Mail

From Server Knowledge Base
Jump to navigationJump to search

Telnet test

You may need to issue the command STARTTLS first for a CentOS/Postfix server.

Via SSH you can either do:

  • telnet IPaddress port
  • telnet localhost port

For SMTP (outgoing) the default is 25 and for POP (receiving) it is 110. If the telnet fails, do netstat -ant | grep LISTEN . If it does not show 0.0.0.0:25, 127.0.0.1:25 or :::25 then you may need to start xinetd.

telnet ipaddress 25
mail from: anyaddress@example.com
rcpt to: test@receivingdomain.co.uk
data
enter content of message
.

Do CTRL + ] to get halfway out, then type and enter quit.

If you get -ERR Authentication failed, the password or DNS is wrong or the Mail Transfer Agent isn't running.

To authenticate

Courtesy of Jon Freeman:

http://www.opinionatedgeek.com/dotnet/tools/base64encode

POP is plain text, can just use the plain text login details. SMTP requires base64 encoding (use tool above) as follows.

telnet mail.server.tld 25
AUTH LOGIN - which will respond with 334 VXNlcm5hbWU6 which is Username: in base64
Enter the username encoded in base64 - This will respond with 334 UGFzc3dvcmQ6 which is Password: in base64
Enter the password encoded in base64, should get 235 2.0.0 Authentication successful

Alternate

Commands
Server response

telnet IPaddressOrDomain 110
Trying IPaddressOrDomain...
Connected to IPaddressOrDomain.
Escape character is '^]'.
+OK Mail Server
user <username>
+OK
pass <password>
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
.
quit
+OK Logging out
+OK Bye-bye.

Best Preference MX or A for that Host

If you get the following message: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local you normally need to do the following:

hostname
*copy the hostname*
vim /var/qmail/control/locals
*insert the hostname into the locals file*
/etc/init.d/qmail restart

Domain isn't in my list of allowed rcpthosts (#5.7.1)

If you receive "Server error: '553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)'" you will either need to go into your rcpthosts file in /var/qmail/control/rcpthosts and add in the domain or you need to use the option "Server requires authentication" for sending mail.

It can also mean that the domain name is configured on the server, but not got the mailbox setup on there, usually because mail is handled externally.

Confirm the address your client is emails TO and FROM.

Unrelated note: you normally should not add localhost to the /etc/hosts file

Webmail does not show up

Please ensure you have mail switched on in Plesk, the mail A record is pointing to your VPS IP address and the MX record is mail.domain.com

Accessing horde shows auth error

Go into /etc/php5/apache2/php.ini file and ensure the following is set:

extension=mcrypt.so
extension=imap.so
include_path = "".:""

Then restart Apache /etc/init.d/apache2 restart

Spam

1) Check the IP on these websites to see if it is on any Blacklists.

mysql -uadmin -p
use psa

2) This shows the emails and passwords in the MySQL database for Plesk.

2.5) If an email is set to an insecure password then it could have been compromised.

3) Check the qmail message folder and cat individual messages to see the source and if the emails are inbound or outbound at /var/qmail/queue/mess

4) A script could have been setup that sends out spam from a server or the spam could simply be incoming.

5) Check the SMTP banner and if it matches the root@hostname. This can be changed to mail.domain:

vim var/qmail/control/me

It is advised to use the reject option, rather than forcing a CATCHALL on mail.

Email identified as spam

There are a number of steps to reduce the likelihood of your email being identified as SPAM:

1) Implement an SPF record

An SPF record allows you to specify IP addresses that are legitimately allowed to send email for your domain name. The purpose of this to stop spammers trying to use your domain name. You can generate an SPF record for your site here:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard
http://www.mtgsy.net/dns/spfwizard.php

For help with the Syntax please see this.

If you are using an external registrar you will need to ask your domain provider to add the SPF record. For 123-reg, please see here.

