Telnet test
You may need to issue the command STARTTLS first for a CentOS/Postfix server.
Via SSH you can either do:
- telnet IPaddress port
- telnet localhost port
For SMTP (outgoing) the default is 25 and for POP (receiving) it is 110. If the telnet fails, do netstat -ant | grep LISTEN . If it does not show 0.0.0.0:25, 127.0.0.1:25 or :::25 then you may need to start xinetd.
telnet ipaddress 25 mail from: [email protected] rcpt to: [email protected] data enter content of message .
Or do:
Commands
Server response
telnet IPaddressOrDomain 110
Trying IPaddressOrDomain...
Connected to IPaddressOrDomain.
Escape character is '^]'.
+OK Mail Server
user <username>
+OK
pass <password>
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
.
quit
+OK Logging out
+OK Bye-bye.
If you get -ERR Authentication failed, the password or DNS is wrong or the Mail Transfer Agent isn't running.
To authenticate
Courtesy of Jon Freeman:
http://www.opinionatedgeek.com/dotnet/tools/base64encode
POP is plain text, can just use the plain text login details. SMTP requires base64 encoding (use tool above) as follows.
telnet mail.server.tld 25
AUTH LOGIN - which will respond with 334 VXNlcm5hbWU6 which is Username: in base64
Enter the username encoded in base64 - This will respond with 334 UGFzc3dvcmQ6 which is Password: in base64
Enter the password encoded in base64, should get 235 2.0.0 Authentication successful
Best Preference MX or A for that Host
If you get the following message: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local you normally need to do the following:
hostname *copy the hostname* vim /var/qmail/control/locals *insert the hostname into the locals file* /etc/init.d/qmail restart
Domain isn't in my list of allowed rcpthosts (#5.7.1)
If you receive "Server error: '553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)'" you will either need to go into your rcpthosts file in /var/qmail/control/rcpthosts and add in the domain or you need to use the option "Server requires authentication" for sending mail.
It can also mean that the domain name is configured on the server, but not got the mailbox setup on there, usually because mail is handled externally.
Confirm the address your client is emails TO and FROM.
Unrelated note: you normally should not add localhost to the /etc/hosts file
Webmail does not show up
Please ensure you have mail switched on in Plesk, the mail A record is pointing to your VPS IP address and the MX record is mail.domain.com
Accessing horde shows auth error
Go into /etc/php5/apache2/php.ini file and ensure the following is set:
extension=mcrypt.so extension=imap.so include_path = "".:""
Then restart Apache /etc/init.d/apache2 restart
Spam
1) Check the IP on these websites to see if it is on any Blacklists.
mysql -uadmin -p use psa
2) This shows the emails and passwords in the MySQL database for Plesk.
2.5) If an email is set to an insecure password then it could have been compromised.
3) Check the qmail message folder and cat individual messages to see the source and if the emails are inbound or outbound at /var/qmail/queue/mess
4) A script could have been setup that sends out spam from a server or the spam could simply be incoming.
5) Check the SMTP banner and if it matches the root@hostname. This can be changed to mail.domain:
vim var/qmail/control/me
It is advised to use the reject option, rather than forcing a CATCHALL on mail.
Email identified as spam
There are a number of steps to reduce the likelihood of your email being identified as SPAM:
1) Implement an SPF record
An SPF record allows you to specify IP addresses that are legitimately allowed to send email for your domain name. The purpose of this to stop spammers trying to use your domain name. You can generate an SPF record for your site here:
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard
http://www.mtgsy.net/dns/spfwizard.php
For help with the Syntax please see this.
If you are using an external registrar you will need to ask your domain provider to add the SPF record. For 123-reg, please see here.
