Problem sending email

Support
1

Bonsoir,

Suite a déménagement de serveur avec changement de lieu et IP (que j’ai modifier chez mon registar)

Tout à bien fonctionner, mais depuis quelques jours je ne peux plus envoyer de mails, ils partent bien mais n’arrive pas.

Comment régler ce souci, je ne suis pas un pro avec Linux.

Merci à vous.

Frederic.

Good evening,
Following a server move with change of location and IP (which I changed at my registar)
Everything is working fine, but for the last few days I can’t send emails anymore, they are going fine but not arriving.
How to fix this problem, I am not a pro with Linux.
Thank’ a lot for your help
Frederic.

2

@frederic

Salut Frederic

If I understand correctly, after moving, your server was able to send and recieve mails.
Only a while afterwards, in your words “a few days ago”, the server can’t send mails anymore.
Incoming mails still work.

You didn’t change anything after the server move was done, and working?

Is this correct?

This could / would point to your provider changing some parameter, either in mail or simply blocking port 25 from the internet.

A lot of providers block port 25 in and outgoing, due to spam - this is a priivate home connection, there are NO mail servers here…
Additionally, most providers blacklist their own IP ranges for private internet connections. (DNS/IP blacklisting, eg dnsbl…)

My 2 cents
Andy

1 Like
3

Bonsoir,
Yes Andy,
I just change IP(fix) and it work properly for fews day I dont change anything else…
I dont know who I have to look for find a clue.
Frederic

image
image495×651 18.4 KB

4

Try testing from your server console, if it can reach any known mailserver over the internet:

This should work:
telnet mail.bluewin.ch 25

The server will give something back like:

anwi-mac-mpr15:~ aw$ telnet mail.bluewin.ch 25
Trying 195.186.120.51...
Connected to mail.lb.bluewin.ch.
Escape character is '^]'.
554 mail.lb.bluewin.ch vimdzmsp-mail03.bluewin.ch Swisscom AG ESMTP server not available
Connection closed by foreign host.

If you get that, that means first test passed… :slight_smile:

-> Your server CAN connect with port 25 to any other mailserver in the world.

Andy

5

I m lost?

6

image
image869×670 66.8 KB

7

Did you check your static ip isn’t on some blacklist?
Have you checked if in /var/log/maillog there are outgoing mail rejection messages?
Have you checked that you haven’t activated the smarthost that still points to the old provider?

If your IP is 82.65.81.211 (corresponding to fred.fio01.com)

https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3A82.65.81.211&run=toolpage

1 Like
8

His IP is on 3 blacklists.

Capture
Capture1033×549 95.4 KB

1 Like
9

lol, we made same thing :smiley: :+1: :+1:

1 Like
10

:grinning:
I saw the domain fio01.com and I did first tests for this kind of issue … :grinning:

As @stephdl said: check the email log! :wink:

11

Good morning,
Why I m blacklister?
This IP is a new I got it 3 month ago?

12

@frederic

You can check each of the 3 lists, WHY you are blacklisted.
The IP isn’t “new”, it’s only been reallocated to you - this means it could also have a “history”…

As already discussed, the DNS is not complete:
Doing a PTR (Pointer, reverse lookup check) i get:
82-65-81-211.subs.proxad.net.

You should have a Reverse IP entry, this can only be done by your Internet Provider, not your Registrar. The IP belongs to the Internet Provider and is on a list which does not allow mailserver services.

The reverse entry should be your domain - or your mailserver.
For example:

82.65.81.211 IN PTR fio01.com

You need to request this from your Internet Provider!

There are more issuse…
(Still checking!)

Andy
My 2 cents
Andy

1 Like
13

We don’t know because you blacklisted.
Sometimes it’s the same providers who blacklist their IP classes because they want you to use their smarthost smtp
Or the IP class where your IP is located has a bad reputation (e.g. IP of the same class that sent spam)

https://www.barracudacentral.org/lookups/lookup-reputation

http://www.sorbs.net/lookup.shtml

https://www.spamhaus.org/lookup/
https://www.spamhaus.org/pbl/query/PBL041901

1 Like
14

@frederic

Hi

Here are a few links I use to check Mail / DNS:

http://multirbl.valli.org/lookup/
http://mxtoolbox.com/
http://www.kitterman.com/spf/validate.html

There are more, I seem to have lost or misplaced my dmarc checker… :frowning:

A mailserver needs:

Some DNS entries:
A-Record (Not CNAME !)
MX-Record
TXT-Records (SPF, Dmarc, etc)

-> The first two are absolute musts!

You also need / should have a corresponding PTR entry.
Other mailservers recieving mail from you check DNS for whom is this IP registered?
If no entry, they won’t accept mail. (Gmail, Apple, others…).