2) Configure a hostname via your server control panel or root access i.e mail.domain.com within the /etc/hostname file
3) Ensure the SMTP banner matches the hostname
4) Implement a "Reverse DNS/PTR" record for your IP address to match the above. i.e mail.domain.com
5) Another way to prevent spoofing is to add a digital signature to outgoing message headers using the DKIM standard. This involves using a private domain key to encrypt your domain’s outgoing mail headers, and adding a public version of the key to the domain's DNS records. Recipient servers can then retrieve the public key to decrypt incoming headers and verify the message is from you.

Random Reverse DNS error message

Incoming/Receiving Spam

Secure your email account passwords.
Look at the mail headers using the qmHandle option ./qmHandle -c -l and then ./qmHandle -m<number>.
This shows if the mail account has been logged into using authentication, shown as "with STMP", if the mail comes from the server "invoked by network" and the IP address that is comes from.

Reading email headers

Normally a script would say 127.0.0.1 (or localhost)
If the spammer authenticated it would say something along the lines of auth with SMTP
If port 25 is closed and all email ports it is normally a script
If the headers show it was sent by a UID on the server this is normally a script. Check the MySQL database or passwd files for the UID.

Spam Assassin

This comes in the Plesk Power Pack and can be found once installed at Settings > Server Components > psa-spamassasin

It can be set globally or per domain.

Note: Microsoft can blacklist your server due to having received unwanted mail from it. Possible explanations for this are:

  • The password for a mail account on your server was guessed or gained through malware on the local PC.
  • A script that sends mail in one of your hosting accounts is being exploited to send spam, for example an "email a friend" web page.
  • One of your websites has been exploited allowing hackers to upload their own mail sending scripts, this is a common motivation for hacking sites.
  • You have mail forwarding configured to a microsoft address which has also forwarded spam. you may have a catch-all address or highly publicised address which will attract a large amount of spam, if you forward this the receiving server will perceive the spam as originating form you.

Notes:

Seeing one of the spam messages including the full headers is helpful.

Adding an SPF record prevents other servers from sending mail claiming to be from your domains. If adding an SPF record reduced spam then the issue was external and nothing to do with your server.

Check if your accounts have weak passwords. Spammers will typically connect to a server and try a few hundred common passwords before moving on. These may well include passwords that are the same as the username and domain name. They will also include common obfuscations of the word password. Attackers will always make login attempts using either the full email address as the username or just common names. You should always have passwords with upper and lower case letter, numbers and symbols.

Server security issues come in two main types. Firstly were the server is compromised, attackers have full control of the server. Secondly is individual websites being compromised. Scripts running in a website normally only have access to the account they are running in, this means if an account is hacked attackers can't alter other sites running on the server or make changes to the underlying server configuration. The second type of hack results from attackers exploiting the code of a website. Detecting the comprised sites is also difficult as typically attackers will insert redirects into a site to an external server that contains the actual malware, redirects could be a legitimate part of the site. Similarly spam sending scripts are hard to differentiate from legitimate email scripts.

It could be someone else sending spam claiming to be from your server, it could be a local PC infected but configured to use your server for outgoing mail.

Sendmail

vim /etc/cron.d/sendmail

Comment out the line ending in cron-msp

Alternatively, move /etc/cron.d/sendmail to a different directory such as /var/www/vhosts/domain.com/private or remove the file, stop the service and then start qmail:

rm /etc/cron.d/sendmail
rm /usr/share/sendmail/sendmail
/etc/init.d/sendmail stop (or)
*For a more permanent fix see below*
rm /etc/init.d/sendmail
dpkg --purge sendmail-base sendmail-bin sendmail-cf
ln -s /var/qmail/bin/sendmail sendmail

Stop the cron job that may email you if need be. Removing sendmail is often done due to constant emails with the below message:

mkdir: can not create directory` / var / run / sendmail: Permission denied
Cron test-x /etc/init.d/sendmail 
/usr/share/sendmail/sendmail cron-msp

These are not instructions above, it is an error message.

POP (Post Office Protocol)

This is the older of the two methods for mail retrieval. In the most basic sense, POP simply grabs emails from your server and downloads them to your email client.

