Cannot connect to my mailservers at all on fresh install.

Have reinstalled the whole thing 5x now.

Postfix and dovecot both running.

Can send Emails from a user via the webmin “read user mail” section. But cannot receive. Nor can I login remotely.

This is a definite issue with the install process of Virtualmin.

This issue happens on Centos 7 normal and Centos 7 Minimal in OpenVZ environment.

More details below.

Howdy,

The error you’re seeing there when trying to start Postfix is that it’s already running.

What is the output of this command:

netstat -anlp | grep :25

That will see if there is something listening on your smtp port.

-Eric

Thanks for the response,

Here is the results

ss -anlp | grep :25

Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
tcp LISTEN 0 0 :25 : users:((“master”,pid=574,fd=13))
Cannot open netlink socket: Protocol not supported
tcp LISTEN 0 0 :::25 ::: users:((“master”,pid=574,fd=14))
tcp LISTEN 0 0 :25 : users:((“master”,pid=574,fd=13))
tcp LISTEN 0 0 :::25 ::: users:((“master”,pid=574,fd=14))

Ok did a fresh install of Centos 7 and whent straight to setting this up…

Immediately the same error as above.

Here is my logs from “maillog”

Dec 19 17:58:31 dns sendmail[187]: starting daemon (8.14.7): SMTP+queueing@01:00:00
Dec 19 17:58:31 dns sm-msp-queue[216]: starting daemon (8.14.7): queueing@01:00:00
Dec 19 18:09:47 dns sendmail[609]: alias database /etc/aliases rebuilt by root
Dec 19 18:09:47 dns sendmail[609]: /etc/aliases: 76 aliases, longest 10 bytes, 771 bytes total
Dec 19 23:17:59 dns postfix/postfix-script[6073]: starting the Postfix mail system
Dec 19 23:18:00 dns postfix/master[6075]: daemon started – version 2.10.1, configuration /etc/postfix
Dec 19 23:24:39 dns dovecot: master: Dovecot v2.2.10 starting up for imap, pop3 (core dumps disabled)
Dec 19 23:53:56 dns postfix/smtpd[10382]: warning: hostname dedic858.hidehost.net does not resolve to address 91.200.13.18: Name or service not known
Dec 19 23:53:56 dns postfix/smtpd[10382]: connect from unknown[91.200.13.18]
Dec 19 23:53:59 dns postfix/smtpd[10382]: warning: unknown[91.200.13.18]: SASL LOGIN authentication failed: authentication failure
Dec 19 23:53:59 dns postfix/smtpd[10382]: lost connection after AUTH from unknown[91.200.13.18]
Dec 19 23:53:59 dns postfix/smtpd[10382]: disconnect from unknown[91.200.13.18]
Dec 19 23:57:19 dns postfix/anvil[10384]: statistics: max connection rate 1/60s for (smtp:91.200.13.18) at Dec 19 23:53:56


What the heck is this ? dedic858.hidehost.net
Says its from ukrain?

Why would this be in my logs?
What’s it have to do with mail not working? EDIT: Now realize that is just an attempted login. not part of the issue, just a blocked attempt to login.

Probably the domain is spoofed or they are running open relay, original domain is located in France, you lack basic knowledge to even read or understand the log files and you are spamming all over the forum.

If that is production server do yourself a favor and pay Vm guys or some SysAdmin to properly setup your server, otherwise i see only problems for you in some not-so-distant future.

First off, Educate, don’t even reply with that pointless garbled nothingness. Anyone can learn anything. Seriously.

I can learn myself, Paying people to do things doesn’t teach me anything. This server is my “testing” server to learn how to run my own. I want to learn how to do it myself, new to linux, working my way up the chain. I’ve got nothing but time.

How can I handle this situation?

Send me some education here. So I can make some use of it.

My procedure everytime, I install is immediate “no-pass” key entry only, setup firewall, have used the ports you recommended in another post.

If I do that immediately, how could they affect the mailserver so quickly? How can I find and fix it?

Thanks.

UPDATE

/etc/postfix/main.cf:
Is totally set to defaults.