2) Configure a hostname via your server control panel or root access i.e mail.domain.com within the /etc/hostname file
3) Ensure the SMTP banner matches the hostname
4) Implement a "Reverse DNS/PTR" record for your IP address to match the above. i.e mail.domain.com
5) Another way to prevent spoofing is to add a digital signature to outgoing message headers using the DKIM standard. This involves using a private domain key to encrypt your domain’s outgoing mail headers, and adding a public version of the key to the domain's DNS records. Recipient servers can then retrieve the public key to decrypt incoming headers and verify the message is from you.
Random Reverse DNS error message
Incoming/Receiving Spam
Secure your email account passwords.
Look at the mail headers using the qmHandle option ./qmHandle -c -l and then ./qmHandle -m<number>.
This shows if the mail account has been logged into using authentication, shown as "with STMP", if the mail comes from the server "invoked by network" and the IP address that is comes from.
Reading email headers
Normally a script would say 127.0.0.1 (or localhost)
If the spammer authenticated it would say something along the lines of auth with SMTP
If port 25 is closed and all email ports it is normally a script
If the headers show it was sent by a UID on the server this is normally a script. Check the MySQL database or passwd files for the UID.
Spam Assassin
This comes in the Plesk Power Pack and can be found once installed at Settings > Server Components > psa-spamassasin
It can be set globally or per domain.
Note: Microsoft can blacklist your server due to having received unwanted mail from it. Possible explanations for this are:
- The password for a mail account on your server was guessed or gained through malware on the local PC.
- A script that sends mail in one of your hosting accounts is being exploited to send spam, for example an "email a friend" web page.
- One of your websites has been exploited allowing hackers to upload their own mail sending scripts, this is a common motivation for hacking sites.
- You have mail forwarding configured to a microsoft address which has also forwarded spam. you may have a catch-all address or highly publicised address which will attract a large amount of spam, if you forward this the receiving server will perceive the spam as originating form you.
Notes:
Seeing one of the spam messages including the full headers is helpful.
Adding an SPF record prevents other servers from sending mail claiming to be from your domains. If adding an SPF record reduced spam then the issue was external and nothing to do with your server.
Check if your accounts have weak passwords. Spammers will typically connect to a server and try a few hundred common passwords before moving on. These may well include passwords that are the same as the username and domain name. They will also include common obfuscations of the word password. Attackers will always make login attempts using either the full email address as the username or just common names. You should always have passwords with upper and lower case letter, numbers and symbols.
Server security issues come in two main types. Firstly were the server is compromised, attackers have full control of the server. Secondly is individual websites being compromised. Scripts running in a website normally only have access to the account they are running in, this means if an account is hacked attackers can't alter other sites running on the server or make changes to the underlying server configuration. The second type of hack results from attackers exploiting the code of a website. Detecting the comprised sites is also difficult as typically attackers will insert redirects into a site to an external server that contains the actual malware, redirects could be a legitimate part of the site. Similarly spam sending scripts are hard to differentiate from legitimate email scripts.
It could be someone else sending spam claiming to be from your server, it could be a local PC infected but configured to use your server for outgoing mail.
Sendmail
vim /etc/cron.d/sendmail
Comment out the line ending in cron-msp
Alternatively, move /etc/cron.d/sendmail to a different directory such as /var/www/vhosts/domain.com/private or remove the file, stop the service and then start qmail:
rm /etc/cron.d/sendmail rm /usr/share/sendmail/sendmail /etc/init.d/sendmail stop (or) *For a more permanent fix see below* rm /etc/init.d/sendmail dpkg --purge sendmail-base sendmail-bin sendmail-cf ln -s /var/qmail/bin/sendmail sendmail
Stop the cron job that may email you if need be. Removing sendmail is often done due to constant emails with the below message:
mkdir: can not create directory` / var / run / sendmail: Permission denied Cron test-x /etc/init.d/sendmail /usr/share/sendmail/sendmail cron-msp
These are not instructions above, it is an error message.
POP (Post Office Protocol)
This is the older of the two methods for mail retrieval. In the most basic sense, POP simply grabs emails from your server and downloads them to your email client.
