Port 993 on mail server not responding

Question

We have a mail server running snow leopard server 10.6.8 (build 10K549) Darwin 10.8.0, on a mac mini 2.53 GHz Intel Core 2 Duo with 4 GB RAM, 4 TB storage.Now this server has the annoying habit of not responding on port 993 (checked from other machines using network utility&#x27;s port scan both locally and externally).Postfix is serving mail on this port, and when the port is not responding users cannot retrieve their mail.Mail is running and when I stop/start mail nothing changes, the port is still not responding.Is there a way to get the port 993 responding like a reset/clear function?Could this be related to the fact that the installation of clamav that is installed with the server writes this in the log file?WARNING: Can&#x27;t download daily.cvd from database.clamav.netTrying again in 5 secs...ClamAV update process started at Mon Apr 23 16:28:52 2012Using IPv6 aware codeQuerying current.cvd.clamav.netTTL: 137Software version from DNS: 0.97.4main.cvd version from DNS: 54main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)WARNING: Current functionality level &#x3D; 58, recommended &#x3D; 60Please check if ClamAV tools are linked against the proper version of libclamavDON&#x27;T PANIC! Read http://www.clamav.net/support/faqdaily.cvd version from DNS: 14830How can that be fixed?Any help is appreciated...

Peter Borbonus · Answer

The warnings are from ClamAV! This is just noise and you can ignore it!Port 993 is SSL SMTP! Try it without SSL.Is firewall turned on on your server? Take a look at it.In your Router: Does Port 993 point to the IP-Adress of your server?We need more infos to help you :-)Peter.

PeterKjeldsen · Answer

Hi Peter,The server has no firewall activated (it is all handled by the router). The router&#x27;s port 993 is forwarded directly to the mail server&#x27;s port 993.The port 993 is not responding using Network Utility&#x27;s port scan localhost either (scanning ports from 0 to 1000 on IP address 127.0.0.1)The server is setup to USE (but not demand) SSL so clients can use CRAM MD5 or Kerberos. This is because we have clients that uses iPhones, iPads and Apple Mail on Macs.The server was working without a hitch until yesterday evening ~22:30. All other functionality is not affected (as far as I can see) e.g. it is possible to login and check mail using squirrel mail (webmail).This has happened out of the blue before. According to the handwritten log the server was re-installed from scratch on March 9 2012 and March 12 2012 due to the same problem. Kind regardsPeter

Peter Borbonus · Answer

Hi Peter, :-)did you take a look at your certificates? (Expiration time, using the right certificate for mail (SSL))?Because webmail seems to work: Will you get mails there?Regards,Peter.

PeterKjeldsen · Answer

Hi Peter,The SSL certificate on the server from Go Daddy expires Jan 29 2013 and it is selected Security tab under Advanced in Mail service, both for SMTP SSL and IMAP and POP SSL (however POP is not available as a mail option on this server and should not be).Yes, mails are received on using webmail.Kind regardsPeter

Peter Borbonus · Answer

OK,if you can send mail using webmail also? I would try to restart the machine before I look for other mistakes.You said, you changed nothung (no preferencs and services)?!What are the serverlogs saying if you try to send a mail?Both: Sending mail from the inside and from the outside are failing?Good luck,Peter