/etc/postfix/master.cf:
Is also set to defaults

/etc/hosts file is 100% correct and has nothing to do with the issue

ping localhost shows correct setting and working localhost.

hostname is correct and in postfix config “mydestination” is all correct, states localhost $myhostname, localhost.$mydomain, localhost, my.servername.com

Dovecot and Postfix are both running (but not properly) and still cannot connect to “storage server”

UPDATE:

Found an appropriate way to check what is listening to what ports with SS -tulpan

Results

tcp LISTEN 0 0 :25 : users:((“master”,pid=596,fd=13))
tcp LISTEN 0 0 :993 : users:((“dovecot”,pid=881,fd=38))
tcp LISTEN 0 0 :995 : users:((“dovecot”,pid=881,fd=25))
tcp LISTEN 0 0 :::110 ::: users:((“dovecot”,pid=881,fd=24))
tcp LISTEN 0 0 :::143 ::: users:((“dovecot”,pid=881,fd=37))
tcp LISTEN 0 0 :::25 ::: users:((“master”,pid=596,fd=14))


Here is ps aux | grep sasl Results

Shouldn’t information for Postfix be here also?

Recent logs from maillog

I just saw your post on stackoverflow, and responded there, but I’ll copy-paste it here for posterity and future searchers. Short answer: I bet you have too little memory (or possibly a hardware problem; none of these symptoms are normal or expected, and a few hundred installs on CentOS 7 happen every week without these problems):

Nothing is wrong with Postfix (or the Virtualmin install), as far as I can tell from the information provided.

Your Postfix is being killed with SIGTERM; it doesn’t look like it is crashing, it looks like it is being told to shut down. I would guess it is the OOM killer kicking it out because there’s not enough memory on the system for everything you’re trying to run.

How much memory do you have? Is this system a VPS with so-called “burst RAM” and a much smaller amount of “guaranteed RAM”. In a system with “burst RAM”, it just means that you will never be able to count on your system to be stable…processes will be killed at random and there’s nothing you can do about it, because processes and the kernel don’t know what to do with RAM that suddenly disappears; but some hosts over-sell memory and advertise it this way. And, it may just be a VPS with oversold memory, without labeling it “burst RAM”.

You can usually find OOM errors (out of memory) errors in the kernel log (just run dmesg to see the recent kernel log entries).

If you do find out of memory errors in the kernel log, you’d need to do one or more of the following:

1. Add more memory. 768MB is probably the minimum, if you want to run everything Virtualmin manages (mail with AV/spam, web, databases, mailing lists, etc.). Not because Virtualmin is big…it can be as small as about 11-12MB, but because some of the services it manages are very big, particularly ClamAV. If you need to free up memory, but need all the primary services, giving up ClamAV is probably the biggest bang for your buck.
2. Reduce the number and/or size of services you’re running.
3. Add swap, either a partition or a file. This may or may not be a reasonable solution. If your system is busy on all services (e.g. mail and web and databases all work hard), then swap will just turn the problem from “services stop working sometimes” to “services are all really slow”. But, it’ll stop the system from killing Postfix due to memory.

We have a guide for reducing memory usage here: https://www.virtualmin.com/documentation/system/low-memory

Edit: Also, I’m not sure what to make of the error you had in your configuration after install. The last test install I did on CentOS didn’t have this problem, but if it is reproducible, please file a bug with the steps to reproduce it, so I can get it fixed. It’s possible (maybe even probable) that it is caused by the same problem with your system that is causing all the other problems. Installation is pretty demanding of memory, because so many packages get installed and started up at once.

Edit2: Stop re-installing. Until the problem is understood, repeating the same steps will not result in a different outcome.

Edit3: If it is a VIrtuozzo or OpenVZ VPS, it won’t have the normal memory and OOM killer reporting functionality, it just yanks memory out from under processes and makes a note of it in beancounters in /proc.

