Send timeouts using IMAP and TLS wildcard Cert

So I have a godaddy wildcard cert and I installed it and used the copied it via the buttons in SSL management.

This worked fine for months, but recently IMAP emails started timing out on sends.

I looked into it and I dont see many errors. The errors manifest themselves as Roundcube timing out on sends, or MS Outlook timing out on sends (with the message eventually sending)

Outlook sometimes throws:

Task ‘me@tld.com - Sending’ reported error (0x8004210B) : ‘The operation timed out waiting for a response from the sending (SMTP) server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).’"

however that email eventually goes through.

roundcube sometimes throws a “timeout” too.

/var/log/mail.log shows nothing wierd
/roundcube/errors no errors

everything worked fine until a day ago.

I re keyed the cert but that didn’t help either.

There is nothing in this message that indicates an issue with SSL. It is your own assumption that the certificate is at fault - how correct that is remains to be seen.

The timeout error could be triggered due to a number of causes - see https://www.systoolsgroup.com/updates/resolve-sending-reported-error-0x8004210b-outlook/

Well when looking at the logs initially it complained about a chain certificate error, so then I re-keyed it per the recommendation of Godaddy so yeah I dont know what to look at – the problem is it eventually does go in outlook, but roundcube not so much

Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46

that is the issue I’m seeing that made me think SSL

I am ignoring your hypothesis about the SSL cert and investigating a theory of my own: could you check mail logs for process limit warnings?

Webmin -> System -> System Logs and view mail log. Then in the box next to Only show lines with text, enter “process limit” without the quotes. Hit Refresh. Any results found?

1 Like

I think you may have bingo on your card sir
Jun 23 11:18:53 mail postfix/master[1406]: warning: service "submission" (587) has reached its process limit "100": new clients may experience noticeable delays

Ha! I have saved you a fortune in hair transplant bills.

Next, let’s check if your server is being subjected to a brute force attack.

grep -w "connect from" /var/log/mail.log | awk -F"[" '{print$3}' | awk -F"]" '{print$1}' |sort -n |uniq -c |sort -nr | head -25

If it is, then you should find ways to contain the brute force attack; if not then your process limit of 100 is being reached due to valid use and you should consider increasing it, keeping in mind the corresponding increase in resources that will be required to serve a greater number of processes.

Thanks very much!

102202 193.35.51.13
58021 193.35.48.18
43066 46.38.145.253
40703 185.143.73.33
39138 185.143.73.175
39078 185.143.73.148
38908 185.143.73.93
38300 185.143.73.203
38243 185.143.73.162
37248 185.143.73.250
37118 185.143.73.142
36213 185.143.73.152
36140 185.143.73.119
36111 185.143.73.48
36024 185.143.73.171
36021 185.143.73.62
33894 185.143.73.157
33372 185.143.73.58
32143 185.143.73.41
32054 185.143.73.103
31978 185.143.73.134
30395 212.70.149.82
24901 212.70.149.3
23150 46.38.145.250

  1. So yeah looks like there are way too many connection from way too many places, what is the best way to deal with these dynamically? I have Config Firewall Installed but its disabled now

  2. Fail2Ban? If so what type of jail?

Thanks !

This is what I setup, how can I see what ips are going to jail?

sudo fail2ban-client status postfix-sasl

fail2ban-client status postfix-sasl

Sorry but the jail 'postfix-sasl' does not exist

When I restart fail2ban I get an error 

````● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: failed (Result: start-limit-hit) since Fri 2020-07-17 02:27:56 EDT; 49s ago
     Docs: man:fail2ban(1)
  Process: 2156 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)

Jul 17 02:27:56 mail.tld.com systemd[1]: fail2ban.service: Control process exited, code=exited status=255
Jul 17 02:27:56 mail.tld.com systemd[1]: Failed to start Fail2Ban Service.
Jul 17 02:27:56 mail.tld.com systemd[1]: fail2ban.service: Unit entered failed state.
Jul 17 02:27:56 mail.tld.com systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Jul 17 02:27:56 mail.tld.com systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart.
Jul 17 02:27:56 mail.tld.com systemd[1]: Stopped Fail2Ban Service.
Jul 17 02:27:56 mail.tld.com systemd[1]: fail2ban.service: Start request repeated too quickly.
Jul 17 02:27:56 mail.tld.com systemd[1]: Failed to start Fail2Ban Service.
Jul 17 02:27:56 mail.tld.com systemd[1]: fail2ban.service: Unit entered failed state.
Jul 17 02:27:56 mail.tld.com systemd[1]: fail2ban.service: Failed with result 'start-limit-hit'.

Its like the screenshot of what I did to enable is making it fail to start, but I dont see the problem

The key error message is

Failed to restart server : ERROR No file(s) found for glob /var/log/mail.warn ERROR Failed during configuration: Have not found any log file for postfix-sasl jail

but %(postfix_log)s is the log which translates out to /var/log/mail.warn which doesn’t exist so i manually put in /var/log/mail.log and that seemed to work

Fail 2 Ban works like a champ and has now banned a boat load of ips, thanks!

Status for the jail: postfix-sasl
|- Filter
|  |- Currently failed: 23
|  |- Total failed:     1644
|  `- File list:        /var/log/mail.log
`- Actions
   |- Currently banned: 26
   |- Total banned:     26
   `- Banned IP list:   185.143.73.157 46.38.145.250 212.70.149.19 185.143.73.142 46.38.145.252 46.38.145.253 46.38.145.251 185.143.73.84 185.143.73.93 185.143.73.48 185.143.73.134 46.38.145.249 185.143.73.250 185.143.73.203 46.38.145.247 185.143.72.16 185.143.73.148 185.143.73.152 185.143.73.175 185.143.73.103 46.38.145.4 185.143.73.119 185.143.73.41 185.143.73.33 185.143.73.162 185.143.73.62

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.