When using POP, emails are deleted from the server and will not be available if you attempt to access your mail from another email client or webmail. Some email clients offer a feature to leave a copy on the server. We have seen many email issues from this feature being used improperly. For these reasons, we suggest using IMAP whenever possible. Also, on any (mt) Media Temple service, junk mail may be routed into a Spam Folder which is accessible only to IMAP connections. Simply put: If you're using POP, you may not be aware that there are potentially thousands of messages being put into an unchecked spam folder. If you decide to use POP, you can still view these messages using the webmail client for your service. Please see this article for more information on webmail: Using Webmail.

IMAP

IMAP is the preferred method of connecting to your email server. It simply displays the contents of your mailbox as they appear on your server. Also, by default, spam folders are configured to be IMAP-Only, meaning you will need to use an IMAP connection in order to view and delete messages. Once again, we recommend using an IMAP connection to both keep an eye on your Spam folder, and to make sure you don't download email from your server that you would like to read elsewhere.

IMAP uses the courier service. Horde and Atmail are not services, PHP scripts that connect locally using courier.

Increase max connections for Courier IMAP connections per IP

vim etc/courier-imap/imapd

or

vim /etc/courier/imapd

The file below also contains max daemons and max per IP:

vim /etc/courier/pop3d

Test Script

Mail hosted externally

If the DNS and mail is hosted externally and have these services switched on in the VPS for that domain your server will try to handle mail for that domain locally. This means when anyone sends to it instead of delivering to the external service it will try to go the server.

Deactivate mail and DNS for that domain from within Plesk by going to Hosting Services > Domains > Control Panel > Mail tab > Change Settings > Untick "Activate mail server for this domain"

Mail Enable (Windows)

Check out MailEnable System Overview for useful information.

To check email attachment limit go to:

Start > All Programs > Mail Enable > MailEnable Administrator - MailEnable Management > Servers > Connectors > right click SMTP > Properties > Outbound

Backing up emails

Either send mail elsewhere manually, use Mail Enable's forward feature or copy post office mailbox account:

C:\Program Files (x86)\Parallels\Plesk\Mail Servers\Mail Enable\Postoffices\domain.com\MAILROOT
C:\Program Files\Mail Enable\Postoffices\accountname\mailroot

and back.

Changing Mail Enable account password

This only applies to Plesk 9 servers.

Creating folders in Horde

This is only supported with the IMAP server. IMAP is not installed on all Windows servers. Mail Enable normally requires a license to have it installed. So it depends on the server you are hosted on.

Only the MailEnable Professional & Enterprise editions have the IMAP feature [which is required for the sent mail folders to be visible/available in the webmail interface] & other services inbuilt with the bootstrap-installer.

Creating the sent folder on horde

Increasing concurrent connections for IMAP

Start > search MailEnable > click MailEnable Administrator > Servers > localhost > Connectors > right click STMP > Properties > Inbound tab

To start the IMAP service, go to localhost > Services > MailEnable IMAP service

Logs in Mail Enable Administrator/Management

MailEnable.msc

Servers > localhost > Connectors > SMTP > Logs > W3C

Migrating Email from MailEnable to SmarterMail - Link Down

http://globalaxess-sharecenter.com/index.php/2011/02/migrating-your-email-from-mailenable-to-smartermail

Setting SMTP banner

  • C:\Program Files (x86)\Parallels\Plesk\Mail Servers\Mail Enable\Bin
  • Click MailEnable MS Common Console Document (red toolbox)
  • Servers > Connectors > right click SMTP > Properties > General tab
  • Set the Local Domain Name and the Default mail domain name.
  • Restart the SMTP mail service under System > Services

Troubleshooting ME

SMTP connectivity issues & analyse log files
Delete log files


Managing mail via Plesk

If you get errors with mail, /opt/psa/admin/sbin/mchk checks the mail configuration/MTA (Mail Transfer Agent).