When using POP, emails are deleted from the server and will not be available if you attempt to access your mail from another email client or webmail. Some email clients offer a feature to leave a copy on the server. We have seen many email issues from this feature being used improperly. For these reasons, we suggest using IMAP whenever possible. Also, on any (mt) Media Temple service, junk mail may be routed into a Spam Folder which is accessible only to IMAP connections. Simply put: If you're using POP, you may not be aware that there are potentially thousands of messages being put into an unchecked spam folder. If you decide to use POP, you can still view these messages using the webmail client for your service. Please see this article for more information on webmail: Using Webmail.
IMAP
IMAP is the preferred method of connecting to your email server. It simply displays the contents of your mailbox as they appear on your server. Also, by default, spam folders are configured to be IMAP-Only, meaning you will need to use an IMAP connection in order to view and delete messages. Once again, we recommend using an IMAP connection to both keep an eye on your Spam folder, and to make sure you don't download email from your server that you would like to read elsewhere.
IMAP uses the courier service. Horde and Atmail are not services, PHP scripts that connect locally using courier.
Increase max connections for Courier IMAP connections per IP
vim etc/courier-imap/imapd
or
vim /etc/courier/imapd
The file below also contains max daemons and max per IP:
vim /etc/courier/pop3d
Test Script
Mail hosted externally
If the DNS and mail is hosted externally and have these services switched on in the VPS for that domain your server will try to handle mail for that domain locally. This means when anyone sends to it instead of delivering to the external service it will try to go the server.
Deactivate mail and DNS for that domain from within Plesk by going to Hosting Services > Domains > Control Panel > Mail tab > Change Settings > Untick "Activate mail server for this domain"
Mail Enable (Windows)
Check out MailEnable System Overview for useful information.
To check email attachment limit go to:
Start > All Programs > Mail Enable > MailEnable Administrator - MailEnable Management > Servers > Connectors > right click SMTP > Properties > Outbound
Backing up emails
Either send mail elsewhere manually, use Mail Enable's forward feature or copy post office mailbox account:
C:\Program Files (x86)\Parallels\Plesk\Mail Servers\Mail Enable\Postoffices\domain.com\MAILROOT
C:\Program Files\Mail Enable\Postoffices\accountname\mailroot
and back.
Changing Mail Enable account password
This only applies to Plesk 9 servers.
Creating folders in Horde
This is only supported with the IMAP server. IMAP is not installed on all Windows servers. Mail Enable normally requires a license to have it installed. So it depends on the server you are hosted on.
Only the MailEnable Professional & Enterprise editions have the IMAP feature [which is required for the sent mail folders to be visible/available in the webmail interface] & other services inbuilt with the bootstrap-installer.
Creating the sent folder on horde
Increasing concurrent connections for IMAP
Start > search MailEnable > click MailEnable Administrator > Servers > localhost > Connectors > right click STMP > Properties > Inbound tab
To start the IMAP service, go to localhost > Services > MailEnable IMAP service
Logs in Mail Enable Administrator/Management
MailEnable.msc
Servers > localhost > Connectors > SMTP > Logs > W3C
Migrating Email from MailEnable to SmarterMail - Link Down
Setting SMTP banner
- C:\Program Files (x86)\Parallels\Plesk\Mail Servers\Mail Enable\Bin
- Click MailEnable MS Common Console Document (red toolbox)
- Servers > Connectors > right click SMTP > Properties > General tab
- Set the Local Domain Name and the Default mail domain name.
- Restart the SMTP mail service under System > Services
Troubleshooting ME
SMTP connectivity issues & analyse log files
Delete log files
Managing mail via Plesk
If you get errors with mail, /opt/psa/admin/sbin/mchk checks the mail configuration/MTA (Mail Transfer Agent).
If you have trouble with large mailshots, check /etc/httpd/conf.d/fcgid.conf for the IPCCommTimeout and IPCConnectTimeout setting.