PeterKjeldsen · Answer

Result from Network Utility&#x27;s port scan:Port Scan has started…Port Scanning host: 95.9.xx.yy           Open TCP Port:           25                         smtp           Open TCP Port:           80                         http           Open TCP Port:           443                        https           Open TCP Port:           587                        submissionPort Scan has completed…Port 993 is not responding on the serverThe message in Mail&#x27;s SMTP log when scanning with Network Utiliy&#x27;s Portscan:Apr 24 13:06:57 mail postfix/smtpd[97874]: connect from unknown[nn.xx.yy.zzz]Apr 24 13:06:57 mail postfix/smtpd[97874]: lost connection after CONNECT from unknown[nn.xx.yy.zzz]Apr 24 13:06:57 mail postfix/smtpd[97874]: disconnect from unknown[nn.xx.yy.zzz]nn.xx.yy.zzz replaces the actual ip addressThe mail SMTP log when sending mail from webmail (squirrelmail):Apr 24 13:11:24 mail postfix/smtpd[98216]: connect from localhost[127.0.0.1]Apr 24 13:11:24 mail postfix/smtpd[98216]: 71F7A1EFFE4: client&#x3D;localhost[127.0.0.1]Apr 24 13:11:24 mail postfix/cleanup[98220]: 71F7A1EFFE4: message-id&#x3D;&lt;1f0d5dfe313aecd09922d3e51b1764a6.squirrel@mail.xxx.yyy&gt;Apr 24 13:11:24 mail postfix/qmgr[154]: 71F7A1EFFE4: from&#x3D;&lt;peterkjeldsen@mail.xxx.yyy&gt;, size&#x3D;779, nrcpt&#x3D;1 (queue active)Apr 24 13:11:24 mail postfix/smtpd[98216]: disconnect from localhost[127.0.0.1]Apr 24 13:11:24 mail postfix/smtpd[98224]: connect from localhost[127.0.0.1]Apr 24 13:11:24 mail postfix/smtpd[98224]: D782A1EFFF6: client&#x3D;localhost[127.0.0.1]Apr 24 13:11:24 mail postfix/cleanup[98220]: D782A1EFFF6: message-id&#x3D;&lt;1f0d5dfe313aecd09922d3e51b1764a6.squirrel@mail.xxx.yyy&gt;Apr 24 13:11:24 mail postfix/smtpd[98224]: disconnect from localhost[127.0.0.1]Apr 24 13:11:24 mail postfix/qmgr[154]: D782A1EFFF6: from&#x3D;&lt;peterkjeldsen@mail.xxx.yyy&gt;, size&#x3D;1256, nrcpt&#x3D;1 (queue active)Apr 24 13:11:25 mail postfix/smtp[98221]: 71F7A1EFFE4: to&#x3D;&lt;peterkjeldsen@mac.com&gt;, relay&#x3D;127.0.0.1[127.0.0.1]:10024, delay&#x3D;0.54, delays&#x3D;0.01/0.01/0/0.52, dsn&#x3D;2.0.0, status&#x3D;sent (250 2.0.0 Ok, id&#x3D;00288-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D782A1EFFF6)Apr 24 13:11:25 mail postfix/qmgr[154]: 71F7A1EFFE4: removedApr 24 13:11:26 mail postfix/smtp[98226]: D782A1EFFF6: to&#x3D;&lt;peterkjeldsen@mac.com&gt;, relay&#x3D;mx6.mac.com.akadns.net[17.172.36.34]:25, delay&#x3D;2, delays&#x3D;0.1/0.01/1.2/0.72, dsn&#x3D;2.5.0, status&#x3D;sent (250 2.5.0 Ok, envelope id 0M2Z00EHFAZ29YA0@st11b01mm-smtpin207.mac.com)Apr 24 13:11:26 mail postfix/qmgr[154]: D782A1EFFF6: removedxx.yyy replaces the actual sending domain nameMail SMTP log when receiving:Apr 24 13:11:26 mail postfix/smtp[98226]: D782A1EFFF6: to&#x3D;&lt;peterkjeldsen@mac.com&gt;, relay&#x3D;mx6.mac.com.akadns.net[17.172.36.34]:25, delay&#x3D;2, delays&#x3D;0.1/0.01/1.2/0.72, dsn&#x3D;2.5.0, status&#x3D;sent (250 2.5.0 Ok, envelope id 0M2Z00EHFAZ29YA0@st11b01mm-smtpin207.mac.com)Apr 24 13:11:26 mail postfix/qmgr[154]: D782A1EFFF6: removedApr 24 13:16:19 mail postfix/smtpd[98599]: connect from nk11p99mm-asmtpout008.mac.com[17.158.233.229]Apr 24 13:16:20 mail postfix/smtpd[98599]: NOQUEUE: reject: RCPT from nk11p99mm-asmtpout008.mac.com[17.158.233.229]: 450 4.7.1 &lt;peterkjeldsen@mail.xxx.yyy&gt;: Recipient address rejected: Service is unavailable; from&#x3D;&lt;peterkjeldsen@mac.com&gt; to&#x3D;&lt;peterkjeldsen@mail.xxx.yyy&gt; proto&#x3D;ESMTP helo&#x3D;&lt;nk11p99mm-asmtpout008.mac.com&gt;Apr 24 13:16:20 mail postfix/smtpd[98599]: disconnect from nk11p99mm-asmtpout008.mac.com[17.158.233.229]xx.yyy replaces the actual receiving domain name. Now my own account is not receiving mail... However my account has last received mails at 11:59 am today but from other senders.Mail SMTP log when inside client is attemptng to collect mail using IMAP (POP disabled on server):Apr 24 13:20:34 mail postfix/smtpd[98942]: warning: 95.9.xx.yy: hostname 95.9.xx.yy.static.ttnet.com.tr verification failed: nodename nor servname provided, or not knownApr 24 13:20:34 mail postfix/smtpd[98942]: connect from unknown[95.9.xx.yy]Apr 24 13:20:34 mail postfix/smtpd[98942]: lost connection after CONNECT from unknown[95.9.xx.yy]Apr 24 13:20:34 mail postfix/smtpd[98942]: disconnect from unknown[95.9.93.204]Apr 24 13:20:35 mail postfix/smtpd[98950]: warning: 995.9.xx.yy: hostname 95.9.xx.yy.static.ttnet.com.tr verification failed: nodename nor servname provided, or not knownApr 24 13:20:35 mail postfix/smtpd[98950]: connect from unknown[95.9.xx.yy]Apr 24 13:20:35 mail postfix/smtpd[98950]: lost connection after CONNECT from unknown[95.9.xx.yy]Apr 24 13:20:35 mail postfix/smtpd[98950]: disconnect from unknown[95.9.xx.yy]Apr 24 13:23:55 mail postfix/anvil[98947]: statistics: max connection rate 1/60s for (smtp:95.9.xx.yy) at Apr 24 13:20:34Apr 24 13:23:55 mail postfix/anvil[98947]: statistics: max connection count 1 for (smtp:995.9.xx.yy) at Apr 24 13:20:34Apr 24 13:23:55 mail postfix/anvil[98947]: statistics: max cache size 2 at Apr 24 13:20:3595.9.xx.yyIMAP log when internal user (webmail) attempts to collect mail:Apr 24 13:22:44 mail dovecot[90]: IMAP(*): User peterkjeldsen: Disconnected: Logged out bytes&#x3D;90/438Apr 24 13:22:44 mail dovecot[90]: IMAP(*): Master disconnected (pid 99130)Apr 24 13:32:45 mail dovecot[90]: imap-login: Login: user&#x3D;&lt;peterkjeldsen&gt;, method&#x3D;CRAM-MD5, rip&#x3D;127.0.0.1, lip&#x3D;127.0.0.1, securedApr 24 13:32:45 mail dovecot[90]: IMAP(*): Loading modules from directory: /usr/lib/dovecot/imapApr 24 13:32:45 mail dovecot[90]: IMAP(*): Module loaded: /usr/lib/dovecot/imap/lib10_quota_plugin.soApr 24 13:32:45 mail dovecot[90]: IMAP(*): Module loaded: /usr/lib/dovecot/imap/lib11_imap_quota_plugin.soApr 24 13:32:45 mail dovecot[90]: IMAP(*): Effective uid&#x3D;1025, gid&#x3D;20, home&#x3D;Apr 24 13:32:45 mail dovecot[90]: IMAP(*): Quota root: name&#x3D;User quota backend&#x3D;maildir args&#x3D;Apr 24 13:32:45 mail dovecot[90]: IMAP(*): Quota rule: root&#x3D;User quota mailbox&#x3D;* bytes&#x3D;0 messages&#x3D;0Apr 24 13:32:45 mail dovecot[90]: IMAP(*): Quota warning: bytes&#x3D;0 (100%) messages&#x3D;0 command&#x3D;/usr/libexec/dovecot/quota-exceeded.shApr 24 13:32:45 mail dovecot[90]: IMAP(*): Quota warning: bytes&#x3D;0 (80%) messages&#x3D;0 command&#x3D;/usr/libexec/dovecot/quota-warning.shApr 24 13:32:45 mail dovecot[90]: IMAP(*): maildir: data&#x3D;/var/spool/imap/dovecot/mail/6A6DB807-9155-45BA-B2DD-F1B995C571FEApr 24 13:32:45 mail dovecot[90]: IMAP(*): maildir++: root&#x3D;/var/spool/imap/dovecot/mail/6A6DB807-9155-45BA-B2DD-F1B995C571FE, index&#x3D;, control&#x3D;, inbox&#x3D;/var/spool/imap/dovecot/mail/6A6DB807-9155-45BA-B2DD-F1B995C571FEApr 24 13:32:45 mail dovecot[90]: IMAP(*): User peterkjeldsen: Disconnected: Logged out bytes&#x3D;90/438Apr 24 13:32:45 mail dovecot[90]: IMAP(*): Master disconnected (pid 99901)WEB Log (Apache access) when webmail user attempts to collect mail:192.168.1.5 - - [24/Apr/2012:13:20:48 +0300] "GET /webmail/src/left_main.php HTTP/1.1" 200 3034192.168.1.5 - - [24/Apr/2012:13:22:36 +0300] "GET /webmail/src/left_main.php HTTP/1.1" 200 3034192.168.1.5 - - [24/Apr/2012:13:22:38 +0300] "GET /webmail/src/left_main.php HTTP/1.1" 200 3034192.168.1.5 - - [24/Apr/2012:13:22:39 +0300] "GET /webmail/src/left_main.php HTTP/1.1" 200 3034192.168.1.5 - - [24/Apr/2012:13:22:40 +0300] "GET /webmail/src/left_main.php HTTP/1.1" 200 3034192.168.1.5 - - [24/Apr/2012:13:22:40 +0300] "GET /webmail/src/left_main.php HTTP/1.1" 200 3034192.168.1.5 - - [24/Apr/2012:13:22:40 +0300] "GET /webmail/src/left_main.php HTTP/1.1" 200 3034192.168.1.5 - - [24/Apr/2012:13:22:42 +0300] "GET /webmail/src/right_main.php?PG_SHOWALL&#x3D;0&amp;sort&#x3D;0&amp;startMessage&#x3D;1&amp;mailbox&#x3D;INBOX HTTP/1.1" 200 18776192.168.1.5 - - [24/Apr/2012:13:22:44 +0300] "GET /webmail/src/left_main.php HTTP/1.1" 200 3034192.168.1.5 - - [24/Apr/2012:13:32:45 +0300] "GET /webmail/src/left_main.php HTTP/1.1" 200 3034I&#x27;m at a loss it seems that attemps to connect via port 993 is registered in the log, but the port is not showing when port scanning and mail clients cannot collect mail.This is inconsistent behaviour... file corruption somewhere?Kind regardsPeter

Peter Borbonus · Answer

I&#x27;m sorry... but maybe one of the "gurus" here can help you more...Best wishes,Peter.

PeterKjeldsen · Answer

Hi Peter,Thanks for trying anyway 🙂Kind regardsPeterPS. I re-installed in the end just to get in working, but it is odd that only one port is affected and does not respond.