Trying to connect to mail server in gmail returns various errors based on port

SYSTEM INFORMATION
OS type and version Ubuntu Linux 20.04.6
Virtualmin version 7.7

Dovecot is running, listening to “All IPv4 and IPv6”, and mail protocols selected are IMAP and POP3.

I’m trying to connect to an email user I created on a domain hosted on my virtualmin server in gmail.
I set the server to mail.domain.tld
I’ve tried usernames: user.domaintld, user@domain.tld, and user

I’ve tried ports:

110: Server returned error: “Missing +OK response upon connecting to the server: Disconnected: Auth process broken”
143: Server returned error: “Missing +OK response upon connecting to the server: * OK Waiting for authentication process to respond…”
993: Server returned error: “Connection refused”
995: Server returned error: “Connection refused”

I AM using FirewallD, but ports 110, 143, 993, and 995 are all open.

What’s going on? Any help would be appreciated, thanks!

Also the mail.log in /var/log is massive and getting lots of entries - is there anyway to slow it down? tail -f is a bit hard to deal with with all these connection attempts.

That’s worrying. If this is a new server, and mail.log is growing super fast, and you don’t know why…I think I know why and it’s spam. (I mean, outgoing. You probably have a compromised web app or user.)

You need to look at it and see what’s happening. You can use any tool you’d use for working with text with the mail.log, as it is plain text.

Just look at it from the beginning with less mail.log and see what all the noise is about. You probably have bigger problems than authentication. (But you’ll also need to look for the mail.log entries related to your auth attempts in order to solve that problem, too. That will likely be tagged with the dovecot or saslauthd name near the front of the log entry, while postfix entries will be about your other problem (probably spam).

You can search within less using /dovecot for example. You can also grep dovecot mail.log and you can pipe that into less. Or you can pipe tail into grep, like tail -f mail.log | grep -E 'dovecot|saslauth'

Many ways to make sense out of even huge logs, it’s worth getting friendly with the tools.

Thanks, I ran your last command (The tail -f mail.log | grep one) and it gave me this when I tried logging in again:

Sep 9 14:16:18 sga dovecot: auth: Fatal: APOP mechanism can’t be supported with given passdbs
Sep 9 14:16:18 sga dovecot: master: Error: service(auth): command startup failed, throttling for 60 secs
Sep 9 14:16:18 sga dovecot: pop3-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.162, session=

As for the spam issue - it looks like a lot of them, maybe all? Are failed login attempts, although I do have some weird queued mail that all look similar to:

2023/09/06 07:42 PM MAILER-DAEMON jqhmpcianz@hengfengxiz.com 24.84 KiB connect to mail.hengfengxiz.com[xxx.xxx.xxx.13]:25: Connection timed out

edit: I disabled APOP and now I just get connection refused on all ports related to mail when adding to gmail

edit 2: Changed listen [::] in dovecot config to listen * and I can connect, but get auth process broken. Logs show:

Sep 9 14:40:28 sga dovecot: config: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf
Sep 9 14:40:28 sga dovecot: config: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:248: protocol { ssl_listen } has been replaced by service { inet_listener { address } }
Sep 9 14:40:28 sga dovecot: auth: Fatal: CRAM-MD5 mechanism can’t be supported with given passdbs
Sep 9 14:40:28 sga dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs
Sep 9 14:40:28 sga dovecot: pop3-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.162, session=<n3YPE+4E6L7RVaaS>

edit 3: I removed all but plain-text login and now I get:

Server returned error: “Missing +OK response upon connecting to the server: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED] Dovecot (Ubuntu) ready.”

In gmail, but no errors in the log file.

edit 4: I changed, in the webmin GUI dovecot->networking and protocols, interfaces for non-ssl and ssl connections from All IPv4 and IPv6 to just All IPv4 - and mailbird automatically connected to some accounts I had setup awhile back before moving to a new server… But for some reason the domain I’ve been trying to work with in gmail, a separate domain entirely, gives this error now:

Server returned error: “SSL protocol error. Please try disabling SSL, or contact your other provider to verify the correct port settings.”

PLAIN is the only password that can work with system users (but it’s encrypted in transit, assuming a TLS connection). There are no overlapping hash types between Linux system users and the IMAP/POP or SASL standards, so the only way to use hashed passwords with mail is to maintain a separate mail user database or password file, which is a lot of additional overhead/complexity in an area that already gives people a whole lot of trouble.

I don’t know anything about GMail, but it looks like maybe STARTTLS isn’t working. Maybe you’re connecting to a name other than one that has a certificate. Depending on your software versions, you may or may not be able to use different names to connect. I tend to prefer using one name for all mail services on a system and use the certificate for that domain for all mail services, just to keep it simpler to troubleshoot problems.

Could also be a configuration issue.

This may be something we need to fix in our default config. Though I can’t imagine we wouldn’t have gotten bug reports about it before now; Ubuntu 20.04 has been out for years, surely someone would have complained if IMAPS/POP3S was broken. But, we want to get rid of warnings, regardless, I’ll look into it when I get a minute.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.