat /etc/hostname
forumeasy.fr

etc/host

127.0.0.1 forumeasy.fr   forumeasy
213.246.42.77 forumeasy.fr forumeasy

sorry if I can not but i am not very strong in english xD

 

[UFHH01]

Hi lesny,

pls. try to understand the following:

Actually, your REVERSE setup for your IP "213.246.42.77" is done by your server/IP provider ( Ikoula ) and it reverses to "ik04277.ikexpress.com" ( pls. SEE: => Reverse DNS Lookup for 213.246.42.77 ), which should be your current hostname.
Your server provider setup initially as hostname "76500hd42077.ikexpress.com" ( pls. SEE => DNS Lookup for 76500hd42077.ikexpress.com ), which you provided within your informations at => #5

You have now the choice to define the HOSTNAME from your server as "76500hd42077.ikexpress.com" or as "ik04277.ikexpress.com" to match the reverse of your IP.

This means, that when you use

"76500hd42077.ikexpress.com", then the "servername" - example above is "76500hd42077"

and if you use

"ik04277.ikexpress.com" then the "servername" - example above is "ik04277".​

If you desire a "servername" of YOUR choice, you have to make sure to add an additional "A" - entry at your domain - registrar nameserver with "A-NAME-THAT-YOU-CHOOSE" at your domain "forumeasy.fr", which reverses to the IP "213.246.42.77". Pls. ask your domain - provider ( which is again the company Ikoula ), where you can setup "A" - entries for your domain and add this as well over your Plesk Control Panel afterwards ( => HOME > Domains > forumeasy.fr > DNS Settings ).
Afterwards, you are able to setup your configuration file "/etc/hosts" with an entry like:

127.0.0.1     A-NAME-THAT-YOU-CHOOSE.forumeasy.fr         A-NAME-THAT-YOU-CHOOSE

AND

213.246.42.77     A-NAME-THAT-YOU-CHOOSE.forumeasy.fr         A-NAME-THAT-YOU-CHOOSE

... and you should move as well to => HOME > Tools & Settings > Server Settings ( at your Plesk Control Panel ), to insert your new hostname to the field "Full hostname" ( Plesk will then reconfigure essential changes to corresponding settings! )


In addition, it is as well essential, that you have setup "localhost" at your "/etc/hosts" - file. So pls. don't forget the line:

127.0.0.1       localhost.localdomain   localhost

 

[lesny]

hi


Repairing the mail server configuration

Reconfigure all domains and mailboxes? [Y/n] y
Reconfiguring all domains and mailboxes ......................... [2017-09-15 18:56:19] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/mchk'] with exit code [1]
[FAILED]
- mchk failed: ==> Checking for: mailsrv_conf_init... ok
==> Checking for: mail_handlers_init... ok
==> Checking for: mailsrv_entities_dump... ok
==> Checking for: mail_admin_aliases... ok
==> Checking for: mail_auth_dump... ok
==> Checking for: mailman_lists_dump... ok
==> Checking for: mail_kav8_restore... ok
==> Checking for: mail_responder_restore... ok
==> Checking for: mail_imap_restore... ok
==> Checking for: mail_spam_restore... ok
==> Checking for: mail_grey_restore... ok
==> Checking for: mail_mailbox_restore... ok
==> Checking for: mail_spf_restore... ok
==> Checking for: mail_dk_restore... ok
==> Checking for: mail_dmarc_restore... ok
==> Checking for: mail_drweb_restore... fail
==> Checking for: mail_outgoing_restore... ok
==> Checking for: mail_transport_restore... ok
Errors occured in mail restore procedure
Some utilities have exited with errors:
/usr/lib/plesk-9.0/mail_drweb_restore

Error messages: 0; Warnings: 0; Errors resolved: 0


exit status 1

 

[UFHH01]

Hi lesny,

as you can see, you have a tiny little error, which might be as well only an information for you, if you don't use DrWeb on your server. Do you use DrWeb?

