Blocked From My Own Mailserver


Yesterday I saw the announcement the Thunderbird 115 was finally available on flathub. I thought I would install it and try it out on my laptop. Normally I use a Roundcube server as my main mail client, with Mail K-9 for my mobile access.

Installed Thunderbird without a hitch. But then I ran into a problem when I tried to add my first email account.

It didn’t pickup the correct mail server hostnames from autodiscovery, so I have to change those. Then it wouldn’t authenticate. The program hung. I didn’t have time to investigate, so I killed the program and went on to do something else.

I later found out that I could no longer access my mail server from mobile or Roundcube.

I could telnet to port 993 from the server with telnet localhost 993, but not from any other machine on my network. I was also able to access my email from my mobile if I turned off my WiFi and came in over the Internet.

I was very confused.

My mail server is a self-hosted instance of docker-mailserver.

One of the features docker-mailserver provides is integration with fail2ban.

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs – too many password failures, seeking for exploits, etc.

It took me a few hours to figure out that fail2ban had added my own IP to the ban address, presumably because of the misbehaviour of Thunderbird.

The fix was simple:

cd mailserver
./ fail2ban unban $MY_IP is the management script provided by docker-mailserver, and provides easy access to the commands installed in the docker image.

I do plan on trying Thunderbird again, but this time I’ll keep an eye on my mailserver logs to make sure I don’t get locked out again.