"Connection reset by peer" errors with Outlook
I have a mail server using dovecot that has been running without issue for quite a couple of years now. It serves email for about 30 individuals. But since Jan 14th, users have been reporting spurious errors in MS Outlook: 316 Jan 21 00:38:12 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=783) failed: Connection reset by peer, session= 317 Jan 21 00:38:12 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=598) failed: Connection reset by peer, session= 318 Jan 21 00:38:13 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=598) failed: Connection reset by peer, session=<9rWIHm4PtuF2wSuN> 319 Jan 21 00:38:13 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=677) failed: Connection reset by peer, session= 320 Jan 21 00:38:14 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=691) failed: Connection reset by peer, session= 321 Jan 21 00:38:15 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=610) failed: Connection reset by peer, session= 322 Jan 21 00:38:16 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=609) failed: Connection reset by peer, session= 323 Jan 21 00:38:16 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=596) failed: Connection reset by peer, session= 324 Jan 21 00:38:17 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=596) failed: Connection reset by peer, session= Some characteristics of the problem that may offer a clue: * happening with multiple users, not just the same one * happens from different IP addresses. * happens about 3 to 5 times per day and the errors come in batches like above * MS Outlook error is: reported error (0x80042109): ‘Outlook cannot conect to your outgoing SMTP email server. If you continue to receive this message….blah blah blah I googled the error code but didn’t find anything particularly helpful. I’m running Debian bullseye, version 11.8. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: "Connection reset by peer" errors with Outlook
> there is no user in the above line > >> Some characteristics of the problem that may offer a clue: >> * happening with multiple users, not just the same one >> * happens from different IP addresses. > > bots detected The problem is happening to real users on real devices who are reporting very real connection errors, not bots. > >> * happens about 3 to 5 times per day and the errors come in batches like >> above >> * MS Outlook error is: > > why is it a microsoft problem now ? > >> reported error (0x80042109): ‘Outlook cannot conect to your outgoing SMTP >> email server. If you continue to receive this message….blah blah blah > > disable pop3 in dovecot, problem is then gone The same problem happens on IMAP. Example from log: Jan 21 01:51:55 ip-172-30-0-131 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=87.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=598) failed: Connection reset by peer, session= ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: "Connection reset by peer" errors with Outlook
Based on your email I went back and took a closer took at the logs. The client reported this happened at 11:58 of the 19th. I went back and took a closer look and around 11:56 I found these entries in the log. 81218 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap(t.oli)<3739040>: Connection closed (IDLE running for 0.001 + waiting input for 1175.376 secs, 2 B in + 10 B out, state=wait-input) in=182 out=172366 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81219 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap (s.dam)<3739037>: Connection closed (IDLE running for 0.001 + waiting input for 1174.763 secs, 2 B in + 10 B out, state=wait-input) in=182 out=799331 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81220 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: warning: hostname 179.hosted-by.198xd.com does not resolve to address 45.129.14.179: Name or service not known 81221 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: connect from unknown[45.129.14.179] 81222 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (j.pomex)<3739095>: Connection closed (IDLE running for 0.001 + waiting input for 1078.221 secs, 2 B in + 10 B out, state=wait-input) in=165 out=801497 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count= 0 body_bytes=0 81223 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (a.cerx)<3739042>: Connection closed (IDLE running for 0.001 + waiting input for 1169.527 secs, 2 B in + 10 B out, state=wait-input) in=182 out=303618 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81224 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (h.fox)<3739034>: Connection closed (IDLE running for 0.001 + waiting input for 1180.675 secs, 2 B in + 10 B out, state=wait-input) in=194 out=1927 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bo dy_bytes=0 81225 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap(dxx)<3739057>: Connection closed (IDLE running for 0.001 + waiting input for 1135.454 secs, 2 B in + 10 B out, state=wait-input) in=182 out=458253 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bod y_bytes=0 So these have real user names associated (have been obfuscated. I think these are more likely the source of the error some users have been seeing, not the errors I originally posted here to the mailing list. On Jan 21, 2024, at 8:34 PM, Benny Pedersen wrote: Steve Dondley via dovecot skrev den 2024-01-22 02:18: I have a mail server using dovecot that has been running without issue for quite a couple of years now. It serves email for about 30 individuals. But since Jan 14th, users have been reporting spurious errors in MS Outlook: 324 Jan 21 00:38:17 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=596) failed: Connection reset by peer, session= there is no user in the above line Some characteristics of the problem that may offer a clue: * happening with multiple users, not just the same one * happens from different IP addresses. bots detected * happens about 3 to 5 times per day and the errors come in batches like above * MS Outlook error is: why is it a microsoft problem now ? reported error (0x80042109): ‘Outlook cannot conect to your outgoing SMTP email server. If you continue to receive this message….blah blah blah disable pop3 in dovecot, problem is then gone I googled the error code but didn’t find anything particularly helpful. we all use minimal tls1.2, the bots still use ssl, with username fails I’m running Debian bullseye, version 11.8. irelevant info ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: "Connection reset by peer" errors with Outlook