If you have trouble with large mailshots, check /etc/httpd/conf.d/fcgid.conf for the IPCCommTimeout and IPCConnectTimeout setting.

Account location in Unix

/var/qmail/mailnames

Change location of mail Mail Directories

Relay access denied

Relay access denied
Verify that the server is not acting as an open relay

Postfix:

554 5.7.1: Relay access denied (state 13).

Qmail:

553 sorry, that domain isn't in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1) (state 13)

Either enable Server requires Authentication, try send through non-Gmail or check your MX records.

Catchall email account

  • Go to the Mail tab.
  • Click Change Settings.
  • Choose Forward to Address.
  • Type the address where you want the mail to be sent.
  • Click OK.

Enable DKIM

Go to Server Management > Tools & Settings > Mail > Mail Server settings > DomainKeys spam protection or Server tab > Mail > Mail Server settings

Then enable Spam Protection on email level.

Due to limitations of version 9 you cannot add certain DKIM records via Plesk. The record can be added directly to the Microsoft DNS service via Remote Desktop and set Plesk to use this rather than Bind DNS.

Mailing Lists

Install Mailman in Plesk to do this by going to Server Management - Tools & Settings > Panel - Updates and Upgrades > Add Components > + Additional mail services > tick Mailman mailing list manager support

Mail Relaying

This means to relay mail to an external server, to do this you need to edit the qmail configuration.

Outlook

http://support.microsoft.com/kb/290842
http://office.microsoft.com/en-us/outlook-help/troubleshoot-550-553-and-relay-prohibited-errors-HA001112833.aspx

Limit Global Mailbox size

Plesk 10: Set this within Service Plans > the Service Plan with the subscription under it > Resources tab > Mailbox size.

Plesk 9.3: Domains - click the domain URL > Mail Accounts > click the Mail Account > Mailbox > change it from 97.7MB to a high value in kilobytes.

If when you do the above setting you get the following message:

Error: Unable to set the mailbox size limit for the domain: The size of this mailbox must not exceed the limit t of disk space allocated for mailboxes in this domain.

You need to go to Domains > tick the domain > Modify > Set Mailbox Quota to Unlimited > scroll to the bottom and click OK > try setting the mailbox limit again

SSL Outlook setting

Ensure SSL encryption is disabled in Outlook for the email account to function with a Plesk server mail account.

  • When creating a mail account in Plesk, if you get;

Error: Unable to update the mail account properties:mailmng failed: mailmng: Unable to open file "/var/lock/files/2b41cfc09d5551bc725fc1f754631002": No such file or directory. System error 2: No such file or directory mailmng: Error occurred while locking the file /var/qmail/users/assign: No such file or directory

Create the folder /var/lock/files manually using mkdir /var/lock/files

Turn mail for domain on/off

Skip the first two steps if you can already see the Mail tab.

  • Hosting Services - Domains or Subscriptions.
  • Then click Manage Hosting or Open in Control Panel for your domain
  • Click the Mail tab > then click Change Settings
  • Tick or untick Activate mail service on domain

Put email address in Server White List (Plesk 9)

Settings > Mail - Spam Filter Settings > White List tab > Add Addresses

Unable to CC/send to self

If it is Windows with MailEnable and Plesk, disable the spam filter. Alternatively recreate the account.

Postfix

You may be able to check postfix queue by doing:

postqueue -p

or

qshape

Newer versions of Plesk 11 have changed their queue syntax. pfqueue and postsuper (use locate) may help.

Squirrel Mail Attachment Size

Postfix: a configuration parameter called message_size_limit in the file /etc/postfix/main.cf sets the maximum size (in bytes) of the entire message - default: 10240000 - i.e. approximately 10MBytes

Debugging
Cheat Sheet
Troubleshooting: 1, 2

Do not edit the master.cnf, only main.cf

bad address syntax

Look in /etc/postfix/main.cf or /usr/libexec/postfix/main.cf for reject_non_fqdn_sender , also you may want to specify myhostname to be something other than localhost.localdomain on the final line of /etc/postfix/main.cf

/etc/init.d/hostname restart

You should also update /etc/hosts for consistency if it isn't done automatically. An alternative is to get it set on the physical host machine.

