Results 1 to 17 of 17
  1. #1
    Join Date
    Jan 2006
    Posts
    266

    Looking for help with POP3 and PHP

    I've been having a problem with server the last two days. Yesterday, my server went offline from 2pm and I caught it at about 9pm and the hosting company fixed it within an hour or so. The named service configuration was messed up some how.

    Today, my server has been working correctly (except the part below). The emails are collecting on the server and I can view/compose/reply/etc on webmail, but both outlook and thunderbird aren't getting the messages and I'm not getting any connection errors. To fix this, I restarted exim (I didn't know if that was correct) and I notified my hosting company because it didn't fix the problem. They went in and restarted vm-pop3d and da-popb4smtp. Still no luck. Email still works on the server but not via outlook/thunderbird.

    Then, later today, my sever was VERY sluggish. I thought it might have been a DOS attack but they said that there was no evidence of it and so they looked at the processes and they said PHP was being a hog. Once the restarted httpd they said it returned to normal.

    I'm thinking I have a problem and I'm turning here to get some help. The server has been running, for the most part pretty well. However it went down on Feb 10, Mar 2, May 4 and May 14. I think that I need to optimize it a bit and I was wondering if anyone can please give me some advice to getting things running leaner and meaner?

    Also... The priority, is getting the email working correctly. It is server wide (not a domain issue).

    I'm running DirectAdmin

  2. #2
    Join Date
    Jan 2006
    Posts
    266
    I should also mention that I have changed my PHP setup a while ago to be run as FastCGI & suPHP

  3. #3
    Join Date
    Jan 2006
    Posts
    266
    I just typed this:

    Code:
    # netstat -nlp | grep :110
    and this was the output:
    Code:
    tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      5377/vm-pop3d
    Is it a problem that it is listening on 0.0.0.0??

  4. #4
    Join Date
    Jun 2007
    Location
    UK
    Posts
    219
    No, that means it listens on any IP address your machine has configured.

    Can you connect with telnet to the POP3 port on your server? Is anything showing in the POP3 server's logs?
    I think the server saw what was required of it and just committed suicide instead.

  5. #5
    Join Date
    Jan 2006
    Posts
    266
    I typed:

    Code:
    # telnet mail.mydomain.com:110
    and that didn't work. I don't know if that is the correct way to do it or not. But... I have disabled it so that people can't telnet into the box.

    Where are the log files for pop3?

  6. #6
    Join Date
    Oct 2007
    Location
    Northampton, UK
    Posts
    553
    Hi,

    You don't need the colon in there for the telnet command (at least not for windows or linux I don't think). Have a go without.

    Is there a firewall/iptables running on the server?

    Matt
    SysAdminMan - Asterisk PBX hosting - FreePBX, A2Billing and Elastix

  7. #7
    Join Date
    Jan 2006
    Posts
    266
    Quote Originally Posted by bucasia View Post
    Hi,

    You don't need the colon in there for the telnet command (at least not for windows or linux I don't think). Have a go without.

    Is there a firewall/iptables running on the server?

    Matt

    Yes there are IP tables/firewall installed. APF.

    I tried to telnet and it says connection refused. But, when I setup the server, I set it up so that telnet wouldn't work for security. I have SSH setup instead.

  8. #8
    Join Date
    Oct 2007
    Location
    Northampton, UK
    Posts
    553
    When you use telnet like that you're just using the telnet client to connect to a service (no necessarily the telnet service) on the server. Just to check if you can get a response.

    So the telnet service on your server being enabled or disabled won't make any difference for what you're trying to do there.

    Is access to port 110 enabled in your firewall?
    SysAdminMan - Asterisk PBX hosting - FreePBX, A2Billing and Elastix

  9. #9
    Join Date
    Jan 2006
    Posts
    266
    for TCP inbound, yes it is open.

  10. #10
    Join Date
    Mar 2003
    Location
    Kansas City, Missouri
    Posts
    462
    Quote Originally Posted by zincoxide View Post
    I typed:

    Code:
    # telnet mail.mydomain.com:110
    and that didn't work. I don't know if that is the correct way to do it or not. But... I have disabled it so that people can't telnet into the box.