Account location in Unix
/var/qmail/mailnames
Change location of mail Mail Directories
Relay access denied
Relay access denied
Verify that the server is not acting as an open relay
Postfix:
554 5.7.1: Relay access denied (state 13).
Qmail:
553 sorry, that domain isn't in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1) (state 13)
Either enable Server requires Authentication, try send through non-Gmail or check your MX records.
Catchall email account
- Go to the Mail tab.
- Click Change Settings.
- Choose Forward to Address.
- Type the address where you want the mail to be sent.
- Click OK.
Enable DKIM
Go to Server Management > Tools & Settings > Mail > Mail Server settings > DomainKeys spam protection or Server tab > Mail > Mail Server settings
Then enable Spam Protection on email level.
Due to limitations of version 9 you cannot add certain DKIM records via Plesk. The record can be added directly to the Microsoft DNS service via Remote Desktop and set Plesk to use this rather than Bind DNS.
Mailing Lists
Install Mailman in Plesk to do this by going to Server Management - Tools & Settings > Panel - Updates and Upgrades > Add Components > + Additional mail services > tick Mailman mailing list manager support
Mail Relaying
This means to relay mail to an external server, to do this you need to edit the qmail configuration.
Outlook
http://support.microsoft.com/kb/290842
http://office.microsoft.com/en-us/outlook-help/troubleshoot-550-553-and-relay-prohibited-errors-HA001112833.aspx
Limit Global Mailbox size
Plesk 10: Set this within Service Plans > the Service Plan with the subscription under it > Resources tab > Mailbox size.
Plesk 9.3: Domains - click the domain URL > Mail Accounts > click the Mail Account > Mailbox > change it from 97.7MB to a high value in kilobytes.
If when you do the above setting you get the following message:
Error: Unable to set the mailbox size limit for the domain: The size of this mailbox must not exceed the limit t of disk space allocated for mailboxes in this domain.
You need to go to Domains > tick the domain > Modify > Set Mailbox Quota to Unlimited > scroll to the bottom and click OK > try setting the mailbox limit again
SSL Outlook setting
Ensure SSL encryption is disabled in Outlook for the email account to function with a Plesk server mail account.
- When creating a mail account in Plesk, if you get;
Error: Unable to update the mail account properties:mailmng failed: mailmng: Unable to open file "/var/lock/files/2b41cfc09d5551bc725fc1f754631002": No such file or directory. System error 2: No such file or directory mailmng: Error occurred while locking the file /var/qmail/users/assign: No such file or directory
Create the folder /var/lock/files manually using mkdir /var/lock/files
Turn mail for domain on/off
Skip the first two steps if you can already see the Mail tab.
- Hosting Services - Domains or Subscriptions.
- Then click Manage Hosting or Open in Control Panel for your domain
- Click the Mail tab > then click Change Settings
- Tick or untick Activate mail service on domain
Put email address in Server White List (Plesk 9)
Settings > Mail - Spam Filter Settings > White List tab > Add Addresses
Unable to CC/send to self
If it is Windows with MailEnable and Plesk, disable the spam filter. Alternatively recreate the account.
Postfix
You may be able to check postfix queue by doing:
postqueue -p
or
qshape
Newer versions of Plesk 11 have changed their queue syntax. pfqueue and postsuper (use locate) may help.
Postfix: a configuration parameter called message_size_limit in the file /etc/postfix/main.cf sets the maximum size (in bytes) of the entire message - default: 10240000 - i.e. approximately 10MBytes
Debugging
Cheat Sheet
Troubleshooting: 1, 2
Do not edit the master.cnf, only main.cf
bad address syntax
Look in /etc/postfix/main.cf or /usr/libexec/postfix/main.cf for reject_non_fqdn_sender , also you may want to specify myhostname to be something other than localhost.localdomain on the final line of /etc/postfix/main.cf
/etc/init.d/hostname restart
You should also update /etc/hosts for consistency if it isn't done automatically. An alternative is to get it set on the physical host machine.