Setting hostname/SMTP banner

vim /etc/mailname

vim /etc/postfix/main.cf

Uncomment the following line and restart postfix:

smtpd_banner = $myhostname ESMTP $mail_name

Spam using Postfix

Change your hostname in Plesk from localhost.localdomain

Clam on Ubuntu

Malformed database:

/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop
cd /var/lib/clamav/
rm -f daily.cld main.cvd
freshclam 
/etc/init.d/clamav-daemon start
/etc/init.d/clamav-freshclam start

/etc/clamav/freshclam.conf

Exim Cheat Sheet

FreeBSD

tail -f /var/log/clamd/clamd.log

/var/log/clamav/clamav.log on Ubuntu

Log size = 12305523, max = 1048576
LOGGING DISABLED (Maximal log file size exceeded).

Empty the file:

:> /var/log/clamd/clamd.log

Add it to the log rotation:

vim /etc/newsyslog.conf
#logfilename          [owner:group]    mode count size   when  flags [/pid_file] [sig_num]
/var/log/clamd/clamd.log               644  2     10000    *   Z

/etc/rc.d/qmail.sh restart

Alternate errors:

tail -f clamd.log
Log file size limited to 1048576 bytes.
Reading databases from /usr/local/clamav/share/clamav
Not loading PUA signatures.
ERROR: Malformed database
+++ Started at Wed Sep  5 11:09:10 2012
clamd daemon 0.95.2 (OS: freebsd4.11, ARCH: i386, CPU: i386)
Log file size limited to 1048576 bytes.
Reading databases from /usr/local/clamav/share/clamav
Not loading PUA signatures.
ERROR: Malformed database
+++ Started at Wed Sep  5 11:09:11 2012
clamd daemon 0.95.2 (OS: freebsd4.11, ARCH: i386, CPU: i386)
Log file size limited to 1048576 bytes.
Reading databases from /usr/local/clamav/share/clamav
Not loading PUA signatures.
ERROR: Malformed database

Try remove the clam database files and reload it:

cd /var/tmp/
rm -r clamav-*
cd /usr/local/clamav/share/clamav
rm -r *
/usr/local/clamav/bin/freshclam -u qmaild -l /var/log/clamd/freshclam.log

If you still get errors though:

tail -f /var/log/clamd/clamd.log
Log file size limited to 1048576 bytes.
Reading databases from /usr/local/clamav/share/clamav
Not loading PUA signatures.
ERROR: Can't verify database integrity
+++ Started at Wed Sep  5 11:11:57 2012
clamd daemon 0.95.2 (OS: freebsd4.11, ARCH: i386, CPU: i386)
Log file size limited to 1048576 bytes.
Reading databases from /usr/local/clamav/share/clamav
Not loading PUA signatures.
ERROR: Can't verify database integrity

Rebuild clamav and re-install it to resolve the issue, see if the source files were still on the server.

svc -d /var/qmail/supervise/qmail-scand/log/
svc -d /var/qmail/supervise/qmail-scand/
cd /var/tmp/
find . -name 'clamav*' | xargs rm -rf
cd /usr/local/src/clamav-0.95.2
make clean
./configure --disable-clamav --prefix=/usr/local/clamav/
make
make install

Finally, correct any permissions errors, and re-download the database:

touch /var/log/clamd/clamd.log
chown qmaild:nofiles /var/log/clamd/clamd.log
chmod 644 /var/log/clamd/clamd.log
chmod 644 /usr/local/clamav/etc/clamd.conf
rm /usr/local/clamav/share/clamav/*.cvd
/usr/local/clamav/bin/freshclam -u qmaild -l /var/log/clamd/freshclam.log

Reboot the server.