@Joe: I have one correction about “Add more memory. 768MB is probably the minimum…”. If you want to keep mail server on your server that means it would be good to run spam and virus filters. With InnoDB way of working (caching) plus server side caching to speed up PHP execution (e.g. zend opcache), both what are somehow “required” with WP i would say min. amount of memory for everything to work properly would be 1.5GB. Probably with even more tweaking anything above 1GB would be ok but not less. If you run all this under 1GB memory every time you have some spike (updates, bakcup, virus/spam scan…) its a big chance your server will go OOM and as consequence kill some running processes.

So to put it simple, 2GB is a minimum to feel comfortable and under 1GB if you move email hosting to another server/service

Ok, I talked to my hosting provider, It is not “Burst Ram” according to them.

Also I have 2G of ram.

In virtualmin, I see two gauges for ram, One that say “real memory” and another that says “virtual memory” Real memory is never above 15%, Virtual just stays at 0% used. My CPU sits around 1% sometimes jumps up a little higher for a bit but then goes back down.

This is what I see on the memory usage page:
Real memory: 2 GB total / 1.66 GB free / 446.57 MB cached Swap space: 2 GB total / 2 GB free

And it is OpenVZ server. So I cannot check the kernel like you have requested, Results below.

Also, postfix is running full time, I got that working from changing a line in the /postfix/main.cf file.

It hasn’t had any problems with shutting down anymore, starts up fine on reboot too.

Now the problem is that I cannot access it at all, not through roundcube, nor through any other mail software like thunderbird. If I login with incorrect credentials it says, “failed to login” and if the credentials are correct it says, “cannot connect to mail server” when using roundcube. So its talking / checking user info, but its not allowing me to the storage?

Also, I can send emails when using the webmin “read user mail” tool, but it will not receive an email.

So something more than “shutting down” due to lack of memory is happening here, I have no idea what, but it’s no longer shutting down.

Here is cat /proc/user_beancounters

uid resource held maxheld barrier limit failcnt
113905: kmemsize 24881162 29880320 922337203685 4775807 9223372036854775807 0
lockedpages 0 8 256 256 0
privvmpages 253975 412005 922337203685 4775807 9223372036854775807 0
shmpages 1437 2412 200000 200000 0
dummy 0 0 922337203685 4775807 9223372036854775807 0
numproc 69 129 500 500 0
physpages 195332 258846 0 524288 0
vmguarpages 0 0 522288 9223372036854775807 0
oomguarpages 76550 113141 522288 9223372036854775807 0
numtcpsock 36 46 1600 1600 0
numflock 10 16 10400 10800 0
numpty 1 2 83 83 0
numsiginfo 0 66 256 256 0
tcpsndbuf 627840 967920 9916928 14014528 0
tcprcvbuf 589824 753664 9916928 14014528 0
othersockbuf 291312 360232 1550976 6160776 0
dgramrcvbuf 0 4624 2150976 2150976 0
numothersock 180 199 1800 1800 0
dcachesize 7751089 7772800 7772800 7772800 0
numfile 1568 2090 19200 19200 0
dummy 0 0 922337203685 4775807 9223372036854775807 0
dummy 0 0 922337203685 4775807 9223372036854775807 0
dummy 0 0 922337203685 4775807 9223372036854775807 0
numiptent 50 50 4000 4000 0


Thanks for your time,
Kyle

Dovecot is the server you’d interact with for IMAP/POP, Roundcube, Usermin, etc.

I’m not an expert at reading beancounters output, but it looks like you don’t have any failures in the failcnt, so it shouldn’t be memory. But, it sure does behave like it is memory.

What happens when you stop and restart dovecot? Any errors? Anything in /var/log/maillog?

First, I just want to thank you for your time Joe, This means a lot to me, I am very interested in making Virtualmin my goto platform as I progress into self hosting my clients. ( one day )

Second.

I want to provide as much as I can here so I’m going to show the whole process. I see there is some issues with dovecot right off the bat while it is running, they follow.

