Help! Exim and IMAP going down constantly

Lksrainmaker

Member
Sep 2, 2021
6
1
3
Chile
cPanel Access Level
Root Administrator
Hi, i'm using a VPS CENTOS 7.9 kvm v98.0.6,

We try not to change any code, we use it just to add Domains, and to do some DNS stuff, however, a few days I had to restart and upgrade the server and everything started.

My users are experiencing problems with email, everyone in the company uses Outlook as a desktop client, and starting a week ago or so, the outlook has been prompting every user to log in again, as if the password for their emails was changed, or as if some configuration in the server was made.

I tried to log on to the server without success regardless of trying with cPanel or WHM, so I restarted it. It started working again, but with the same issue, so I checked the status, and services like Exim and Imap are constantly going down and up. I tried looking for errors, or a pattern without success.

It is intermittent, therefore I'm not sure where to look or what to do, any insight would be good.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
Hey there! Intermittent issues are always the worst to troubleshoot. Since you mentioned you have a large number of users, does this seem to happen more during certain times of day? If so, it could be hitting authentication limits on the mailserver.

I'd recommend checking the /var/log/maillog file on the system as that would show users authenticating to the mailserver, and could provide clues as to what the issue may be.
 

Lksrainmaker

Member
Sep 2, 2021
6
1
3
Chile
cPanel Access Level
Root Administrator
Thanks for your reply,

Well, we have something around 100 users perhaps less, and I mean, we had a year working without problems.
I'll get a tail of the log to show:

Sep 2 13:46:00 vps-281291 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=15035, TLS, session=<4AQvwQbLFeqkTYHb>
Sep 2 13:46:01 vps-281291 dovecot: auth: Error: policy([email protected],xxx.xxx.xxx.xxx,<JrQzwQbLcPqkTYHb>): Policy server HTTP error: Absolute request timeout expired (Request queued 3.000 secs ago, not yet sent, 0.000 in other ioloops)
Sep 2 13:46:01 vps-281291 dovecot: pop3-login: Login: user=<[email protected]>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=15036, session=<JrQzwQbLcPqkTYHb>
Sep 2 13:46:02 vps-281291 dovecot: pop3([email protected])<15036><JrQzwQbLcPqkTYHb>: Disconnected: Logged out top=0/0, retr=0/0, del=0/61, size=49831208, bytes=24/2098
Sep 2 13:46:02 vps-281291 dovecot: auth: Error: [email protected],xxx.xxx.xxx.xxx,<mh9xwQbLad+oxMqJ>): Policy server HTTP error: Absolute request timeout expired (Request queued3.001 secs ago, not yet sent, 0.000 in other ioloops)
Sep 2 13:46:03 vps-281291 dovecot: auth: Error: policy([email protected],xxx.xxx.xxx.xxx,<4AQvwQbLFeqkTYHb>): Policy server HTTP error: Absolute request timeout expired (Request queued 3.000 secs ago, not yet sent, 0.000 in other ioloops)
Sep 2 13:46:04 vps-281291 dovecot: auth: Error: policy([email protected],xxx.xxx.xxx.xxx,<JrQzwQbLcPqkTYHb>): Policy server HTTP error: Absolute request timeout expired (Request queued 3.000 secs ago, not yet sent, 0.000 in other ioloops)
Sep 2 13:46:05 vps-281291 dovecot: auth: Error: policy([email protected],xxx.xxx.xxx.xxx,<mh9xwQbLad+oxMqJ>): Policy server HTTP error: Absolute request timeout expired (Request queued3.001 secs ago, not yet sent, 0.000 in other ioloops)
Sep 2 13:46:05 vps-281291 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=15038, TLS, session=<mh9xwQbLad+oxMqJ>
Sep 2 13:46:08 vps-281291 dovecot: auth: Error: policy([email protected],xxx.xxx.xxx.xxx,<mh9xwQbLad+oxMqJ>): Policy server HTTP error: Absolute request timeout expired (Request queued3.002 secs ago, not yet sent, 0.000 in other ioloops)

at least now I know what to search on google!

Any insight on this?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
I'm glad that log was helpful, and that's exactly what I needed to see. While it doesn't lead us to the exact issue, it's a major clue.

Out of curiosity, what do you see in WHM >> cPHulk Brute Force Protection by going to the "History Reports" tab? Are there a lot of IP addresses being blocked in a relatively short timeframe?

Could you also try running this command and let me know the number it provides?

Code:
ps aux | grep -i [c]phulk | grep -v tail | wc -l
 

Lksrainmaker

Member
Sep 2, 2021
6
1
3
Chile
cPanel Access Level
Root Administrator
Thanks!

cPHulk actually sometimes is shown as down in service status, regarding your question it is shown as active in the cPHulk menu and the History Reports are blank, except for one IP in the one day blocked.

En the code result is: 2
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
So what I'm wondering is if some other service not related to email is causing issues with cPHulk and that's causing other problems. Did you get a chance to get the locked history list to see if there is a large amount of IPs there?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
Interesting...it might be best to open a ticket to have us take a look directly as it seems there is something else going on with the machine. If you do open a ticket, please post the number here so I can follow along and make sure this thread gets updated.
 

Lksrainmaker

Member
Sep 2, 2021
6
1
3
Chile
cPanel Access Level
Root Administrator
Yes, it seems so far that was the problem... I've been monitoring for about an hour without problems, will wait a couple of days to see if the problem is totally solved.

Thanks a lot cPRex