What is the output of the command:

plesk installer --select-product-id plesk --select-release-current --show-components --show-options

 

[lesny]

hi

look root@Forumeasy:~# plesk installer --select-product-id plesk --select-release-cur - Pastebin.com

please

 

[UFHH01]

Hi lesny,

to correct issues/errors/problems with DrWeb, I recommend to follow:

=> How to correctly uninstall DrWeb antivirus​

Afterwards, pls. re-install DrWeb with for example:

plesk installer --select-product-id plesk --select-release-current --install-component drweb

In addition, pls. consider to change your mail - server software from courier-imap to dovecot ( and backwards to courier-imap, if you like it more than dovecot ), with the example command:

plesk installer --select-product-id plesk --select-release-current --install-component dovecot

This will remove courier-imap and install dovecot on your server.


Pls. test then, if all mail - server related issues/errors/problems are gone and provide as well NEW corresponding log - entries, if issues/errors/problems appear.

 

[lesny]

hi,

I have made the modifications but I can no longer access my mailbox

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [email protected] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

mailog

Sep 15 20:43:38 Forumeasy plesk_saslauthd[28698]: select timeout, exiting
Sep 15 20:44:08 Forumeasy postfix/smtpd[28683]: connect from mail-lf0-f44.google.com[209.85.215.44]
Sep 15 20:44:09 Forumeasy postfix/smtpd[28683]: 0B6821C105C: client=mail-lf0-f44.google.com[209.85.215.44]
Sep 15 20:44:09 Forumeasy greylisting filter[716]: Starting greylisting filter...
Sep 15 20:44:09 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[21569]: handlers_stderr: SKIP
Sep 15 20:44:09 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[21569]: SKIP during call 'grey' handler
Sep 15 20:44:09 Forumeasy postfix/cleanup[715]: 0B6821C105C: message-id=<CAOukz0aTBTRpZwJQvJ-CmGzyZHvFG25QmeUFG_S9fS2CuwV0dw@mail.gmail.com>
Sep 15 20:44:09 Forumeasy check-quota[717]: Starting the check-quota filter...
Sep 15 20:44:09 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[21569]: handlers_stderr: SKIP
Sep 15 20:44:09 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[21569]: SKIP during call 'check-quota' handler
Sep 15 20:44:09 Forumeasy drweb[718]: Starting the drweb filter...
Sep 15 20:44:59 Forumeasy postfix/smtpd[732]: connect from unknown[80.82.77.249]
Sep 15 20:44:59 Forumeasy plesk_saslauthd[734]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
Sep 15 20:44:59 Forumeasy plesk_saslauthd[734]: privileges set to (111:117) (effective 111:117)
Sep 15 20:44:59 Forumeasy plesk_saslauthd[734]: No such user '[email protected]' in mail authorization database
Sep 15 20:44:59 Forumeasy plesk_saslauthd[734]: failed mail authenticatication attempt for user '[email protected]' (password len=9)
Sep 15 20:44:59 Forumeasy postfix/smtpd[732]: warning: unknown[80.82.77.249]: SASL LOGIN authentication failed: authentication failure
Sep 15 20:44:59 Forumeasy postfix/smtpd[732]: disconnect from unknown[80.82.77.249]
Sep 15 20:45:11 Forumeasy postfix/smtpd[732]: connect from unknown[195.22.127.253]
Sep 15 20:45:11 Forumeasy plesk_saslauthd[734]: No such user '[email protected]' in mail authorization database
Sep 15 20:45:11 Forumeasy plesk_saslauthd[734]: failed mail authenticatication attempt for user '[email protected]' (password len=11)
Sep 15 20:45:11 Forumeasy postfix/smtpd[732]: warning: unknown[195.22.127.253]: SASL LOGIN authentication failed: authentication failure
Sep 15 20:45:12 Forumeasy postfix/smtpd[732]: disconnect from unknown[195.22.127.253]
Sep 15 20:45:27 Forumeasy postfix/smtpd[732]: connect from unknown[195.22.127.253]
Sep 15 20:45:27 Forumeasy plesk_saslauthd[734]: No such user '[email protected]' in mail authorization database
