Blocked From My Own Mailserver
Yesterday I saw the announcement the Thunderbird 115 was finally available on flathub. I thought I would install it and try it out on my laptop. Normally I use a Roundcube server as my main mail client, with Mail K-9 for my mobile access.
Installed Thunderbird without a hitch. But then I ran into a problem when I tried to add my first email account.
It didn't pickup the correct mail server hostnames from autodiscovery, so I have to change those. Then it wouldn't authenticate. The program hung. I didn't have time to investigate, so I killed the program and went on to do something else.
I later found out that I could no longer access my mail server from mobile or Roundcube.
I could telnet to port 993 from the server with telnet localhost 993
, but not from any other
machine on my network. I was also able to access my email from my mobile if I turned off my WiFi and
came in over the Internet.
I was very confused.
My mail server is a self-hosted instance of docker-mailserver.
One of the features docker-mailserver provides is integration with fail2ban.
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.
It took me a few hours to figure out that fail2ban had added my own IP to the ban address, presumably because of the misbehaviour of Thunderbird.
The fix was simple:
cd mailserver
./setup.sh fail2ban unban $MY_IP
setup.sh
is the management script provided by docker-mailserver, and provides easy access to the commands installed in the docker image.
I do plan on trying Thunderbird again, but this time I'll keep an eye on my mailserver logs to make sure I don't get locked out again.