PRE SHUTDOWN OF DOVECOT

Active: active (running) since Wed 2016-12-21 08:40:45 UTC; 1 day 3h ago
Process: 877 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, st atus=0/SUCCESS)
Main PID: 887 (dovecot)
CGroup: /system.slice/dovecot.service
|-887 /usr/sbin/dovecot -F
|-890 dovecot/anvil
`-891 dovecot/log

Dec 21 07:31:15 dns dovecot[881]: master: Warning: Killed with signal 15 (by pid =8859 uid=0 code=kill)
Dec 21 08:40:44 dns systemd[1]: Starting Dovecot IMAP/POP3 email server…
Dec 21 08:40:45 dns systemd[1]: Started Dovecot IMAP/POP3 email server.
Dec 21 08:40:45 dns dovecot[887]: master: Dovecot v2.2.10 starting up for imap, pop3 (core dumps disabled)
Dec 21 15:38:50 dns dovecot[891]: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=89.248.167.131, lip=216.158.230.167, session=<LGYQ8yxErgBZ +KeD>
Dec 22 02:41:59 dns dovecot[891]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=141.212.122.96, lip=216.158.230.167, TLS, session=
Dec 22 05:04:02 dns dovecot[891]: pop3-login: Disconnected (no auth attempts in 2 secs): user=<>, rip=168.1.128.35, lip=MYSERVERIP, TLS handshaking: Disconn ected, session=
Dec 22 05:12:49 dns dovecot[891]: pop3-login: Disconnected (no auth attempts in 2 secs): user=<>, rip=168.1.128.59, lip=216.158.230.167, TLS handshaking: Discon nected, session=
Dec 22 09:02:42 dns dovecot[891]: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=141.212.122.32, lip=199.231.189.14, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIE NT_HELLO:no shared cipher, session=
Dec 22 09:55:55 dns dovecot[891]: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=89.248.172.16, lip=MYSERVERIP, session=<S1mMRjxEzABZ+K wQ>

NOTE:ONLY ONE of the IP Addresses above belong to my server and I have titled it “MYSERVERIP”

DOVECOT AFTER SHUTDOWN AND RESTART

Active: active (running) since Thu 2016-12-22 11:54:19 UTC; 20s ago
Process: 18287 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
Main PID: 18291 (dovecot)
CGroup: /system.slice/dovecot.service
|-18291 /usr/sbin/dovecot -F
|-18292 dovecot/anvil
|-18293 dovecot/log
`-18295 dovecot/config

Dec 22 11:54:19 dns systemd[1]: Starting Dovecot IMAP/POP3 email server…
Dec 22 11:54:19 dns systemd[1]: Started Dovecot IMAP/POP3 email server.
Dec 22 11:54:19 dns dovecot[18291]: master: Dovecot v2.2.10 starting up for imap, pop3 (core dumps disabled)

MAILLLOG IS EMPTY FOR ANY NEW ENTRYS FROM START AND STOP OF DOVECOT
But on another note, I do notice some new logs from the other day that may give some insight.

NOTE: I am no longer getting the “dovecot is already running” error when I run systemctl status dovecot -l but seeing this had me check postfix again, and sure enough, even though it was running the other day, It is not now. Some new info was provided when running systemctl status postfix -l this time.

The other day, I sent an email from Webmin’s Read User Mail and it sent, then I tried to send back and nothing was received, but information about that sent email is in the Postfix status information now.

It looks to me like sending the email caused part of an issue that shut it down, maybe this will give some insight. I have changed the email address that I sent too in the logs to keep spambots from picking it up, in the logs I have changed the email to address to “remoteemail@gmail.com” for above noted purpose and email from my server to myemail@myserver.com.

I have not checked postfix since I sent the email and it worked, I am guessing according to the information below, it shut down right after sending.