Sep 15 20:45:27 Forumeasy plesk_saslauthd[734]: failed mail authenticatication attempt for user '[email protected]' (password len=10)
Sep 15 20:45:27 Forumeasy postfix/smtpd[732]: warning: unknown[195.22.127.253]: SASL LOGIN authentication failed: authentication failure
Sep 15 20:45:27 Forumeasy postfix/smtpd[732]: disconnect from unknown[195.22.127.253]
Sep 15 20:45:57 Forumeasy plesk_saslauthd[734]: select timeout, exiting
Sep 15 20:46:16 Forumeasy qmail-queue[718]: dwlib: fd: connect() failed - Connection timed out
Sep 15 20:46:16 Forumeasy qmail-queue[718]: dwlib: tcp: connecting to 149.202.133.35:3000 - failed
Sep 15 20:46:16 Forumeasy qmail-queue[718]: dwlib: cannot create connection with a DrWeb daemon
Sep 15 20:46:16 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[21569]: handlers_stderr: SKIP
Sep 15 20:46:16 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[21569]: SKIP during call 'drweb' handler
Sep 15 20:46:16 Forumeasy postfix/qmgr[21369]: 0B6821C105C: from=<[email protected]>, size=3290, nrcpt=1 (queue active)
Sep 15 20:46:16 Forumeasy postfix-local[798]: postfix-local: [email protected], [email protected], dirname=/var/qmail/mailnames
Sep 15 20:46:16 Forumeasy postfix/smtpd[28683]: disconnect from mail-lf0-f44.google.com[209.85.215.44]
Sep 15 20:46:16 Forumeasy spamassassin[799]: Starting the spamassassin filter...
Sep 15 20:46:16 Forumeasy spamd[20542]: spamd: connection from localhost [::1]:41437 to port 783, fd 6
Sep 15 20:46:16 Forumeasy spamd[20542]: spamd: using default config for [email protected]: /var/qmail/mailnames/forumeasy.fr/admin/.spamassassin/user_prefs
Sep 15 20:46:16 Forumeasy spamd[20542]: spamd: processing message <CAOukz0aTBTRpZwJQvJ-CmGzyZHvFG25QmeUFG_S9fS2CuwV0dw@mail.gmail.com> for [email protected]:30
Sep 15 20:46:22 Forumeasy spamd[20542]: spamd: clean message (1.8/7.0) for [email protected]:30 in 5.5 seconds, 3314 bytes.
Sep 15 20:46:22 Forumeasy spamd[20542]: spamd: result: . 1 - FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_SORBS_SPAM,SPF_PASS,TRACKER_ID,T_DKIM_INVALID,URIBL_BLOCKED scantime=5.5,size=3314,[email protected],uid=30,required_score=7.0,rhost=localhost,raddr=::1,rport=41437,mid=<CAOukz0aTBTRpZwJQvJ-CmGzyZHvFG25QmeUFG_S9fS2CuwV0dw@mail.gmail.com>,autolearn=no autolearn_force=no
Sep 15 20:46:22 Forumeasy dk_check[801]: Starting the dk_check filter...
Sep 15 20:46:22 Forumeasy dk_check[801]: DKIM verify result: DKIM verification (d=gmail.com, 2048-bit key) succeeded
Sep 15 20:46:22 Forumeasy spamd[20541]: prefork: child states: II
Sep 15 20:46:22 Forumeasy dovecot: service=lda, [email protected], ip=[]. msgid=<CAOukz0aTBTRpZwJQvJ-CmGzyZHvFG25QmeUFG_S9fS2CuwV0dw@mail.gmail.com>: saved mail to INBOX
Sep 15 20:46:22 Forumeasy postfix/pipe[797]: 0B6821C105C: to=<[email protected]>, relay=plesk_virtual, delay=134, delays=128/0.02/0/5.9, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Sep 15 20:46:22 Forumeasy postfix/qmgr[21369]: 0B6821C105C: removed
Sep 15 20:46:30 Forumeasy postfix/smtpd[732]: connect from 87-204-125-10.static.ip.netia.com.pl[87.204.125.10]
Sep 15 20:46:30 Forumeasy plesk_saslauthd[810]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
Sep 15 20:46:30 Forumeasy plesk_saslauthd[810]: privileges set to (111:117) (effective 111:117)
Sep 15 20:46:30 Forumeasy plesk_saslauthd[810]: failed mail authenticatication attempt for user 'flower' (password len=7)
Sep 15 20:46:30 Forumeasy postfix/smtpd[732]: warning: 87-204-125-10.static.ip.netia.com.pl[87.204.125.10]: SASL LOGIN authentication failed: authentication failure
Sep 15 20:46:30 Forumeasy postfix/smtpd[732]: disconnect from 87-204-125-10.static.ip.netia.com.pl[87.204.125.10]
Sep 15 20:47:00 Forumeasy plesk_saslauthd[810]: select timeout, exiting

