Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Failed POP3 login error
  •  
hepkat63

Messages: 7
Karma: 0
Send a private message to this user
Hi,
Every time I check my email INTERNALLY, i receive " Failed POP3 login from 10.0.1.156" in the security log. EMail works just fine though, I still receive these messages everytime I check my mail. For my exteral users, all is fine.
I did see a post by JANLIN on this subject back in March, but there was no follow up post.
Can anyone help here please?
BTW, I have tried four separate email clients (on my MAC) and it generates the same error message from them all.
thanks
steve
  •  
cubejockey

Messages: 3
Karma: 0
Send a private message to this user
I'm experiencing the same thing so I thought I'd bump this and see if anyone had any solutions.

Kerio 6.1.2 Build 1
Server OS: Fedora Core 2
My Client's OS: Mac OSX (Tiger)
Email Client: Mail.app

I'm connecting to Secure POP3 and my user account has SHA format enabled.

I'm able to retrieve my mail just fine but the security log keeps showing a POP3 login failure. There is not any corresponding entry in the warning log as the manual suggests for resolving these kinds of issues.

[12/Jan/2006 01:20:31] Failed POP3 login from XXX.XXX.XXX.XXX, user YYY<_at_>domain.com
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Turn on POP3 logging in the debug log and post the relevant log entries here. Without detailed logging, I think it will be difficult to analyse the problem.

Regards, Pascal

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
frankf

Messages: 1
Karma: 0
Send a private message to this user
I'm also getting Failed POP3 login from XXX.XXX.XXX.XXX, user YYY<_at_>domain.com


Where XXX.XXX.XXX.XXX is the address of my Firewall.


This only happens from people checking internally.

-Frank
  •  
cubejockey

Messages: 3
Karma: 0
Send a private message to this user
Not a problem...

Here are the debug log entries with the POP3 session stuff turned on.

[13/Jan/2006 20:38:10][21052] {pop3s} POP3 server session begin; client connected from XXX.XXX.XXX.XXX:XXXXX
[13/Jan/2006 20:38:11][21052] {pop3s} Command: APOP <USER> 8162bb7f4c801892f8a687e43394f02b
[13/Jan/2006 20:38:14][21052] {pop3s} Command: USER <USER>
[13/Jan/2006 20:38:14][21052] {pop3s} Command: PASS <password>
[13/Jan/2006 20:38:14][21052] {pop3s} User user<_at_>domain.net logged in
[13/Jan/2006 20:38:14][21052] {pop3s} Command: STAT
[13/Jan/2006 20:38:14][21052] {pop3s} Command: UIDL 1
[13/Jan/2006 20:38:14][21052] {pop3s} Command: UIDL 4
[13/Jan/2006 20:38:14][21052] {pop3s} Command: QUIT
[13/Jan/2006 20:38:14][21052] {pop3s} Session end

That's all there is, I don't see any errors. The corresponding error in the security log is the same as the one pasted above.

Any ideas?
  •  
cohcon

Messages: 88
Karma: 0
Send a private message to this user
Are you hosting more than one domain?

Is the domain that you are logging into the primary?

Do you get the same errors if you telnet <mailserver> 110 and try the pop session conversation from the telnet prompt?

  •  
cohcon

Messages: 88
Karma: 0
Send a private message to this user
Are you hosting more than one domain?

Is the domain that you are logging into the primary?

In your client, is your user credentials <user><_at_><domain>, or just <user>?

Do you get the same errors if you telnet <mailserver> 110 and try the pop session conversation from the telnet prompt?

  •  
cubejockey

Messages: 3
Karma: 0
Send a private message to this user
>>Are you hosting more than one domain?

No, this is the only one.

>>Is the domain that you are logging into the primary?

Yes.

>>In your client, is your user credentials <user><_at_><domain>, or just <user>?

Credentials being used are <user> only. I tried using <user><_at_><domain> and it produced the same security error.

>>Do you get the same errors if you telnet <mailserver> 110 and try the pop session conversation from the telnet prompt?

I get some odd results when I try this.
Telnet <mailserver> 995 (I'm using secure pop) yields this:

Trying XXX.XXX.XXX.XXX...
Connected <DOMAIN>.
Escape character is '^]'.

The cursor resides on that line below the escape line. If I type USER <user> to get started it immediately boots me out with "Connection closed by foreign host."

I'm not sure if that is a clue, just security on our server or something I'm doing wrong.

None of the above causes anything to appear in the security logs.
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
Did anyone make any progress with this?

I have the same error in my logs for users authenticating from our LAN, through our firewall/gateway (Vicomsoft), and into the KMS server on the local side of our T1 segment.

I had submitted support tickets back in 2004, but I have a feeling I dropped the ball and didn't follow up. Technically, the only problem this appears to create (other than possibly small delays in authentication), is unwanted entries in the security log.

Here is what I received from support:

11/22/04: "Do the users run antivirus software on their client machines or a personal firewall product? <snip> Try figuring out what is occurring on the client side that is causing the login session to timeout repeatedly. You might also try disabling any unused authentication types in Configuration -> Advanced Options -> Security Policy in the Kerio MailServer Administration Console. For example, if the users do not use Cram-MD5 as an authentication option then disable that option. The login time outs could occur while the mail server and mail client negotate what authentication type they will use."

I plan on moving our KMS server to our internal network (using PAT). One of the little perks for which I am hoping is the end of these errors. There are so many entries of "Failed POP3 login", that it reduces the value of the security log.

Cheers,
Lyle Millander
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
I'm bumping this one again as I will be resubmitting it as a support ticket.

If anyone found a way to eliminate these errors, please share.

If anyone responds to this posting, I will publish what I learn here.

All the best,
Lyle Millander
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
http://support.kerio.com/index.php?_m=knowledgebase&_a=v iewarticle&kbarticleid=430

Okay, I guess this means I have to set all my Apple Mail.app users to secure connections.
Previous Topic: exchange migration error
Next Topic: not receive mail from yahoo
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 20:50:25 CET 2017

Total time taken to generate the page: 0.00532 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.