Setting hostname/SMTP banner
vim /etc/mailname
vim /etc/postfix/main.cf
Uncomment the following line and restart postfix:
smtpd_banner = $myhostname ESMTP $mail_name
Spam using Postfix
Change your hostname in Plesk from localhost.localdomain
Clam on Ubuntu
Malformed database:
/etc/init.d/clamav-daemon stop /etc/init.d/clamav-freshclam stop cd /var/lib/clamav/ rm -f daily.cld main.cvd freshclam /etc/init.d/clamav-daemon start /etc/init.d/clamav-freshclam start
/etc/clamav/freshclam.conf
Exim Cheat Sheet
FreeBSD
tail -f /var/log/clamd/clamd.log
/var/log/clamav/clamav.log on Ubuntu
Log size = 12305523, max = 1048576 LOGGING DISABLED (Maximal log file size exceeded).
Empty the file:
:> /var/log/clamd/clamd.log
Add it to the log rotation:
vim /etc/newsyslog.conf
#logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] /var/log/clamd/clamd.log 644 2 10000 * Z /etc/rc.d/qmail.sh restart
Alternate errors:
tail -f clamd.log
Log file size limited to 1048576 bytes. Reading databases from /usr/local/clamav/share/clamav Not loading PUA signatures. ERROR: Malformed database +++ Started at Wed Sep 5 11:09:10 2012 clamd daemon 0.95.2 (OS: freebsd4.11, ARCH: i386, CPU: i386) Log file size limited to 1048576 bytes. Reading databases from /usr/local/clamav/share/clamav Not loading PUA signatures. ERROR: Malformed database +++ Started at Wed Sep 5 11:09:11 2012 clamd daemon 0.95.2 (OS: freebsd4.11, ARCH: i386, CPU: i386) Log file size limited to 1048576 bytes. Reading databases from /usr/local/clamav/share/clamav Not loading PUA signatures. ERROR: Malformed database
Try remove the clam database files and reload it:
cd /var/tmp/ rm -r clamav-* cd /usr/local/clamav/share/clamav rm -r * /usr/local/clamav/bin/freshclam -u qmaild -l /var/log/clamd/freshclam.log
If you still get errors though:
tail -f /var/log/clamd/clamd.log
Log file size limited to 1048576 bytes. Reading databases from /usr/local/clamav/share/clamav Not loading PUA signatures. ERROR: Can't verify database integrity +++ Started at Wed Sep 5 11:11:57 2012 clamd daemon 0.95.2 (OS: freebsd4.11, ARCH: i386, CPU: i386) Log file size limited to 1048576 bytes. Reading databases from /usr/local/clamav/share/clamav Not loading PUA signatures. ERROR: Can't verify database integrity
Rebuild clamav and re-install it to resolve the issue, see if the source files were still on the server.
svc -d /var/qmail/supervise/qmail-scand/log/ svc -d /var/qmail/supervise/qmail-scand/ cd /var/tmp/ find . -name 'clamav*' | xargs rm -rf cd /usr/local/src/clamav-0.95.2 make clean ./configure --disable-clamav --prefix=/usr/local/clamav/ make make install
Finally, correct any permissions errors, and re-download the database:
touch /var/log/clamd/clamd.log chown qmaild:nofiles /var/log/clamd/clamd.log chmod 644 /var/log/clamd/clamd.log chmod 644 /usr/local/clamav/etc/clamd.conf rm /usr/local/clamav/share/clamav/*.cvd /usr/local/clamav/bin/freshclam -u qmaild -l /var/log/clamd/freshclam.log
Reboot the server.