    Where are the log files for pop3?
    Hello,

    When using telnet in Linux simply put a space between the host and the port like this:
    Code:
    # telnet <host/ip> <port>
    =>Admo.net Managed Hosting
    => Managed Hosting • Dedicated Servers • Colocation
    => Dark Fiber Access to 1102 Grand, Multiple Public Providers
    => Over •Sixteen• Years of Service

  11. #11
    Join Date
    Oct 2007
    Location
    Northampton, UK
    Posts
    553
    Well, it all looks OK. If your server has been running out of memory it may just be worth trying a reboot. Things can get screwed up when memory starts running out.

    Could be worth a shot?

    Matt
    SysAdminMan - Asterisk PBX hosting - FreePBX, A2Billing and Elastix

  12. #12
    Join Date
    Jan 2006
    Posts
    266
    My memory is okay now. The other day after my site was brought back online, it was really sluggish. Then, the host restarted PHP because for some reason it was being a hog. Then the system was fast again, but pop3 still didn't work.

    I've telnet'd again and this time put the port 110 after and it connected fine.

    but, I'm still not getting emails in my email client via pop3.

  13. #13
    Join Date
    Oct 2007
    Location
    Northampton, UK
    Posts
    553
    Ok, if you can connect now you could try (once connected) ...

    USER username
    PASS password

    You should now get an "+OK" prompt

    Now if you type STAT it should tell you how many e-mails you've got waiting.
    SysAdminMan - Asterisk PBX hosting - FreePBX, A2Billing and Elastix

  14. #14
    Join Date
    Jan 2006
    Posts
    266
    Okay... I did that and it worked. However, when I typed STAT, I got +OK 0 0

    BUT, I know for a fact that there was 34 unread emails in my inbox, so vm-pop3d isn't "seeing them".

    What do I do now?

  15. #15
    Join Date
    Oct 2007
    Location
    Northampton, UK
    Posts
    553
    So maybe vm-pop3d is looking in the wrong place for your inbox (locations can vary). Is there any way you can find out where it's looking and check that it's correct.

    Also, check the pop3d logs if you can. Usual place for logs is /var/log

    Another guess, but unlikely - you said named got messed up? I don't supposed there's any chance that you've got an old server that you're connecting to instead of your live server?
    SysAdminMan - Asterisk PBX hosting - FreePBX, A2Billing and Elastix

  16. #16
    Join Date
    Jan 2006
    Posts
    266
    I think I may have found the problem but I don't know what to do. I just looked at /var/maillog and there is a WHOLE bunch of attacks I think.