These reasons are already enough to get a “bad” reputation…

“Oh, that server isn’t even entered as a mailserver, is it legit?”

See this report about your domain, and what’s missing for mail to work:
https://mxtoolbox.com/domain/fio01.com/?source=findmonitors

Reverse DNS issues:

Bildschirmfoto 2020-08-10 um 09.55.51
Bildschirmfoto 2020-08-10 um 09.55.512762×294 95.8 KB

Note:

During the initial contact between two mailservers while sending mail, the sender “announces” itself as a mailserver for domain xy.com (or whatever). The contacted mailserver will do a reverse IP check (Very hard to spoof!) - and there’s NO entry corresponding to your domain name, or what your server announces itself as.

telnet fio01.com 25
Trying 82.65.81.211...
Connected to fio01.com.
Escape character is '^]'.
220 fred.fio01.com ESMTP Postfix
quit

Checking the DNS gets me:

anwi-mac-mpr15:~ aw$ nslookup -query=ptr 82.65.81.211 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
211.81.65.82.in-addr.arpa	name = 82-65-81-211.subs.proxad.net.

This shows me “subs.proxyad.net”, but nothing indicating fio01.com
-> Not good!

My 2 cents
Andy

PS:

There are also “fake” dnsbl providers, see this:
https://www.spamhaus.org/organization/statement/8/
And they’re still active! But almost no one uses them…

1 Like
15

Good morning all,
First thing thank you all for your help and your answers.
I have asked my ISP to change my own IP I am waiting for the answer, but it is a fixed IP so I don’t know if they will be able to change it.
In fact I just changed the IP on this server, I only changed the IPs at Gandi.

And it was working, and now I can receive but the mail remains in the queue on the server.
I installed this server several years ago, with the help (great help) of Michel André, who is always there every time, he knows the installation well.
I am ready to change some configs on the server if needed.

Screen Shot 08-10-20 at 11.51 AM
Screen Shot 08-10-20 at 11.51 AM1384×1042 115 KB