Repair/rebuild all mail configuration files for Plesk

Brute force on mail accounts

tail -f  /usr/local/psa/var/log/maillog

What the above command does is tracks the bottom of the mail log file that keeps track of all mail outgoing and incoming in regards to the server. If you see a specific IP address that is constantly trying to login and getting LOGIN FAILED or something similar and the attempts are really close together (e.g. 1-5 seconds) then use the following command to check which IP's are blocked so far:

iptables -L

It is important to see if it is accessing via SMTP (Sending Mail, Port 25), POP3 (receiving email, Port 110) and IMAP (receiving email, Port 143). To block (drop connections) an IP use the following command:

/sbin/iptables -A INPUT -s OffendingIP -j DROP -p tcp --destination-port PORT
iptables -L
iptables-save

Check iptables -L again to ensure it it blocked. Using ACCEPT instead of DROP will allow the IP and port for that specific IP.

Atmail kicks out on log in

If you get the below error:

Server responded: -ERR Login failed

Ensure your email address in Plesk isn't capitalised and select the Secure IMAP option.

If when you log into Atmail webmail with the correct user details and it returns to the login screen. If you input incorrect details then it fails with an incorrect login as you would expect. The logs will indicate that you are logging in successfully with the correct details, however the URL you may be redirected to is http://webmail.domain.co.uk/index.php?error=auth

This can be caused because Atmail sessions won't work if php is enabled with 'ioncube' or 'zend-optimizer'. Disabled 'ioncube' in PHP

Comment out the line in the file /etc/php5/cli/conf.d/ioncube-loader-5.3.ini to disable ionCobe Zend extension in php

cat /etc/php5/cli/conf.d/ioncube-loader-5.3.ini

zend_extension=/usr/lib/php5/20090626/ioncube_loader_lin_5.3.so

If you want to re-enable ioncube, please do the following.

  • 1. Open file /etc/php5/cli/conf.d/ioncube-loader-5.3.ini
  • 2. Uncomment the 2nd line containing "zend_extensio"
  • 3. Save the file
  • 4. Reload Apache using /etc/init.d/apache2 reload

Re-installing Horde on Plesk

For Ubuntu 10.04 with Plesk 10+ or Ubuntu 8.04 with Plesk 9.5

This is not a guaranteed fix. Make a backup of folder and contents of /etc/psa-webmail/horde somewhere safe

cp -Rp /etc/psa-webmail/horde /etc/psa-webmail/horde.backup
dpkg --purge --force-depends psa-horde psa-imp psa-kronolith psa-mnemo psa-turba psa-ingo psa-mimp
rm -rf /etc/psa-webmail/horde
/opt/psa/admin/bin/autoinstaller --select-release-current -install component horde
#or install horde as normal using. /opt/psa/admin/bin/autoinstaller

#install the latest micro updates
/opt/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --reinstall-patch --install-component base

Once done, restore the horde.shadow file from the backup into the new horde folder created by the installer:

cd /etc/psa-webmail/
mv /etc/psa-webmail/horde.backup/horde.shadow ../horde/
/etc/init.d/apache2 restart

Then log in and check if horde is working. If not, you may want to consider upgrading from Plesk 9 to 10 or a clean re-install.

Removing Dr Web for Ubuntu

This is not a guaranteed fix.

People often remove this because it can cause mass emails/bounce messages.

locate drweb
dpkg --get-selections|grep drweb
apt-get remove psa-drweb5-upgrade
apt-get remove drweb-base drweb-bases drweb-common drweb-daemon drweb-updater
/etc/init.d/qmail restart

Alternate solutions; edit /etc/drweb/drweb_handler.conf , /etc/drweb/drweb32.ini and /etc/cron.d/drweb-update and http://forum.parallels.com/showthread.php?t=95308

Disable email notification

vim /var/spool/cron/drweb

Comment out the mail to command.

vim /etc/drweb/drweb32.ini
/mail

# MailCommand = {String}
# Command used by Daemon and Updater to send notifications to a user
# (administrator) via e-mail.
MailCommand = "/usr/sbin/sendmail -i -bm -f drweb -- root"

Commented out bottom line above.

/etc/init.d/postfix restart