so i migrated all the domains from cpanel to my virtualmin box…i could preview all the sites within virtualmin and i did email tests as recommended on these forums and it worked.
so i change the ips of my nameservers to the new virtualmin box and the websites worked but email would not…rejecting the password…
are there any known issues moving from cpanel email accounts to virtualmin email accounts?
i reset the nameservers to my old cpanel box until i get this figured out!
also…is it possible i didn’t give it long enough to propagate properly…i know when accessing websites i was going to the new virtualmin server…does that guarantee the email info had propagated as well?
Well, that should be something you can test. If you connect your mail client to the IP address of your new server, try authenticating as one of your users, and see what happens.
If your users have a user@domain.tld style email address, you may want to make sure that saslauthd is running with the -r parameter (which is needed for that login type to work).
You can determine that by running “ps auxw | grep saslauthd”.
If you log into your server over SSH as root, edit “/etc/sysconfig/saslauthd”.
There’s going to be a line that starts with something like “OPTIONS”, “PARAMS”, “FLAGS”, something like that – I forget the specific name
Whatever it is – it needs to have “-r” after it. At the moment, it’s likely blank. So if you look in the file, and see a “FLAGS=” at the end, you’d need to modify that to read “FLAGS=-r”.
Then, restart saslauthd (/etc/init.d/saslauthd restart), and try authenticating again.
ok made the changes and restarted…authentication failed:
Last login: Sat Mar 5 18:03:41 on ttys000
mules-macbook-pro-17:~ mule$ telnet 66.23.xxx.xxx 110
Trying 66.23.xxx.xxx…
Connected to 666.23.xxx.xxx.
Escape character is ‘^]’.
+OK Dovecot ready.
USER warren@xxxxx.com
+OK
PASS xxxxxx
-ERR Authentication failed.
Okay, so even Dovecot authentication is failing… that looks to be a different problem then
Take another peek at the end of your /var/log/maillog file at the exact time that you’re connecting via telnet – are you noticing anything unusual? Any warnings or errors, outside of the typical connects and disconnects?
ok…looks like i am getting a ton of attempts to get into my box…
mailog
Mar 6 00:22:09 server postfix/anvil[2527]: statistics: max connection rate 5/60s for (smtp:91.121.188.29) at Mar 6 00:18:49
Mar 6 00:22:09 server postfix/anvil[2527]: statistics: max connection count 4 for (smtp:91.121.188.29) at Mar 6 00:18:49
Mar 6 00:22:09 server postfix/anvil[2527]: statistics: max cache size 1 at Mar 6 00:18:49
Mar 6 00:23:23 server postfix/qmgr[2452]: 5F0CF5F68004: from=<>, size=3647, nrcpt=1 (queue active)
Mar 6 00:23:23 server postfix/qmgr[2452]: EFE665F68007: from=<>, size=3624, nrcpt=1 (queue active)
Mar 6 00:23:53 server postfix/smtp[3008]: connect to gbrsecurity.telesp.net.br[200.171.222.88]: Connection timed out (port 25)
Mar 6 00:23:53 server postfix/smtp[3009]: connect to umail.ukrtel.net[195.5.6.2]: Connection timed out (port 25)
Mar 6 00:23:53 server postfix/smtp[3009]: EFE665F68007: to=MariluTeyler3352@ukrtel.net, relay=none, delay=42662, delays=42632/0.02/30/0, dsn=4.4.1, status=deferred (connect to umail.ukrtel.net[195.5.6.2]: Connection timed out)
Mar 6 00:24:23 server postfix/smtp[3008]: connect to gbrsecurity02.telesp.net.br[200.171.222.87]: Connection timed out (port 25)
Mar 6 00:24:23 server postfix/smtp[3008]: 5F0CF5F68004: to=CleoraWyett8822@telesp.net.br, relay=none, delay=49975, delays=49915/0.02/60/0, dsn=4.4.1, status=deferred (connect to gbrsecurity02.telesp.net.br[200.171.222.87]: Connection timed out)
Mar 6 00:27:27 server dovecot: pop3-login: Disconnected: Input buffer full: user=warren@ww-cs.com, method=PLAIN, rip=::ffff:97.100.156.44, lip=::ffff:66.23.232.242
messages
Mar 6 00:27:18 server sshd[3434]: Invalid user jodie from 125.141.232.104
Mar 6 00:27:18 server sshd[3434]: error: Could not get shadow information for NOUSER
Mar 6 00:27:18 server sshd[3434]: Failed password for invalid user jodie from 125.141.232.104 port 44182 ssh2