 

[UFHH01]

Hi lesny,

you are mixing to things now here:

• Access to your mail - account with the help of your webserver and a webmail - software
• possible mail - server errors/issues/problems

As this thread is about your MAIL - SERVER configuration and possible issues/errors/problems with your mail - server settings and configurations, I will stick to answer related posts and leave out the webserver - related issues ( pls. open a NEW thread for it, if you desire help here! )

Sep 15 20:44:59 Forumeasy plesk_saslauthd[734]: No such user '[email protected]' in mail authorization database
Sep 15 20:44:59 Forumeasy plesk_saslauthd[734]: failed mail authenticatication attempt for user '[email protected]' (password len=9)
Sep 15 20:44:59 Forumeasy postfix/smtpd[732]: warning: unknown[80.82.77.249]: SASL LOGIN authentication failed: authentication failure
Sep 15 20:44:59 Forumeasy postfix/smtpd[732]: disconnect from unknown[80.82.77.249]

Sep 15 20:45:27 Forumeasy postfix/smtpd[732]: connect from unknown[195.22.127.253]
Sep 15 20:45:27 Forumeasy plesk_saslauthd[734]: No such user '[email protected]' in mail authorization database
Sep 15 20:45:27 Forumeasy plesk_saslauthd[734]: failed mail authenticatication attempt for user '[email protected]' (password len=10)
Sep 15 20:45:27 Forumeasy postfix/smtpd[732]: warning: unknown[195.22.127.253]: SASL LOGIN authentication failed: authentication failure
Sep 15 20:45:27 Forumeasy postfix/smtpd[732]: disconnect from unknown[195.22.127.253]
Sep 15 20:45:57 Forumeasy plesk_saslauthd[734]: select timeout, exiting

Such entries look like scripts, bots and script - kiddies trying to use your mail - server. Pls. consider to use Fail2Ban, in oder to ban these intruders permantely!