Repair/rebuild all mail configuration files for Plesk
Brute force on mail accounts
tail -f /usr/local/psa/var/log/maillog
What the above command does is tracks the bottom of the mail log file that keeps track of all mail outgoing and incoming in regards to the server. If you see a specific IP address that is constantly trying to login and getting LOGIN FAILED or something similar and the attempts are really close together (e.g. 1-5 seconds) then use the following command to check which IP's are blocked so far:
iptables -L
It is important to see if it is accessing via SMTP (Sending Mail, Port 25), POP3 (receiving email, Port 110) and IMAP (receiving email, Port 143). To block (drop connections) an IP use the following command:
/sbin/iptables -A INPUT -s OffendingIP -j DROP -p tcp --destination-port PORT iptables -L iptables-save
Check iptables -L again to ensure it it blocked. Using ACCEPT instead of DROP will allow the IP and port for that specific IP.
Atmail kicks out on log in
If you get the below error:
Server responded: -ERR Login failed
Ensure your email address in Plesk isn't capitalised and select the Secure IMAP option.
If when you log into Atmail webmail with the correct user details and it returns to the login screen. If you input incorrect details then it fails with an incorrect login as you would expect. The logs will indicate that you are logging in successfully with the correct details, however the URL you may be redirected to is http://webmail.domain.co.uk/index.php?error=auth
This can be caused because Atmail sessions won't work if php is enabled with 'ioncube' or 'zend-optimizer'. Disabled 'ioncube' in PHP
Comment out the line in the file /etc/php5/cli/conf.d/ioncube-loader-5.3.ini to disable ionCobe Zend extension in php
cat /etc/php5/cli/conf.d/ioncube-loader-5.3.ini
- zend_extension=/usr/lib/php5/20090626/ioncube_loader_lin_5.3.so
If you want to re-enable ioncube, please do the following.
- 1. Open file /etc/php5/cli/conf.d/ioncube-loader-5.3.ini
- 2. Uncomment the 2nd line containing "zend_extensio"
- 3. Save the file
- 4. Reload Apache using /etc/init.d/apache2 reload
Re-installing Horde on Plesk
For Ubuntu 10.04 with Plesk 10+ or Ubuntu 8.04 with Plesk 9.5
This is not a guaranteed fix. Make a backup of folder and contents of /etc/psa-webmail/horde somewhere safe
cp -Rp /etc/psa-webmail/horde /etc/psa-webmail/horde.backup dpkg --purge --force-depends psa-horde psa-imp psa-kronolith psa-mnemo psa-turba psa-ingo psa-mimp rm -rf /etc/psa-webmail/horde /opt/psa/admin/bin/autoinstaller --select-release-current -install component horde #or install horde as normal using. /opt/psa/admin/bin/autoinstaller #install the latest micro updates /opt/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --reinstall-patch --install-component base
Once done, restore the horde.shadow file from the backup into the new horde folder created by the installer:
cd /etc/psa-webmail/ mv /etc/psa-webmail/horde.backup/horde.shadow ../horde/ /etc/init.d/apache2 restart
Then log in and check if horde is working. If not, you may want to consider upgrading from Plesk 9 to 10 or a clean re-install.
Removing Dr Web for Ubuntu
This is not a guaranteed fix.
People often remove this because it can cause mass emails/bounce messages.
locate drweb dpkg --get-selections|grep drweb apt-get remove psa-drweb5-upgrade apt-get remove drweb-base drweb-bases drweb-common drweb-daemon drweb-updater /etc/init.d/qmail restart
Alternate solutions; edit /etc/drweb/drweb_handler.conf , /etc/drweb/drweb32.ini and /etc/cron.d/drweb-update and http://forum.parallels.com/showthread.php?t=95308
Disable email notification
vim /var/spool/cron/drweb
Comment out the mail to command.
vim /etc/drweb/drweb32.ini
/mail
# MailCommand = {String} # Command used by Daemon and Updater to send notifications to a user # (administrator) via e-mail. MailCommand = "/usr/sbin/sendmail -i -bm -f drweb -- root"
Commented out bottom line above.
/etc/init.d/postfix restart