var/log/message

Aug 11 05:51:52 fred rsyslogd: [origin software=“rsyslogd” swVersion=“8.24.0-34.el7” x-pid=“21168” x-info=“http://www.rsyslog.com”] rsyslogd was HUPed
Aug 11 05:51:54 fred esmith::event[12296]: Event: nethserver-alerts-save
Aug 11 05:51:54 fred esmith::event[12296]: Action: /etc/e-smith/events/nethserver-alerts-save/S02nethserver-alerts-update-alertsdb SUCCESS [0.165354]
Aug 11 05:51:54 fred esmith::event[12296]: expanding /etc/collectd.d/filter.conf
Aug 11 05:51:54 fred esmith::event[12296]: expanding /etc/collectd.d/ping.conf
Aug 11 05:51:55 fred esmith::event[12296]: expanding /etc/collectd.d/threshold.conf
Aug 11 05:51:55 fred esmith::event[12296]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.168615]
Aug 11 05:51:55 fred systemd: Reloading.
Aug 11 05:51:55 fred esmith::event[12296]: [INFO] service collectd restart
Aug 11 05:51:55 fred collectd[11947]: Exiting normally.
Aug 11 05:51:55 fred collectd[11947]: collectd: Stopping 5 read threads.
Aug 11 05:51:55 fred systemd: Stopping Collectd statistics daemon…
Aug 11 05:51:55 fred collectd[11947]: collectd: Stopping 5 write threads.
Aug 11 05:51:55 fred collectd[11947]: rrdtool plugin: Shutting down the queue thread. This may take a while.
Aug 11 05:51:55 fred collectd[11947]: ping plugin: Shutting down thread.
Aug 11 05:51:55 fred systemd: Stopped Collectd statistics daemon.
Aug 11 05:51:55 fred systemd: Starting Collectd statistics daemon…
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “syslog” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “rrdtool” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “cpu” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “processes” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “uptime” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “match_regex” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “md” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “load” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “df” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “memory” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “swap” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “interface” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “disk” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “ping” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: ping plugin: MaxMissed < 0, disabled re-resolving of hosts
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “python” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “threshold” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: plugin_load: plugin “unixsock” successfully loaded.
Aug 11 05:51:55 fred collectd[12332]: Systemd detected, trying to signal readyness.
Aug 11 05:51:55 fred systemd: Started Collectd statistics daemon.
Aug 11 05:51:55 fred collectd[12332]: Initialization complete, entering read-loop.
Aug 11 05:51:55 fred esmith::event[12296]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [0.379472]
Aug 11 05:51:55 fred esmith::event[12296]: Event: nethserver-alerts-save SUCCESS
Aug 11 05:51:57 fred systemd: Removed slice User Slice of root.
Aug 11 05:55:52 fred sshd[12675]: Connection closed by 114.55.124.195 port 45308 [preauth]
Aug 11 05:55:53 fred sshd[12678]: Connection closed by 92.222.1.40 port 34562 [preauth]
Aug 11 05:55:54 fred sshd[12682]: Connection closed by 80.59.98.30 port 59767 [preauth]
Aug 11 05:55:59 fred sshd[12687]: Connection closed by 221.125.235.4 port 59930 [preauth]
Aug 11 05:56:01 fred sshd[12691]: Connection closed by 45.119.53.58 port 43592 [preauth]
Aug 11 05:56:01 fred sshd[12693]: Connection closed by 207.46.132.127 port 1336 [preauth]
Aug 11 05:56:01 fred sshd[12692]: Connection closed by 49.212.155.173 port 47110 [preauth]
Aug 11 06:00:01 fred systemd: Created slice User Slice of root.
Aug 11 06:00:01 fred systemd: Started Session 7455 of user root.
Aug 11 06:01:01 fred systemd: Started Session 7456 of user root.
Aug 11 06:01:37 fred sshd[13031]: Invalid user webmaster from 188.166.216.84 port 51774
Aug 11 06:01:37 fred sshd[13031]: input_userauth_request: invalid user webmaster [preauth]
Aug 11 06:01:39 fred sshd[13031]: Failed password for invalid user webmaster from 188.166.216.84 port 51774 ssh2
Aug 11 06:01:39 fred sshd[13031]: Received disconnect from 188.166.216.84 port 51774:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 06:01:39 fred sshd[13031]: Disconnected from 188.166.216.84 port 51774 [preauth]
Aug 11 06:04:18 fred freshclam[13197]: ClamAV update process started at Sun Aug 11 06:04:18 2019
Aug 11 06:04:18 fred freshclam[13197]: Your ClamAV installation is OUTDATED!
Aug 11 06:04:18 fred freshclam[13197]: Local version: 0.101.2 Recommended version: 0.101.3
Aug 11 06:04:18 fred freshclam[13197]: DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Aug 11 06:04:18 fred freshclam[13197]: main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Aug 11 06:04:18 fred freshclam[13197]: daily.cld is up to date (version: 25537, sigs: 1708323, f-level: 63, builder: raynman)
Aug 11 06:04:18 fred freshclam[13197]: bytecode.cld is up to date (version: 330, sigs: 94, f-level: 63, builder: neo)
Aug 11 06:04:18 fred systemd: Removed slice User Slice of root.
Aug 11 06:14:01 fred systemd: Created slice User Slice of root.
Aug 11 06:14:01 fred systemd: Started Session 7457 of user root.
Aug 11 06:16:01 fred sshd[13998]: Connection closed by 39.105.208.39 port 40232 [preauth]
Aug 11 06:19:49 fred systemd: Removed slice User Slice of root.
Aug 11 06:37:55 fred sshd[15372]: Invalid user jboss from 115.42.181.170 port 33740
Aug 11 06:37:55 fred sshd[15372]: input_userauth_request: invalid user jboss [preauth]
Aug 11 06:37:57 fred sshd[15372]: Failed password for invalid user jboss from 115.42.181.170 port 33740 ssh2
Aug 11 06:37:57 fred sshd[15372]: Received disconnect from 115.42.181.170 port 33740:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 06:37:57 fred sshd[15372]: Disconnected from 115.42.181.170 port 33740 [preauth]
Aug 11 06:40:14 fred sshd[15492]: Connection closed by 116.213.107.8 port 47378 [preauth]
Aug 11 06:52:51 fred sshd[16215]: Invalid user testuser from 59.124.155.22 port 45918
Aug 11 06:52:51 fred sshd[16215]: input_userauth_request: invalid user testuser [preauth]
Aug 11 06:52:53 fred sshd[16215]: Failed password for invalid user testuser from 59.124.155.22 port 45918 ssh2
Aug 11 06:52:53 fred sshd[16215]: Received disconnect from 59.124.155.22 port 45918:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 06:52:53 fred sshd[16215]: Disconnected from 59.124.155.22 port 45918 [preauth]
Aug 11 06:57:24 fred sshd[16447]: Connection closed by 112.65.170.186 port 33694 [preauth]
Aug 11 07:01:01 fred systemd: Created slice User Slice of root.
Aug 11 07:01:01 fred systemd: Started Session 7458 of user root.
Aug 11 07:01:01 fred systemd: Removed slice User Slice of root.
Aug 11 07:01:16 fred sshd[16700]: Connection closed by 80.59.98.30 port 46390 [preauth]
Aug 11 07:01:16 fred sshd[16702]: Connection closed by 92.222.1.40 port 50236 [preauth]
Aug 11 07:01:23 fred sshd[16709]: Connection closed by 49.212.155.173 port 60446 [preauth]
Aug 11 07:01:23 fred sshd[16712]: Connection closed by 45.119.53.58 port 57494 [preauth]
Aug 11 07:01:24 fred sshd[16714]: Connection closed by 221.125.235.4 port 55706 [preauth]
Aug 11 07:01:25 fred sshd[16717]: Connection closed by 207.46.132.127 port 1336 [preauth]
Aug 11 07:08:59 fred sshd[17151]: Failed password for root from 58.115.161.172 port 49290 ssh2
Aug 11 07:09:00 fred sshd[17151]: Received disconnect from 58.115.161.172 port 49290:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 07:09:00 fred sshd[17151]: Disconnected from 58.115.161.172 port 49290 [preauth]
Aug 11 07:09:10 fred sshd[17164]: Connection closed by 114.55.124.195 port 58662 [preauth]
Aug 11 07:14:01 fred systemd: Created slice User Slice of root.
Aug 11 07:14:01 fred systemd: Started Session 7459 of user root.
Aug 11 07:19:54 fred sshd[17937]: Connection closed by 51.158.20.62 port 60095 [preauth]
Aug 11 07:22:48 fred systemd: Removed slice User Slice of root.
Aug 11 07:27:32 fred sshd[18400]: Connection closed by 213.135.239.146 port 36105 [preauth]
Aug 11 07:30:31 fred sshd[18580]: Invalid user tomcat from 218.76.252.245 port 58878
Aug 11 07:30:31 fred sshd[18580]: input_userauth_request: invalid user tomcat [preauth]
Aug 11 07:30:33 fred sshd[18580]: Failed password for invalid user tomcat from 218.76.252.245 port 58878 ssh2
Aug 11 07:30:33 fred sshd[18580]: Received disconnect from 218.76.252.245 port 58878:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 07:30:33 fred sshd[18580]: Disconnected from 218.76.252.245 port 58878 [preauth]
Aug 11 07:34:15 fred sshd[18799]: Connection closed by 39.105.208.39 port 53518 [preauth]
Aug 11 07:35:50 fred sshd[18885]: Connection closed by 139.198.3.81 port 42260 [preauth]
Aug 11 07:37:18 fred dhclient[4583]: DHCPREQUEST on ens2 to 82.238.77.254 port 67 (xid=0x6f5e142d)
Aug 11 07:37:18 fred dhclient[4583]: DHCPACK from 82.238.77.254 (xid=0x6f5e142d)
Aug 11 07:37:20 fred dhclient[4583]: bound to 82.238.77.199 – renewal in 299461 seconds.
Aug 11 07:45:05 fred sshd[19590]: Connection closed by 165.22.110.16 port 58144 [preauth]
Aug 11 07:45:11 fred sshd[19598]: Did not receive identification string from 148.70.103.187 port 37084
Aug 11 07:58:57 fred sshd[20388]: Connection closed by 116.213.107.8 port 57596 [preauth]
Aug 11 08:01:01 fred systemd: Created slice User Slice of root.
Aug 11 08:01:01 fred systemd: Started Session 7460 of user root.
Aug 11 08:01:01 fred systemd: Removed slice User Slice of root.
Aug 11 08:06:56 fred sshd[20847]: Connection closed by 92.222.1.40 port 37702 [preauth]
Aug 11 08:06:56 fred sshd[20850]: Connection closed by 80.59.98.30 port 59681 [preauth]
Aug 11 08:07:03 fred sshd[20857]: Connection closed by 221.125.235.4 port 42808 [preauth]