OK, I was chasing log ghosts. What was actually going on was fail2ban was kicking on for users and banning them for 10 min. I have no idea what is triggering it for so many different users from legit email addresses. Still investigating. But this appears to be a fail2ban problem, not a dovecot problem. On Jan 22, 2024, at 10:41 AM, Steve Dondley via dovecot wrote: Based on your email I went back and took a closer took at the logs. The client reported this happened at 11:58 of the 19th. I went back and took a closer look and around 11:56 I found these entries in the log. 81218 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap (t.oli)<3739040>: Connection closed (IDLE running for 0.001 + waiting input for 1175.376 secs, 2 B in + 10 B out, state=wait-input) in=182 out=172366 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81219 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap (s.dam)<3739037>: Connection closed (IDLE running for 0.001 + waiting input for 1174.763 secs, 2 B in + 10 B out, state=wait-input) in=182 out=799331 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81220 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: warning: hostname 179.hosted-by.198xd.com does not resolve to address 45.129.14.179: Name or service not known 81221 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: connect from unknown[45.129.14.179] 81222 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (j.pomex)<3739095>: Connection closed (IDLE running for 0.001 + waiting input for 1078.221 secs, 2 B in + 10 B out, state=wait-input) in=165 out=801497 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count= 0 body_bytes=0 81223 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (a.cerx)<3739042>: Connection closed (IDLE running for 0.001 + waiting input for 1169.527 secs, 2 B in + 10 B out, state=wait-input) in=182 out=303618 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81224 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (h.fox)<3739034>: Connection closed (IDLE running for 0.001 + waiting input for 1180.675 secs, 2 B in + 10 B out, state=wait-input) in=194 out=1927 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bo dy_bytes=0 81225 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (dxx)<3739057>: Connection closed (IDLE running for 0.001 + waiting input for 1135.454 secs, 2 B in + 10 B out, state=wait-input) in=182 out=458253 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bod y_bytes=0 So these have real user names associated (have been obfuscated. I think these are more likely the source of the error some users have been seeing, not the errors I originally posted here to the mailing list. On Jan 21, 2024, at 8:34 PM, Benny Pedersen wrote: Steve Dondley via dovecot skrev den 2024-01-22 02:18: I have a mail server using dovecot that has been running without issue for quite a couple of years now. It serves email for about 30 individuals. But since Jan 14th, users have been reporting spurious errors in MS Outlook: 324 Jan 21 00:38:17 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=596) failed: Connection reset by peer, session= there is no user in the above line Some characteristics of the problem that may offer a clue: * happening with multiple users, not just the same one * happens from different IP addresses. bots detected * happens about 3 to 5 times per day and the errors come in batches like above * MS Outlook error is: why is it a microsoft problem now ? reported error (0x80042109): ‘Outlook cannot conect to your outgoing SMTP email server. If you continue to receive this message….blah blah blah disable pop3 in dovecot, problem is then gone I googled the error code but didn’t find anything particularly helpful. we all use minimal tls1.2, the bots still use ssl, with username fails I’m running Debian bullseye, version 11.8. irelevant info ___ dovecot mailing list -- dovecot@d
Re: "Connection reset by peer" errors with Outlook
Yeah I think I figured it out. It looks like someone set up their phone with bad password and when they got on the WiFi network it got everyone else on the network banned for 10 min. I’ve whitelisted the ip for now. I think the guy was traveling between different offices making it look like it wasn’t isolated to a single network. > On Jan 22, 2024, at 6:15 PM, Michael Grant wrote: > > On Mon, Jan 22, 2024 at 04:28:09PM -0500, Steve Dondley via dovecot wrote: >> OK, I was chasing log ghosts. What was actually going on was fail2ban was >> kicking on for users and banning them for 10 min. >> >> I have no idea what is triggering it for so many different users from legit >> email addresses. Still investigating. But this appears to be a fail2ban >> problem, not a dovecot problem. > > Oh you have my sympathies. fail2ban-client banned ipaddr. Get the ip > addr of your users and see if they're banned like th is. Then use > fail2ban-client unban. I can't tell you how often this happens to me. > > What happens is users have phones and laptops and they then add a > tablet and want their email on it so they end up messing up their > password on their tablet, or worse, resetting their password in order > to get mail on their tablet and then it screws up the other devices > and it's an absolute nightmare to continually debug. It happens to > multiple users who are at the same address, as in, my parents because > they're all behind the same address in the router. It happens to > multiple people who use New Outlook which insists on sucking all the > mail into Microsoft's servers and then one user bans a swatch of addrs > of those servers and random things break everywhere. I ended up > whitelisting all of microsoft's mail servers in my jail.local: > > 40.80.0.0/12 40.74.0.0/15 40.120.0.0/14 40.125.0.0/17 40.76.0.0/14 > 40.96.0.0/12 40.124.0.0/16 40.112.0.0/13 > > Hope this helps. I have been there so many times and it's a regular > occurance in my tech life chasing these ghosts. > > Michael Grant ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: What is the appropriate action for out of memory error for exceeding vsz_limit in my situation?
>> > > How many messages do you have in the folder? > > Don't keep 10 thousand of them in a folder and it should be fine. > If it was my mailbox, I’d delete them. But it’s not, so I can’t. So barring this action, what are my best available options? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
What is the appropriate action for out of memory error for exceeding vsz_limit in my situation?
Hi, I have sporadic messages on my server about an account getting an out of
memory error:
Fatal: master: service(imap): child 17910 returned error 83 (Out of memory
(service imap { vsz_limit=325 MB }, you may need to increase it) - set
CORE_OUTOFMEM=1 environment to get core dump)
In response, I raised the limit from 256MB up to 325. That didn’t seem to help.
The server has only 512 MB of RAM so I’m afraid to go much higher.
I googled around a bit and some people are saying that when the
dovecot.index.cache grows too large, it can cause these errors. The imap
account has a dovecot.index.cache file that is 167 MB which seems to be well
below the limit (but maybe it is compressed?). So I’m not entirely sure as to
what the underlying problem is.
So before upgrading to the server to 1024 MB of ram and going on a wild goose
chase, I just want to get input on whether I have positively identified the
problem and whether there might be something else I can do to manage this
problem.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