Mar 6 00:27:20 server sshd[3436]: Invalid user jodine from 125.141.232.104
Mar 6 00:27:20 server sshd[3436]: error: Could not get shadow information for NOUSER
Mar 6 00:27:20 server sshd[3436]: Failed password for invalid user jodine from 125.141.232.104 port 44473 ssh2
Mar 6 00:27:22 server sshd[3438]: Invalid user jody from 125.141.232.104
Mar 6 00:27:22 server sshd[3438]: error: Could not get shadow information for NOUSER
Mar 6 00:27:22 server sshd[3438]: Failed password for invalid user jody from 125.141.232.104 port 44768 ssh2
Mar 6 00:27:24 server sshd[3440]: Invalid user joeleene from 125.141.232.104
Mar 6 00:27:24 server sshd[3440]: error: Could not get shadow information for NOUSER
Mar 6 00:27:24 server sshd[3440]: Failed password for invalid user joeleene from 125.141.232.104 port 45068 ssh2
Mar 6 00:27:26 server sshd[3442]: Invalid user joelle from 125.141.232.104
Mar 6 00:27:26 server sshd[3442]: error: Could not get shadow information for NOUSER
Mar 6 00:27:26 server sshd[3442]: Failed password for invalid user joelle from 125.141.232.104 port 45386 ssh2
Mar 6 00:27:27 server sshd[3444]: Invalid user johanna from 125.141.232.104
Mar 6 00:27:28 server sshd[3444]: error: Could not get shadow information for NOUSER
Mar 6 00:27:28 server sshd[3444]: Failed password for invalid user johanna from 125.141.232.104 port 45670 ssh2
Mar 6 00:27:29 server sshd[3446]: Invalid user johnna from 125.141.232.104
Mar 6 00:27:30 server sshd[3446]: error: Could not get shadow information for NOUSER
Mar 6 00:27:30 server sshd[3446]: Failed password for invalid user johnna from 125.141.232.104 port 45982 ssh2
Mar 6 00:27:31 server sshd[3448]: Invalid user joi from 125.141.232.104
Mar 6 00:27:32 server sshd[3448]: error: Could not get shadow information for NOUSER
Mar 6 00:27:32 server sshd[3448]: Failed password for invalid user joi from 125.141.232.104 port 46275 ssh2
Mar 6 00:27:33 server sshd[3450]: Invalid user joie from 125.141.232.104
Mar 6 00:27:33 server sshd[3450]: error: Could not get shadow information for NOUSER
Mar 6 00:27:33 server sshd[3450]: Failed password for invalid user joie from 125.141.232.104 port 46586 ssh2
Mar 6 00:27:34 server sshd[3452]: Accepted password for root from 97.100.156.44 port 41750 ssh2
Mar 6 00:27:34 server sshd[3452]: subsystem request for sftp by user root
Mar 6 00:27:35 server sshd[3455]: Invalid user jolanda from 125.141.232.104
Mar 6 00:27:35 server sshd[3455]: error: Could not get shadow information for NOUSER
Mar 6 00:27:35 server sshd[3455]: Failed password for invalid user jolanda from 125.141.232.104 port 46866 ssh2
Mar 6 00:27:37 server sshd[3457]: Invalid user joleen from 125.141.232.104
Mar 6 00:27:37 server sshd[3457]: error: Could not get shadow information for NOUSER
Mar 6 00:27:37 server sshd[3457]: Failed password for invalid user joleen from 125.141.232.104 port 47187 ssh2
Mar 6 00:27:39 server sshd[3459]: Invalid user jolene from 125.141.232.104
Mar 6 00:27:39 server sshd[3459]: error: Could not get shadow information for NOUSER
Mar 6 00:27:39 server sshd[3459]: Failed password for invalid user jolene from 125.141.232.104 port 47463 ssh2
So, are you by chance able to log in via, say, Usermin? (browsing to your IP address, at port 20000)
Or, can you log in as your domain owners into Virtualmin?
I don’t really see any errors in the output above… you’re right that there’s a lot of breakin attempts, but that’s fairly common, bots will be banging on your server’s doors all day and night
another thought…could it be a pop/imap problem…looks like when i logged into usermin the mail account was set up as imap…on the cpanel box it was pop…might not be an issue but i thought i would mention it.
Well, it’s difficult to say, I don’t see any error relating to your connection. You may need to check out some of the other logfiles at the time you’re authenticating to see if errors are being produced there.
For example, after authenticating, take a peek at /var/log/secure – it may list any authentication problems in there.
As far as POP/IMAP – that wouldn’t matter. Dovecot handles both, and both are enabled on a typical installation.