    Code:
    May 15 06:54:43 servername vm-pop3d[24029]: Session ended for no user from 70.89.46.205
    May 15 06:54:43 servername vm-pop3d[24110]: User 'jobs' - failed auth, from=70.89.46.205
    May 15 06:54:44 servername vm-pop3d[24109]: Session ended for no user from 70.89.46.205
    May 15 06:54:44 servername vm-pop3d[24070]: Session ended for no user from 70.89.46.205
    May 15 06:54:44 servername vm-pop3d[24118]: Session ended for no user from 70.89.46.205
    May 15 06:54:44 servername vm-pop3d[24119]: Session ended for no user from 70.89.46.205
    May 15 06:54:45 servername vm-pop3d[24120]: User 'jimm' - failed auth, from=70.89.46.205
    May 15 06:54:45 servername vm-pop3d[24072]: Session ended for no user from 70.89.46.205
    May 15 06:54:45 servername vm-pop3d[24121]: User 'jerome' - failed auth, from=70.89.46.205
    May 15 06:54:46 servername vm-pop3d[24090]: Session ended for no user from 70.89.46.205
    May 15 06:54:46 servername vm-pop3d[24139]: Session ended for no user from 70.89.46.205
    May 15 06:54:46 servername vm-pop3d[24091]: Session ended for no user from 70.89.46.205
    May 15 06:54:46 servername vm-pop3d[24140]: User 'john' - failed auth, from=70.89.46.205
    May 15 06:54:46 servername vm-pop3d[24141]: User 'jesse' - failed auth, from=70.89.46.205
    May 15 06:54:46 servername vm-pop3d[24092]: Session ended for no user from 70.89.46.205
    May 15 06:54:46 servername vm-pop3d[24142]: Session ended for no user from 70.89.46.205
    May 15 06:54:47 servername vm-pop3d[24143]: User 'jill' - failed auth, from=70.89.46.205
    May 15 06:54:47 servername vm-pop3d[24096]: Session ended for no user from 70.89.46.205
    May 15 06:54:47 servername vm-pop3d[24145]: Quitting on signal: 13
    May 15 06:54:47 servername vm-pop3d[24148]: Quitting on signal: 13
    May 15 06:54:47 servername vm-pop3d[24149]: Session ended for no user from 70.89.46.205
    May 15 06:54:47 servername vm-pop3d[24150]: User 'jimmie' - failed auth, from=70.89.46.205
    May 15 06:54:48 servername vm-pop3d[24103]: Session ended for no user from 70.89.46.205
    May 15 06:54:48 servername vm-pop3d[24153]: Session ended for no user from 70.89.46.205
    May 15 06:54:48 servername vm-pop3d[24104]: Session ended for no user from 70.89.46.205
    May 15 06:54:48 servername vm-pop3d[24155]: Session ended for no user from 70.89.46.205
    May 15 06:54:48 servername vm-pop3d[24154]: Session ended for no user from 70.89.46.205
    May 15 06:54:48 servername vm-pop3d[24157]: User 'jimm' - failed auth, from=70.89.46.205
    May 15 06:54:50 servername vm-pop3d[24120]: Session ended for no user from 70.89.46.205
    May 15 06:54:50 servername vm-pop3d[24121]: Session ended for no user from 70.89.46.205
    May 15 06:54:50 servername vm-pop3d[24110]: Session ended for no user from 70.89.46.205
    May 15 06:54:51 servername vm-pop3d[24221]: User 'jimmie' - failed auth, from=70.89.46.205
    May 15 06:54:51 servername vm-pop3d[24222]: User 'jester' - failed auth, from=70.89.46.205
    May 15 06:54:51 servername vm-pop3d[24225]: Session ended for no user from 70.89.46.205
    May 15 06:54:51 servername vm-pop3d[24227]: Session ended for no user from 70.89.46.205
    May 15 06:54:51 servername vm-pop3d[24228]: Session ended for no user from 70.89.46.205
    May 15 06:54:51 servername vm-pop3d[24229]: Session ended for no user from 70.89.46.205
    May 15 06:54:51 servername vm-pop3d[24230]: Session ended for no user from 70.89.46.205
    May 15 06:54:51 servername vm-pop3d[24231]: User 'joanna' - failed auth, from=70.89.46.205
    May 15 06:54:51 servername vm-pop3d[24140]: Session ended for no user from 70.89.46.205
    May 15 06:54:51 servername vm-pop3d[24141]: Session ended for no user from 70.89.46.205
    May 15 06:54:52 servername vm-pop3d[24232]: User 'jester' - failed auth, from=70.89.46.205
    May 15 06:54:52 servername vm-pop3d[24233]: User 'jesus' - failed auth, from=70.89.46.205
    May 15 06:54:52 servername vm-pop3d[24143]: Session ended for no user from 70.89.46.205
    May 15 06:54:52 servername vm-pop3d[24236]: Session ended for no user from 70.89.46.205
    May 15 06:54:52 servername vm-pop3d[24237]: Session ended for no user from 70.89.46.205
    May 15 06:54:52 servername vm-pop3d[24239]: Session ended for no user from 70.89.46.205
    What do I do?

    There is a LOT more than that. It looks as though they are going through a name book or something

  17. #17
    Join Date
    Jan 2006
    Posts
    266
    sorry accidentally double posted.
    Last edited by jthornton; 05-16-2008 at 12:34 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •