Since last week I've noticed messages not being delivered to our clients or myself.
After checking the server, turns out the pop service has stopped serving.
For all these cases I can trace the following line in POP-debug-ddmmyy.log, just before the service stops...
mm/dd/yy hh:mm:ss User tried to log in, but not a valid username/password combination
The next entry is me restarting the service. This happens about once every day now.
The event viewer registers an application error in mepops.exe... faulting application.
What can I do to avoid the service stopping?
Any help is appreciated.
Pop service stops after invalid logins were used
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Hi,
Ensure that you are running the latest version of MailEnable professional as there has been fixes in regards to the POP service.
Do you have POP before SMTP authentication enabled?
If you are unable to determine the cause of the service stopping then then best way to get a managed response is by submitting a support ticket with MailEnable and providing the relevant logs and details so a technician can diagnose the fault.
You can lodge the call here: https://www.mailenablecorp.com/support/step1.asp
regards,
MailEnable Support.
Ensure that you are running the latest version of MailEnable professional as there has been fixes in regards to the POP service.
Do you have POP before SMTP authentication enabled?
If you are unable to determine the cause of the service stopping then then best way to get a managed response is by submitting a support ticket with MailEnable and providing the relevant logs and details so a technician can diagnose the fault.
You can lodge the call here: https://www.mailenablecorp.com/support/step1.asp
regards,
MailEnable Support.
Any update on this?
Having the exact same issue which started on the 7th.
It looks like a dictionary attack as they are trying to login with an account that doesnt exist, several failed login then the POP service crashes.
Restarted the service and next time the same IP tried to login and it crashed first time.
Ive been banning the IP's in the POP service which is working at the moment.
Having the exact same issue which started on the 7th.
It looks like a dictionary attack as they are trying to login with an account that doesnt exist, several failed login then the POP service crashes.
Restarted the service and next time the same IP tried to login and it crashed first time.
Ive been banning the IP's in the POP service which is working at the moment.
Same issue here on ME PRO 2.36!
I think there are some issues related:
- other users are also reporting POP3 service stopping unexpectedly
- I noticed multiple failed logons to POP3 service
Seems related.
And the most weird thing is this:
in POP3 LOG file each connection has client IP logged. But only ONE user, which has regular failed logons exactly every 10 minutes non-stop, logfile says it is comming from MY SERVER!
But not from my WEB server IP, but from IP of my MAIL server! But my users do not have access to my MAIL server, except via POP3, SMTP and IMAP service. All other ports are blocked.
So, the questions are:
- How is it possible that, regarding to POP3 logs, somebody is checking exact ONE mail account FROM MY SERVER's IP?
- is this multiple POP3 logon failure somehow related to POP3 service crashing?
I think there are some issues related:
- other users are also reporting POP3 service stopping unexpectedly
- I noticed multiple failed logons to POP3 service
Seems related.
And the most weird thing is this:
in POP3 LOG file each connection has client IP logged. But only ONE user, which has regular failed logons exactly every 10 minutes non-stop, logfile says it is comming from MY SERVER!
But not from my WEB server IP, but from IP of my MAIL server! But my users do not have access to my MAIL server, except via POP3, SMTP and IMAP service. All other ports are blocked.
So, the questions are:
- How is it possible that, regarding to POP3 logs, somebody is checking exact ONE mail account FROM MY SERVER's IP?
- is this multiple POP3 logon failure somehow related to POP3 service crashing?
The IP address is the IP of mail server itself.davex2cms wrote:You should block the IP address of the user which is causing it to crash in the pop service settings.
In ME Pro MMC console under
LOCALHOST -> SERVICES -> POP -> Log -> Activity Log
it looks like this:
01/15/07 00:19:04 POPS 608 193.95.219.119 +OK+Welcome+to+MailEnable+POP3+Server 39 0
01/15/07 00:19:04 POPS 608 193.95.219.119 CAPA CAPA +OK+Capability+list+follows 0 6
01/15/07 00:19:04 POPS 608 193.95.219.119 USER USER+user@domain.com +OK 0 30
01/15/07 00:19:04 POPS 608 193.95.219.119 PASS PASS+* +OK 0 14
01/15/07 00:19:04 POPS 608 193.95.219.119 STAT STAT +OK+0+0 0 6
01/15/07 00:19:04 POPS 608 193.95.219.119 QUIT QUIT +OK+Goodbye 0 6
01/15/07 00:19:32 POPS 632 193.77.89.2 +OK+Welcome+to+MailEnable+POP3+Server 39 0
01/15/07 00:19:32 POPS 632 193.77.89.2 CAPA CAPA +OK+Capability+list+follows 0 6
01/15/07 00:19:32 POPS 632 193.77.89.2 USER USER+user@domain.com +OK 0 20
01/15/07 00:19:33 POPS 632 193.77.89.2 PASS PASS+* +OK 0 14
01/15/07 00:19:33 POPS 632 193.77.89.2 STAT STAT +OK+0+0 0 6
01/15/07 00:19:33 POPS 632 193.77.89.2 QUIT QUIT +OK+Goodbye 0 6
01/15/07 00:19:53 POPS 620 89.212.29.49 +OK+Welcome+to+MailEnable+POP3+Server 39 0
01/15/07 00:19:54 POPS 620 89.212.29.49 USER USER+user@domain.com +OK 0 22
01/15/07 00:19:54 POPS 620 89.212.29.49 PASS PASS+* +OK 0 15
01/15/07 00:19:55 POPS 620 89.212.29.49 STAT STAT +OK+0+0 0 6
01/15/07 00:19:55 POPS 620 89.212.29.49 QUIT QUIT +OK+Goodbye 0 6
01/15/07 00:19:59 POPS 600 123.123.123.123 +OK+Welcome+to+MailEnable+POP3+Server 39 0
01/15/07 00:19:59 POPS 600 123.123.123.123 USER USER+the.user +OK 0 16
01/15/07 00:19:59 POPS 600 123.123.123.123 PASS PASS+* -ERR+Unable+to+log+on 0 14
01/15/07 00:19:59 POPS 600 123.123.123.123 QUIT QUIT +OK+Goodbye 0 6
As you see:
- problematic user the.user ALWAYS logs from MAIL server's IP (which is here listed as 123.123.123.123)
- problematic user ALWAYS logs in at exactly xx:x9:59 hours (every 10 minutes)
- all users login with FULL username, while problematic one ALWAYS logs only with the part before @, without domain part of email
- and my WEB server is on different IP, so users cannot put a script there to check email, because if that would be true, request would come from WEB server's IP
What do I think?
Since on this IP there is ONLY MAIL server, and this problematic user the.user has a mailbox + redirect to gmail.com, I think there must be something within MailEnable itself, which causes all those troubles.
And finally, after so many failed logins, POP3 service dies every day at least once.
Anyone any idea?