Sep 15 20:46:16 Forumeasy qmail-queue[718]: dwlib: fd: connect() failed - Connection timed out
Sep 15 20:46:16 Forumeasy qmail-queue[718]: dwlib: tcp: connecting to 149.202.133.35:3000 - failed
Sep 15 20:46:16 Forumeasy qmail-queue[718]: dwlib: cannot create connection with a DrWeb daemon
Sep 15 20:46:16 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[21569]: handlers_stderr: SKIP
Sep 15 20:46:16 Forumeasy /usr/lib/plesk-9.0/psa-pc-remote[21569]: SKIP during call 'drweb' handler
Sep 15 20:46:16 Forumeasy postfix/qmgr[21369]: 0B6821C105C: from=<[email protected]>, size=3290, nrcpt=1 (queue active)
Sep 15 20:46:16 Forumeasy postfix-local[798]: postfix-local: [email protected], [email protected], dirname=/var/qmail/mailnames
Sep 15 20:46:16 Forumeasy postfix/smtpd[28683]: disconnect from mail-lf0-f44.google.com[209.85.215.44]
Sep 15 20:46:16 Forumeasy spamassassin[799]: Starting the spamassassin filter...
Sep 15 20:46:16 Forumeasy spamd[20542]: spamd: connection from localhost [::1]:41437 to port 783, fd 6
Sep 15 20:46:16 Forumeasy spamd[20542]: spamd: using default config for [email protected]: /var/qmail/mailnames/forumeasy.fr/admin/.spamassassin/user_prefs
Sep 15 20:46:16 Forumeasy spamd[20542]: spamd: processing message <CAOukz0aTBTRpZwJQvJ-CmGzyZHvFG25QmeUFG_S9fS2CuwV0dw@mail.gmail.com> for [email protected]:30
Sep 15 20:46:22 Forumeasy spamd[20542]: spamd: clean message (1.8/7.0) for [email protected]:30 in 5.5 seconds, 3314 bytes.
Sep 15 20:46:22 Forumeasy spamd[20542]: spamd: result: . 1 - FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_SORBS_SPAM,SPF_PASS,TRACKER_ID,T_DKIM_INVALID,URIBL_BLOCKED scantime=5.5,size=3314,[email protected],uid=30,required_score=7.0,rhost=localhost,raddr=::1,rport=41437,mid=<CAOukz0aTBTRpZwJQvJ-CmGzyZHvFG25QmeUFG_S9fS2CuwV0dw@mail.gmail.com>,autolearn=no autolearn_force=no
Sep 15 20:46:22 Forumeasy dk_check[801]: Starting the dk_check filter...
Sep 15 20:46:22 Forumeasy dk_check[801]: DKIM verify result: DKIM verification (d=gmail.com, 2048-bit key) succeeded
Sep 15 20:46:22 Forumeasy spamd[20541]: prefork: child states: II
Sep 15 20:46:22 Forumeasy dovecot: service=lda, [email protected], ip=[]. msgid=<CAOukz0aTBTRpZwJQvJ-CmGzyZHvFG25QmeUFG_S9fS2CuwV0dw@mail.gmail.com>: saved mail to INBOX
Sep 15 20:46:22 Forumeasy postfix/pipe[797]: 0B6821C105C: to=<[email protected]>, relay=plesk_virtual, delay=134, delays=128/0.02/0/5.9, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Sep 15 20:46:22 Forumeasy postfix/qmgr[21369]: 0B6821C105C: removed

Apart from the DrWeb - issue ( the very first lines 1 - 3 at this quote ) all is fine and the mail from GMail has been delivered to your mail - account.

Still, you have an issue with DrWeb here, which you should solve! Plesk make sure, that DrWeb ist actually up and running:

/etc/init.d/drwebd status

Check the port:

lsof -i tcp:3000

Restart DrWeb

/etc/init.d/drwebd restart

and retry to send an eMail from GMail to your admin - account, AFTER YOU CHECKED, that DrWeb is up and running!
Pls. check again your mail - log, to investigate the process!

 

[lesny]

Good evening

Thanks for your replies though I do not understand how you see it's "kiddies" trying to connect to my mail server?

more fail2ban is already installed and it is true that it blocks an enormous connection to plesk-postfix

Concentrating DRweb I do not remember installing it and when I type your command it tells me it does not work /etc/init.d/drwebd stop
Dr.Web drwebd is not running

 

[UFHH01]

Hi lesny,

though I do not understand how you see it's "kiddies" trying to connect to my mail server

Well, with my longterm experience, I saw quite a lot of such entries by now. Some indicators are:

Sep 15 20:44:59 Forumeasy plesk_saslauthd[734]: No such user '[email protected]' in mail authorization database
Sep 15 20:44:59 Forumeasy plesk_saslauthd[734]: failed mail authenticatication attempt for user '[email protected]' (password len=9)
Sep 15 20:44:59 Forumeasy postfix/smtpd[732]: warning: unknown[80.82.77.249]: SASL LOGIN authentication failed: authentication failure
Sep 15 20:44:59 Forumeasy postfix/smtpd[732]: disconnect from unknown[80.82.77.249]

• mail-client tries to use an non - existing accountname at your domains
• there will be several entries with the very same IP, using different non - existing accountnames
• ... and this in a very short period of time
• the authentification ALWAYS fails
• the IP can be found in various databases, reported for abuse

/etc/init.d/drwebd stop
Dr.Web drwebd is not running

If you desire to investigate this further, consider to look at your log - files: => /var/log/messages / /var/drweb/log

... without any decent facts from your command line and your log - files regarding a possible issue, it is really hard to investigate the desribed situation.
Pls. check as well:

=> Plesk Help Center​