Eamil tranport issue / false positive authentication issue

[doulos61]

I am having an issue with my EXIM email and need a resolution please. Here are two indicators of what has happened -

I am getting warnings from the server as follows;

Subject: lfd on myserver.com: Email queue size alert
Time: Sat Jul 30 18:47:58 2011 -0500
The exim delivery queue size is 2612

In addition My outlook is not able to connect to email and generates the following error;

Task 'joeuser@myserver.com - Receiving' reported error (0x800CCC92) : 'Your e-mail server rejected your login. Verify your user name and password in your account properties. Under Tools, click E-mail accounts. The server responded: -ERR Authentication failed (bad password?)'

By way of troubleshooting I have successfully authenticated and connected to my web email (server.com:2096) for the account in question. I then use the horde gui to send an email to another address target of mine to check the outgoing from the server. I then reply to the received email to check the incoming.

From the Horde GUI, I can both send and receive emails. I then take those same credentials and ensure that is what outlooks is using. When I test the email in outlook, it fails with the aforementioned error.

All of this worked until recently when my VPS was locked down for being over quota as a result of my providers recent patching efforts of the VPS upper level host.

As far as everything else, EXIM is working correctly. I have also restarted the service.

Where is the problem? What should I look into? HOW do I FIXT IT!?

Much thnx
D

[cPanelTristan]

Could you try removing and re-adding the email account in Outlook, or changing the email account password in cPanel > Email Accounts area, and then changing that email account password in Outlook as well?

[doulos61]

Thanks for the reply Tristan - I actually thought about PM you on this.

I have it fixed. It appears that I had/have two issues going on here - the email queue issue is because my server is sending out SPAM, and the authentication/POP3 validation is a known issue.

I tracked it down by checking the message log (/var/log/messages). I noticed alot of these entries reoccuring;

Code:

server1 popa3d(pam_unix)[13128]: check pass; user unknown
server1 popa3d(pam_unix)[13128]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
server1 popa3d[13128]: Authentication failed for UNKNOWN USER from 127.0.0.1

I searched around and found out "There’s a bug in cPanel which prevents user from checking mail from mail client, while you can login to webmail without a problem and you can send out email without a problem."

The fix is this -

SSH into the server
cd /etc/xinetd.d/
edit these files:

pop3s
popa3d*
popa3ds*
cpimap
(*my server only had these two files.)

You’ll see one line saying: disable = ‘no’ make it disable = ‘yes’

Save and exit. Then restart xinetd and cppop.

This resolved the problem for the POP3. Now I have to move on to addressing my server sending out spam. I am totally unsure if this is true. Any post suggestion or advise is appreciated. Here is a sample header -

Code:

1QoRik-0000Rt-U5-H
mailnull 47 12
<>
1312340530 0
-ident mailnull
-received_protocol local
-body_linecount 128
-max_received_linelength 629
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1312340531
-localerror
XX
1
plhav@lycos.com

146P Received: from mailnull by myserver.com with local (Exim 4.69)
	id 1QoRik-0000Rt-U5
	for plhav@lycos.com; Tue, 02 Aug 2011 22:01:46 -0500
037  X-Failed-Recipients: email@shema.com
029  Auto-Submitted: auto-replied
064F From: Mail Delivery System <Mailer-Daemon@myserver.com>
020T To: plhav@lycos.com
059  Subject: Mail delivery failed: returning message to sender
053I Message-Id: <E1QoRik-0000Rt-U5@myserver.com>
038  Date: Tue, 02 Aug 2011 22:01:46 -0500
 
1QoRik-0000Rt-U5-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  email@shema.com
    The mail server detected your message as spam and has prevented delivery (50).

------ This is a copy of the message, including all the headers. ------

Return-path: <plhav@lycos.com>
Received: from [184.22.120.26] (port=50182 helo=systemabc.com)
	by myserver.com with esmtp (Exim 4.69)
	(envelope-from <plhav@lycos.com>)
	id 1QoRig-0000RM-4L
	for email@shema.com; Tue, 02 Aug 2011 22:01:46 -0500
Received: from dummy.name; Tue, 02 Aug 2011 21:02:58 -0600
Received: from dummy.name
From: "�ھ���" <ucrmncovnjno@mtv.com>
Subject: ����Ϊʲô���֣�
Reply-To: tianlan_1005@163.com
MIME-Version: 1.0
Content-Type: text/html;
	charset="gb2312"
X-mailer: Mnzcb 6
Date: Tue, 02 Aug 2011 21:02:58 -0600
Message-ID: <auto-000001240657@systemabc.com>
X-Spam-Subject: ***SPAM*** ����Ϊʲô���֣�
X-Spam-Status: Yes, score=16.6
X-Spam-Score: 166
X-Spam-Bar: ++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "my.server.com", has
	identified this incoming email as possible spam.  The original message
	has been attached to this so you can view it (if it isn't spam) or label
	similar future email.  If you have any questions, see
	the administrator of that system for details.
	Content preview:  ����Ϊʲô���� ����Ϊʲô���֣� �� [...] 
	Content analysis details:   (16.6 points, 5.0 required)
	pts rule name              description

I have substituted my domain for the above example as "myserver.com"
Thanks
D