Aug 11 08:07:03 fred sshd[20858]: Connection closed by 49.212.155.173 port 45550 [preauth]
Aug 11 08:07:03 fred sshd[20861]: Connection closed by 207.46.132.127 port 1336 [preauth]
Aug 11 08:07:05 fred sshd[20865]: Connection closed by 45.119.53.58 port 43160 [preauth]
Aug 11 08:10:12 fred sshd[21068]: Connection closed by 51.83.104.120 port 48172 [preauth]
Aug 11 08:14:01 fred systemd: Created slice User Slice of root.
Aug 11 08:14:01 fred systemd: Started Session 7461 of user root.
Aug 11 08:14:07 fred sshd[21445]: Connection closed by 112.65.170.186 port 40224 [preauth]
Aug 11 08:14:58 fred sshd[21489]: Connection closed by 39.108.131.148 port 54772 [preauth]
Aug 11 08:17:48 fred sshd[21661]: Connection closed by 178.32.215.89 port 55076 [preauth]
Aug 11 08:18:38 fred systemd: Removed slice User Slice of root.
Aug 11 08:25:50 fred sshd[22200]: Connection closed by 114.55.124.195 port 43824 [preauth]
Aug 11 08:32:09 fred sshd[22549]: Failed password for ftp from 115.254.63.52 port 55127 ssh2
Aug 11 08:32:09 fred sshd[22549]: Received disconnect from 115.254.63.52 port 55127:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 08:32:09 fred sshd[22549]: Disconnected from 115.254.63.52 port 55127 [preauth]
Aug 11 08:35:33 fred sshd[22748]: Connection closed by 41.223.142.211 port 60944 [preauth]
Aug 11 08:54:12 fred sshd[23817]: Connection closed by 39.105.208.39 port 38572 [preauth]
Aug 11 09:00:01 fred systemd: Created slice User Slice of root.
Aug 11 09:00:01 fred systemd: Started Session 7462 of user root.
Aug 11 09:01:01 fred systemd: Started Session 7463 of user root.
Aug 11 09:01:39 fred sshd[24280]: Connection closed by 104.248.121.67 port 38133 [preauth]
Aug 11 09:01:47 fred sshd[24289]: Connection closed by 178.33.185.70 port 33568 [preauth]
Aug 11 09:01:52 fred sshd[24291]: Invalid user ubuntu from 59.9.223.244 port 49857
Aug 11 09:01:52 fred sshd[24291]: input_userauth_request: invalid user ubuntu [preauth]
Aug 11 09:01:54 fred sshd[24291]: Failed password for invalid user ubuntu from 59.9.223.244 port 49857 ssh2
Aug 11 09:01:54 fred sshd[24291]: Received disconnect from 59.9.223.244 port 49857:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 09:01:54 fred sshd[24291]: Disconnected from 59.9.223.244 port 49857 [preauth]
Aug 11 09:04:18 fred freshclam[24448]: ClamAV update process started at Sun Aug 11 09:04:18 2019
Aug 11 09:04:18 fred freshclam[24448]: Your ClamAV installation is OUTDATED!
Aug 11 09:04:18 fred freshclam[24448]: Local version: 0.101.2 Recommended version: 0.101.3
Aug 11 09:04:18 fred freshclam[24448]: DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Aug 11 09:04:18 fred freshclam[24448]: main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Aug 11 09:04:18 fred freshclam[24448]: daily.cld is up to date (version: 25537, sigs: 1708323, f-level: 63, builder: raynman)
Aug 11 09:04:18 fred freshclam[24448]: bytecode.cld is up to date (version: 330, sigs: 94, f-level: 63, builder: neo)
Aug 11 09:04:18 fred systemd: Removed slice User Slice of root.
Aug 11 09:12:36 fred sshd[24909]: Connection closed by 92.222.1.40 port 53284 [preauth]
Aug 11 09:12:42 fred sshd[24915]: Connection closed by 80.59.98.30 port 44121 [preauth]
Aug 11 09:12:47 fred sshd[24925]: Connection closed by 49.212.155.173 port 58898 [preauth]
Aug 11 09:12:48 fred sshd[24927]: Connection closed by 221.125.235.4 port 56712 [preauth]
Aug 11 09:12:48 fred sshd[24930]: Connection closed by 45.119.53.58 port 57076 [preauth]
Aug 11 09:12:50 fred sshd[24933]: Connection closed by 207.46.132.127 port 1336 [preauth]
Aug 11 09:13:40 fred sshd[25007]: Connection closed by 104.248.32.164 port 53196 [preauth]
Aug 11 09:14:01 fred systemd: Created slice User Slice of root.
Aug 11 09:14:01 fred systemd: Started Session 7464 of user root.
Aug 11 09:15:44 fred sshd[25247]: Invalid user cyrus from 212.78.210.44 port 43698
Aug 11 09:15:44 fred sshd[25247]: input_userauth_request: invalid user cyrus [preauth]
Aug 11 09:15:46 fred sshd[25247]: Failed password for invalid user cyrus from 212.78.210.44 port 43698 ssh2
Aug 11 09:15:46 fred sshd[25247]: Received disconnect from 212.78.210.44 port 43698:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 09:15:46 fred sshd[25247]: Disconnected from 212.78.210.44 port 43698 [preauth]
Aug 11 09:16:26 fred systemd: Removed slice User Slice of root.
Aug 11 09:17:22 fred sshd[25375]: Connection closed by 116.213.107.8 port 39553 [preauth]
Aug 11 09:25:11 fred sshd[25827]: Did not receive identification string from 198.211.114.208 port 41612
Aug 11 09:30:58 fred sshd[26150]: Connection closed by 112.65.170.186 port 46782 [preauth]
Aug 11 09:31:42 fred sshd[26187]: Connection closed by 118.24.38.12 port 37926 [preauth]
Aug 11 09:36:39 fred sshd[26472]: Address 74.202.20.26 maps to 74-202-20-26.static.ctl.one, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Aug 11 09:36:39 fred sshd[26472]: Invalid user dummy from 74.202.20.26 port 41780
Aug 11 09:36:39 fred sshd[26472]: input_userauth_request: invalid user dummy [preauth]
Aug 11 09:36:42 fred sshd[26472]: Failed password for invalid user dummy from 74.202.20.26 port 41780 ssh2
Aug 11 09:36:42 fred sshd[26472]: Received disconnect from 74.202.20.26 port 41780:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 09:36:42 fred sshd[26472]: Disconnected from 74.202.20.26 port 41780 [preauth]
Aug 11 09:37:37 fred sshd[26523]: Connection closed by 98.4.160.39 port 38538 [preauth]
Aug 11 09:42:11 fred sshd[26784]: Connection closed by 114.55.124.195 port 57194 [preauth]
Aug 11 10:01:01 fred systemd: Created slice User Slice of root.
Aug 11 10:01:01 fred systemd: Started Session 7465 of user root.
Aug 11 10:01:01 fred systemd: Removed slice User Slice of root.
Aug 11 10:06:12 fred sshd[28159]: Invalid user we from 81.133.189.239 port 33559
Aug 11 10:06:12 fred sshd[28159]: input_userauth_request: invalid user we [preauth]
Aug 11 10:06:15 fred sshd[28159]: Failed password for invalid user we from 81.133.189.239 port 33559 ssh2
Aug 11 10:06:15 fred sshd[28159]: Received disconnect from 81.133.189.239 port 33559:11: Bye Bye [preauth]
Aug 11 10:06:15 fred sshd[28159]: Disconnected from 81.133.189.239 port 33559 [preauth]
Aug 11 10:07:05 fred sshd[28214]: Connection closed by 186.31.65.66 port 22951 [preauth]
Aug 11 10:09:19 fred sshd[28365]: Invalid user oracle from 68.68.240.151 port 58995
Aug 11 10:09:19 fred sshd[28365]: input_userauth_request: invalid user oracle [preauth]
Aug 11 10:09:20 fred sshd[28365]: Failed password for invalid user oracle from 68.68.240.151 port 58995 ssh2
Aug 11 10:09:21 fred sshd[28365]: Received disconnect from 68.68.240.151 port 58995:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 10:09:21 fred sshd[28365]: Disconnected from 68.68.240.151 port 58995 [preauth]
Aug 11 10:11:34 fred sshd[28478]: Connection closed by 125.124.30.186 port 36572 [preauth]
Aug 11 10:12:34 fred sshd[28535]: Did not receive identification string from 39.105.208.39 port 51890
Aug 11 10:14:01 fred systemd: Created slice User Slice of root.
Aug 11 10:14:01 fred systemd: Started Session 7466 of user root.
Aug 11 10:17:43 fred systemd: Removed slice User Slice of root.
Aug 11 10:18:29 fred sshd[29127]: Connection closed by 92.222.1.40 port 40702 [preauth]
Aug 11 10:18:32 fred sshd[29131]: Connection closed by 80.59.98.30 port 56781 [preauth]
Aug 11 10:18:35 fred sshd[29135]: Connection closed by 221.125.235.4 port 37144 [preauth]
Aug 11 10:18:35 fred sshd[29137]: Connection closed by 49.212.155.173 port 44028 [preauth]
Aug 11 10:18:39 fred sshd[29142]: Connection closed by 207.46.132.127 port 1336 [preauth]
Aug 11 10:18:39 fred sshd[29145]: Connection closed by 45.119.53.58 port 42748 [preauth]
Aug 11 10:24:04 fred sshd[29434]: Invalid user cq from 77.138.145.133 port 55766
Aug 11 10:24:04 fred sshd[29434]: input_userauth_request: invalid user cq [preauth]
Aug 11 10:24:06 fred sshd[29434]: Failed password for invalid user cq from 77.138.145.133 port 55766 ssh2
Aug 11 10:24:06 fred sshd[29434]: Received disconnect from 77.138.145.133 port 55766:11: Bye Bye [preauth]
Aug 11 10:24:06 fred sshd[29434]: Disconnected from 77.138.145.133 port 55766 [preauth]
Aug 11 10:31:40 fred sshd[29865]: Address 189.254.33.157 maps to customer-189-254-33-157-sta.uninet-ide.com.mx, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Aug 11 10:31:40 fred sshd[29865]: Invalid user postgres from 189.254.33.157 port 54989
Aug 11 10:31:40 fred sshd[29865]: input_userauth_request: invalid user postgres [preauth]
Aug 11 10:31:42 fred sshd[29865]: Failed password for invalid user postgres from 189.254.33.157 port 54989 ssh2
Aug 11 10:31:42 fred sshd[29865]: Received disconnect from 189.254.33.157 port 54989:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 10:31:42 fred sshd[29865]: Disconnected from 189.254.33.157 port 54989 [preauth]
Aug 11 10:32:10 fred sshd[29893]: Connection closed by 154.73.61.7 port 44454 [preauth]
Aug 11 10:34:11 fred sshd[30025]: Connection closed by 142.93.69.223 port 42530 [preauth]
Aug 11 10:35:50 fred sshd[30110]: Connection closed by 116.213.107.8 port 49742 [preauth]
Aug 11 10:45:51 fred sshd[30682]: Connection closed by 112.65.170.186 port 53346 [preauth]
Aug 11 10:47:56 fred sshd[30815]: Connection closed by 123.142.192.18 port 58360 [preauth]
Aug 11 11:00:18 fred sshd[31515]: Connection closed by 114.55.124.195 port 42302 [preauth]
Aug 11 11:01:01 fred systemd: Created slice User Slice of root.
Aug 11 11:01:01 fred systemd: Started Session 7467 of user root.
Aug 11 11:01:01 fred systemd: Removed slice User Slice of root.
Aug 11 11:14:01 fred systemd: Created slice User Slice of root.
Aug 11 11:14:01 fred systemd: Started Session 7468 of user root.
Aug 11 11:22:06 fred systemd: Removed slice User Slice of root.
