Re: "Connection reset by peer" errors with Outlook

22 Jan 2024

      Based on your email I went back and took a closer took at the logs.
The client reported this happened at 11:58 of the 19th. I went back and took a closer look and around 11:56 I found these entries in the log.
81218 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap(t.olixxxx)<3739040>: Connection closed (IDLE running for 0.001 + waiting input for 1175.376 secs, 2 B in + 10 B out, state=wait-input) in=182 out=172366 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0        body_bytes=0
81219 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap(s.damxxxx)<3739037>: Connection closed (IDLE running for 0.001 + waiting input for 1174.763 secs, 2 B in + 10 B out, state=wait-input) in=182 out=799331 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0        body_bytes=0
81220 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: warning: hostname 179.hosted-by.198xd.com does not resolve to address 45.129.14.179: Name or service not known
81221 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: connect from unknown[45.129.14.179]
81222 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap(j.pomexxxxx)<3739095>: Connection closed (IDLE running for 0.001 + waiting input for 1078.221 secs, 2 B in + 10 B out, state=wait-input) in=165 out=801497 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=       0 body_bytes=0
81223 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap(a.cerxxxxx)<3739042>: Connection closed (IDLE running for 0.001 + waiting input for 1169.527 secs, 2 B in + 10 B out, state=wait-input) in=182 out=303618 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0        body_bytes=0
81224 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap(h.foxxxxx)<3739034>: Connection closed (IDLE running for 0.001 + waiting input for 1180.675 secs, 2 B in + 10 B out, state=wait-input) in=194 out=1927 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bo       dy_bytes=0
81225 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap(dxxxxxx)<3739057>: Connection closed (IDLE running for 0.001 + waiting input for 1135.454 secs, 2 B in + 10 B out, state=wait-input) in=182 out=458253 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bod       y_bytes=0
So these have real user names associated (have been obfuscated. I think these are more likely the source of the error some users have been seeing, not the errors I originally posted here to the mailing list.
...
On Jan 21, 2024, at 8:34 PM, Benny Pedersen me@junc.eu wrote:
Steve Dondley via dovecot skrev den 2024-01-22 02:18:
...
I have a mail server using dovecot that has  been running without issue for quite a couple of years now. It serves email for about 30 individuals.
But since Jan 14th, users have been reporting spurious errors in MS Outlook:
324 Jan 21 00:38:17 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=596) failed: Connection reset by peer, session=
there is no user in the above line
...
Some characteristics of the problem that may offer a clue:

happening with multiple users, not just the same one
happens from different IP addresses.

bots detected
...

happens about 3 to 5 times per day and the errors come in batches like above
MS Outlook error is:

why is it a microsoft problem now ?
...
reported error (0x80042109): ‘Outlook cannot conect to your outgoing SMTP email server. If you continue to receive this message….blah blah blah
disable pop3 in dovecot, problem is then gone
...
I googled the error code but didn’t find anything particularly helpful.
we all use minimal tls1.2, the bots still use ssl, with username fails
...
I’m running Debian bullseye, version 11.8.
irelevant info

dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-leave@dovecot.org
Based on your email I went back and took a closer took at the logs.
The client reported this happened at 11:58 of the 19th. I went back and took a
closer look and around 11:56 I found these entries in the log.
 81218 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap(t.olixxxx)<3739040>: Connection closed (IDLE running for 0.001 + waiting input for
1175.376 secs, 2 B in + 10 B out, state=wait-input) in=182 out=172366 deleted=0
expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0        body_bytes=0
81219 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap
(s.damxxxx)<3739037>: Connection closed (IDLE running for
0.001 + waiting input for 1174.763 secs, 2 B in + 10 B out, state=wait-input)
in=182 out=799331 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0
body_count=0        body_bytes=0
81220 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: warning:
hostname 179.hosted-by.198xd.com does not resolve to address 45.129.14.179:
Name or service not known
81221 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: connect from
unknown[45.129.14.179]
81222 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap
(j.pomexxxxx)<3739095>: Connection closed (IDLE running for
0.001 + waiting input for 1078.221 secs, 2 B in + 10 B out, state=wait-input)
in=165 out=801497 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0
body_count=       0 body_bytes=0
81223 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap
(a.cerxxxxx)<3739042>: Connection closed (IDLE running for
0.001 + waiting input for 1169.527 secs, 2 B in + 10 B out, state=wait-input)
in=182 out=303618 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0
body_count=0        body_bytes=0
81224 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap
(h.foxxxxx)<3739034>: Connection closed (IDLE running for
0.001 + waiting input for 1180.675 secs, 2 B in + 10 B out, state=wait-input)
in=194 out=1927 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0
body_count=0 bo       dy_bytes=0
81225 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap(dxxxxxx)<3739057>: Connection closed (IDLE running for 0.001 + waiting input for
1135.454 secs, 2 B in + 10 B out, state=wait-input) in=182 out=458253 deleted=0
expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bod       y_bytes=0
So these have real user names associated (have been obfuscated. I think these
are more likely the source of the error some users have been seeing, not the
errors I originally posted here to the mailing list. 
 On Jan 21, 2024, at 8:34 PM, Benny Pedersen <me@junc.eu> wrote:

 Steve Dondley via dovecot skrev den 2024-01-22 02:18:
      I have a mail server using dovecot that has  been running
      without issue for quite a couple of years now. It serves
      email for about 30 individuals.
      But since Jan 14th, users have been reporting spurious
      errors in MS Outlook:
       324 Jan 21 00:38:17 ip-172-30-0-131 dovecot: pop3-login:
      Disconnected (no auth attempts in 0 secs): user=<>,
      rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking:
      read(size=596) failed: Connection reset by peer,
      session=<mu/JHm4Ptup2wSuN>

 there is no user in the above line

      Some characteristics of the problem that may offer a clue:
      * happening with multiple users, not just the same one
      * happens from different IP addresses.

 bots detected

      * happens about 3 to 5 times per day and the errors come in
      batches like above
      * MS Outlook error is:

 why is it a microsoft problem now ?

      reported error (0x80042109): ‘Outlook cannot conect to your
      outgoing SMTP email server. If you continue to receive this
      message….blah blah blah

 disable pop3 in dovecot, problem is then gone

      I googled the error code but didn’t find anything
      particularly helpful.

 we all use minimal tls1.2, the bots still use ssl, with username
 fails

      I’m running Debian bullseye, version 11.8.

 irelevant info

 _______________________________________________
 dovecot mailing list -- dovecot@dovecot.org
 To unsubscribe send an email to dovecot-leave@dovecot.org