Hi,

I run what has, until recently, been a fairly stable and reliable mail server setup. On about the 12th of September, the server and its DNS was offline due to a large DDoS. When the machine came alive again, everything appeared to be working fine. Currently, another almost identical server that was also similarly affected by the DDoS is functioning perfectly.

On the 14th, users suddenly started having troubles checking their email using POP3. Login attempts would time out. Investigation of /var/log/maillog showed several interesting messages, such as (of course, hostnames and IP addresses have been changed):

Sep 18 09:58:10 wgservices ipop3d[10310]: Command stream end of file while reading line user=stan host=[10.0.0.22]

Sep 18 15:06:45 wgservices ipop3d[13566]: Auth user=wgs host=[10.0.0.12] nmsgs=0/0
Sep 18 15:06:45 wgservices ipop3d[13566]: Connection reset by peer while reading line user=wgs host=[10.0.0.12]


Sep 18 09:37:11 wgservices ipop3d[10060]: Error opening or locking INBOX user=wgs host=UNKNOWN
Sep 18 09:37:11 wgservices ipop3d[10060]: Login user=wgs host=UNKNOWN no mailbox
Sep 18 09:37:11 wgservices ipop3d[10060]: Logout user=wgs host=UNKNOWN nmsgs=5 ndele=0


The confusing thing for me is that other users, such as myself, can check their mail using POP3 perfectly. Only some accounts seem to be unable to do so. I tried looking for and removing lock files, checking disk-free space, installing and using qpopper, and even went as far as removing one user's account and readding it - but this had no impact on the problem. Why ipop3d seems unable to determine the host of a machine on the LAN is a bit puzzling - it should be 10.0.0.22.

When I telnet to the POP3 server from a remote site, I appear to be able to access it normally:

Trying 150.101.whatever...
Connected to mail.whatever.com
Escape character is ''.
+OK POP3 whatever.com v2003.83 server ready
user wgs
+OK User name accepted, password please
pass correctpassword
+OK Mailbox open, 0 messages
quit
+OK Sayonara
Connection closed by foreign host.

Does anyone have any ideas what this problem is caused by and how it can be fixed? We're using Sendmail in conjunction with Mailscanner, Sophos antivirus, and Spamassassin, and the Eudora and Mozilla mail clients. Several machines check the same accounts (rather than having an alias - not my ideal, but I'm just the monkey that does what's asked). Apparently, similar problems can be caused by clients such as Outlook Express (which we don't use) failing to disconnect cleanly from the server, or something like that.

Thanks,

--Steven

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to