Aug 11 11:23:21 fred sshd[552]: Address 81.199.120.186 maps to host186.icomm.net.il, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Aug 11 11:23:23 fred sshd[552]: Failed password for root from 81.199.120.186 port 37698 ssh2
Aug 11 11:23:23 fred sshd[552]: Received disconnect from 81.199.120.186 port 37698:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 11:23:23 fred sshd[552]: Disconnected from 81.199.120.186 port 37698 [preauth]
Aug 11 11:24:05 fred sshd[595]: Connection closed by 92.222.1.40 port 56268 [preauth]
Aug 11 11:24:06 fred sshd[598]: Connection closed by 80.59.98.30 port 41461 [preauth]
Aug 11 11:24:14 fred sshd[608]: Connection closed by 49.212.155.173 port 57386 [preauth]
Aug 11 11:24:14 fred sshd[607]: Connection closed by 221.125.235.4 port 59500 [preauth]
Aug 11 11:24:15 fred sshd[611]: Connection closed by 45.119.53.58 port 56650 [preauth]
Aug 11 11:24:15 fred sshd[614]: Connection closed by 207.46.132.127 port 1336 [preauth]
Aug 11 11:25:24 fred sshd[672]: Connection closed by 39.105.208.39 port 36982 [preauth]
Aug 11 11:27:59 fred sshd[788]: Failed password for admin from 77.138.145.133 port 50446 ssh2
Aug 11 11:27:59 fred sshd[788]: Received disconnect from 77.138.145.133 port 50446:11: Bye Bye [preauth]
Aug 11 11:27:59 fred sshd[788]: Disconnected from 77.138.145.133 port 50446 [preauth]
Aug 11 11:33:20 fred sshd[1136]: Connection closed by 180.178.106.124 port 55892 [preauth]
Aug 11 11:33:56 fred sshd[1168]: Connection closed by 114.113.126.163 port 49481 [preauth]
Aug 11 11:35:07 fred sshd[1240]: Connection closed by 134.175.62.14 port 34388 [preauth]
Aug 11 11:47:10 fred sshd[1910]: Invalid user isis from 180.246.37.241 port 41286
Aug 11 11:47:10 fred sshd[1910]: input_userauth_request: invalid user isis [preauth]
Aug 11 11:47:13 fred sshd[1910]: Failed password for invalid user isis from 180.246.37.241 port 41286 ssh2
Aug 11 11:47:13 fred sshd[1910]: Received disconnect from 180.246.37.241 port 41286:11: Bye Bye [preauth]
Aug 11 11:47:13 fred sshd[1910]: Disconnected from 180.246.37.241 port 41286 [preauth]
Aug 11 11:52:45 fred sshd[2241]: Connection closed by 116.213.107.8 port 59871 [preauth]
Aug 11 12:00:01 fred systemd: Created slice User Slice of root.
Aug 11 12:00:01 fred systemd: Started Session 7469 of user root.
Aug 11 12:01:01 fred systemd: Started Session 7470 of user root.
Aug 11 12:02:13 fred sshd[2801]: Connection closed by 112.65.170.186 port 59908 [preauth]
Aug 11 12:03:18 fred sshd[2875]: Invalid user dell from 77.138.145.133 port 46204
Aug 11 12:03:18 fred sshd[2875]: input_userauth_request: invalid user dell [preauth]
Aug 11 12:03:21 fred sshd[2875]: Failed password for invalid user dell from 77.138.145.133 port 46204 ssh2
Aug 11 12:03:21 fred sshd[2875]: Received disconnect from 77.138.145.133 port 46204:11: Bye Bye [preauth]
Aug 11 12:03:21 fred sshd[2875]: Disconnected from 77.138.145.133 port 46204 [preauth]
Aug 11 12:04:18 fred freshclam[2938]: ClamAV update process started at Sun Aug 11 12:04:18 2019
Aug 11 12:04:18 fred freshclam[2938]: Your ClamAV installation is OUTDATED!
Aug 11 12:04:18 fred freshclam[2938]: Local version: 0.101.2 Recommended version: 0.101.3
Aug 11 12:04:18 fred freshclam[2938]: DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Aug 11 12:04:18 fred freshclam[2938]: main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Aug 11 12:04:18 fred freshclam[2938]: Downloading daily-25538.cdiff [100%]
Aug 11 12:05:11 fred freshclam[2938]: daily.cld updated (version: 25538, sigs: 1709967, f-level: 63, builder: raynman)
Aug 11 12:05:11 fred freshclam[2938]: bytecode.cld is up to date (version: 330, sigs: 94, f-level: 63, builder: neo)
Aug 11 12:05:15 fred freshclam[2938]: Database updated (6276310 signatures) from database.clamav.net (IP: 104.16.219.84)
Aug 11 12:05:15 fred systemd: Removed slice User Slice of root.
Aug 11 12:05:15 fred sshd[2987]: Connection closed by 200.116.105.213 port 56078 [preauth]
Aug 11 12:08:12 fred sshd[3182]: Connection closed by 207.154.243.255 port 35056 [preauth]
Aug 11 12:13:21 fred sshd[3460]: Invalid user dummy from 59.124.85.195 port 43872
Aug 11 12:13:21 fred sshd[3460]: input_userauth_request: invalid user dummy [preauth]
Aug 11 12:13:22 fred sshd[3460]: Failed password for invalid user dummy from 59.124.85.195 port 43872 ssh2
Aug 11 12:13:23 fred sshd[3460]: Received disconnect from 59.124.85.195 port 43872:11: Normal Shutdown, Thank you for playing [preauth]
Aug 11 12:13:23 fred sshd[3460]: Disconnected from 59.124.85.195 port 43872 [preauth]
Aug 11 12:14:01 fred systemd: Created slice User Slice of root.
Aug 11 12:14:01 fred systemd: Started Session 7471 of user root.
Aug 11 12:15:45 fred sshd[3730]: Did not receive identification string from 114.55.124.195 port 55618
Aug 11 12:17:10 fred sshd[3801]: Connection closed by 153.254.115.57 port 16308 [preauth]
Aug 11 12:17:44 fred systemd: Removed slice User Slice of root.
A