ALSO: I got this kickback from gmail from the server when I sent an email to myserver.com

POSTFIX NEW STATUS AFTER EMAIL WAS SENT FROM WITHIN WEBMIN (Successfully)

• postfix.service - Postfix Mail Transport Agent
  Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
  Active: failed (Result: exit-code) since Wed 2016-12-21 08:44:35 UTC; 1 day 3h ago
  Process: 1280 ExecStop=/usr/sbin/postfix stop (code=exited, status=1/FAILURE)
  Process: 169 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
  Process: 160 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
  Process: 117 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
  Main PID: 597 (code=killed, signal=TERM)

Dec 21 08:43:35 dns postfix/pickup[618]: BE450E104F: uid=0 from=myemail@myserver.com
Dec 21 08:43:35 dns postfix/cleanup[1153]: BE450E104F: message-id=1482309815.1112@myserver.com
Dec 21 08:43:35 dns postfix/qmgr[619]: BE450E104F: from=myemail@myserver.com, size=621, nrcpt=1 (queue active)
Dec 21 08:44:11 dns postfix/smtp[1155]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1a]:25: Connection timed out
Dec 21 08:44:11 dns postfix/smtp[1155]: BE450E104F: to=remoteemail@gmail.com, relay=gmail-smtp-in.l.google.com[74.125.22.27]:25, delay=36, delays=0.12/0.09/35/0.4, dsn=2.0.0, status=sent (250 2.0.0 OK 1482309852 z16si962002qtb.145 - gsmtp)
Dec 21 08:44:11 dns postfix/qmgr[619]: BE450E104F: removed
Dec 21 08:44:35 dns postfix/postfix-script[1293]: fatal: the Postfix mail system is not running
Dec 21 08:44:35 dns systemd[1]: postfix.service: control process exited, code=exited status=1
Dec 21 08:44:35 dns systemd[1]: Unit postfix.service entered failed state.
Dec 21 08:44:35 dns systemd[1]: postfix.service failed.

After looking at this I tried to do a systemctl start postfix and of course it wouldn’t start, so I wanted to see what happened on a system reboot. So I did that.

After reboot, Postfix is running again, This is the new status of postfix after reboot, again it is showing the “postfix is already running” error and has cleared the issue with the mailsend.
AFTER A SYSTEM REBOOT

Active: active (running) since Thu 2016-12-22 12:16:48 UTC; 25s ago
Process: 165 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 157 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 116 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 613 (master)
CGroup: /system.slice/postfix.service
|-613 /usr/libexec/postfix/master -w
|-628 pickup -l -t unix -u
`-629 qmgr -l -t unix -u

Dec 22 12:16:12 dns systemd[1]: Starting Postfix Mail Transport Agent…
Dec 22 12:16:12 dns postfix/postfix-script[18950]: fatal: the Postfix mail system is already running
Dec 22 12:16:12 dns systemd[1]: postfix.service: control process exited, code=exited status=1
Dec 22 12:16:12 dns systemd[1]: Failed to start Postfix Mail Transport Agent.
Dec 22 12:16:12 dns systemd[1]: Unit postfix.service entered failed state.
Dec 22 12:16:12 dns systemd[1]: postfix.service failed.
Dec 22 12:16:43 dns systemd[1]: Starting Postfix Mail Transport Agent…
Dec 22 12:16:47 dns postfix/postfix-script[599]: starting the Postfix mail system
Dec 22 12:16:48 dns postfix/master[613]: daemon started – version 2.10.1, configuration /etc/postfix
Dec 22 12:16:48 dns systemd[1]: Started Postfix Mail Transport Agent.

After system reboot, maillog is empty with no new entries still.

Now that I had it started again (not running right) but running, I figured I would send an email to my server before sending one outbound and see what happens. Results are nothing is delivered, as to be expected. Also, still nothing new in maillog.

But, Now that I sent an email to the server, there is another change to systemctl status postfix and it reads as such.

POSTFIX NEW STATUS AFTER EMAIL WAS SENT FROM OUTSIDE SOURCE TO SERVER

Active: active (running) since Thu 2016-12-22 12:16:48 UTC; 11min ago
Process: 165 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 157 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 116 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 613 (master)
CGroup: /system.slice/postfix.service
|- 613 /usr/libexec/postfix/master -w
|- 628 pickup -l -t unix -u
|- 629 qmgr -l -t unix -u
`-1333 anvil -l -t unix -u

Dec 22 12:16:48 dns postfix/master[613]: daemon started – version 2.10.1, configuration /etc/postfix
Dec 22 12:16:48 dns systemd[1]: Started Postfix Mail Transport Agent.
Dec 22 12:26:47 dns postfix/smtpd[1331]: connect from mail-qt0-f194.google.com[209.85.216.194]
Dec 22 12:26:47 dns postfix/smtpd[1331]: warning: unknown smtpd restriction: “=”
Dec 22 12:26:47 dns postfix/smtpd[1331]: NOQUEUE: reject: RCPT from mail-qt0-f194.google.com[209.85.216.194]: 451 4.3.5 Server configuration error; from=remoteemail@gmail.com to=myemail@myserver.com proto=ESMTP helo=<mail-qt0-f194.google.com>
Dec 22 12:26:47 dns postfix/cleanup[1335]: 9A49BE0090: message-id=20161222122647.9A49BE0090@dns.localdomain
Dec 22 12:26:47 dns postfix/qmgr[629]: 9A49BE0090: from=double-bounce@dns.localdomain, size=1029, nrcpt=1 (queue active)
Dec 22 12:26:47 dns postfix/smtpd[1331]: disconnect from mail-qt0-f194.google.com[209.85.216.194]
Dec 22 12:26:49 dns postfix/local[1336]: 9A49BE0090: to=root@dns.localdomain, orig_to=, relay=local, delay=1.6, delays=0.02/0.01/0/1.5, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Dec 22 12:26:49 dns postfix/qmgr[629]: 9A49BE0090: removed

NOTE: The line that says Dec 22 12:26:47 dns postfix/smtpd[1331]: warning: unknown smtpd restriction: “=” tells me that my “fix” to postfix was an improper one and although I thought it got postfix running, It is not a permanent solution. So I will be removing that " = " from line “permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination =” in postfix main.cf file as suggested by another, since it is not being recognized by postfix anyway.

Just to make sure line smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination = was the cause of the issued warning Dec 22 12:26:47 dns postfix/smtpd[1331]: warning: unknown smtpd restriction: “=” I removed the = that I added to the end and rebooted the server, postfix was running again without that warning Dec 22 12:26:47 dns postfix/smtpd[1331]: warning: unknown smtpd restriction: “=” this time and it rebooted and started just fine, But still had the other data left from the code post above regarding the inbound email.

But the rest of the information in regards to the email sent to my mail server may have some pertinent data for the problem at hand.

Hopefully this data helps.

Best Regards,
Kyle

UPDATE
I am just going to give up running it on this server, they obviously have issues, tested “lets encrypt” and it breaks the apache server to set server enabled to https. Some crazy error saying Unrecognized command “”

Maybe this server is just crap, and things go wrong during install of Virtualmin, Will try another and see what happens with it, going to go to a KVM server and see if I have better luck.

Will update this thread once I test install and above issues on it.

Regards,
Kyle

Tell us the hosting company, if is one of the bad apples for sure i will have on my personal black list. It could be that OS templates are broken even its a long time when i saw such situation with any hosting company.

It’s really hard to keep up with all of this. I see you’re going to try on a different kind of virtual server, which I think is a good idea; none of these are common problems or things that are expected after a fresh install on a supported OS.

The only thing I see that is an actionable error in all of this is that the UID is 501, and Dovecot isn’t willing to accept a login from a user with a UID that low (CentOS systems now put users on UID 1000 and above).

If this was a migrated backup from an older OS, Virtualmin, I think, would keep the same UIDs, by default (but you can tell it to remap UIDs during migration). So, the fix for the dovecot authentication problem is to change the UID of this user to something over 1000, and to reset ownership of their home and files to the user. Virtualmin probably ought to recognize that and refuse to create a user with an invalidly low UID; we haven’t seen it happen, thus far, to the best of my knowledge, so it’s probably not super common, and would mean your backup is coming from a quite old OS to a quite new one.

Most of the other stuff is normal activity messages; all those login failures are from random people trying to login to your system. Seems alarming, but it’s normal (there are botnets scouring the internet 24/7 for exploitable mail servers).