I have run my own mail server out of my attic for the last 10 years.  I guess it’s just what you do when your a techie in my career field.   So last year I decided to make the switch from exchange 2003 (yikes!) to iRedMail.  Most of it was going fine for a long time, but there was always this peskiness with my iphone client not sending mail correctly. I had to go to the web portal (roundcube) to send.  Well, today I decided I really wanted to figure out why I could never send mail from my iPhone client.  I was sending on tcp 587 – no luck – kept getting a generic error message, something like “mail could not be delivered at this time, try again”

So I decided to get serious. I did packet captures from my wireless LAN controller and noticed that every packet my client sent was met by an ICMP port unreachable from the mail server.  So I checked iptables — at first I thought iptables was clear:

ACCEPT   tcp  – –   anywhere  tcp dpt:submission

but then I noticed further down in the chain fail2ban-default:

BLOCK <my iPhone IP>

Somehow the login process results in too many failures (even with the right password).   Whitelisted my home address block in /etc/fail2ban/jail.conf

ignoreip – 127.0.0.1/8 <added my ip block here /16  (yes I have a big home network ;)>

And voila – mail is now sending from my iphone.

Hey — if you take the time to read this I’ll set you up with a free mailbox for liking the link! Send me a note @CiscoNeville

I am out this week in San Jose with Cisco for the security Virtual Team. So many weeds in the conference! After it was over yesterday I drove up to Sunol and hiked (still in my nice work shoes) to the top of the ridge. Nice view!