16

Hi Andy,
Thank’s a lot for your help, but i m completely lost…

Frederic

A mailserver needs:

Some DNS entries:
A-Record (Not CNAME !)
MX-Record
TXT-Records (SPF, Dmarc, etc)

-> The first two are absolute musts!

You also need / should have a corresponding PTR entry.
Other mailservers recieving mail from you check DNS for whom is this IP registered?
If no entry, they won’t accept mail. (Gmail, Apple, others…).

17

Hi all,

On August 8th, to be able to receive email, I did a cutom-template for:
/etc/e-smith/templates-custom/etc/rspamd/rspamd.conf/20Options

I just deleted this custom template and
expand-template /etc/rspamd/rspamd.conf

Now it is as the original and using:
nameserver = ["127.0.0.1:10053:1"];

Michel-André

18

Hi all,

After deleting the custom-template, it cannot receive any email.
The rspamd is now using the original port 10053.

So the custom-template allowed to receive email.

Now the problem is original as before the cutom-template: “it cannot receive/send email”.

Michel-André

19

@michelandre

Salut Michel-André

If rspamd is deactivated, can mails be sent / recieved?

Andy

22

@michelandre

Looks like the whole NethServer Email part is really badly screwed up…
Maybe needs to be cleaned out (uninstall, clean out folders, e-smith and others, then reinstalled, mail can be moved elswhere on the server, and returned to the same place…), but I don’t think mail itself is damaged.

My 2 cents
Andy