On Friday I had an unusual incident that I am looking into. When I started up Seamonkey (2.53.14 Mozilla/5.0, X11; Linux x86_64; rv:78.0) I immediately started getting messages about failed logins for the different accounts managed by the client. This client manages about a dozen addresses all of which are at my domain. The messages were the same as you would receive for incorrect passwords or unknown account names but this seems to be a generic error that you can also get if you don't have an internet connection, etc.
The first thing I did was to quickly check the server settings to make sure they were not changed. II confirmed that I had a working internet connection also checked /etc/hosts, but there is nothing in there but the localhost definition. I next checked the logs of my hardware firewall to make sure that the IP address of my email server had not changed. My firewall uses and IP address or range for its rules and not a domain name so if for some reason the IP of a server that the domain points to has changed then a new rule needs to be made.
I found that the outgoing connection attempts for the several accounts that tried to connect were made to several different IP addresses,
Code: Select all
IP address OrgId OrgName
142.251.40.228 GOGL Google LLC
142.251.40.170 GOGL Google LLC
142.250.176.202 GOGL Google LLC
142.250.65.206 GOGL Google LLC
104.26.7.175 CLOUD14 Cloudflare, Inc.
104.17.25.14 CLOUD14 Cloudflare, Inc.
34.117.59.81 GOOGL-2 Google LLC
My provider checked with DNS and their logs indicate that my server domain name has pointed to the same IP address for more than 3 years. This address is the one that corresponds to my firewall rule.
Does anyone know why Seamonkey would have tried to connect to these Google and Cloudflare IP addresses instead of to the IP address that DNS associates with my mail server? Has anyone seen this behaviour before?
I assume that this is a Seamonkey bug, which is why it is posted here. Someone let me know if they think this should be posted elsewhere. Without knowing how Seamonkey makes its external connections, obtains the address through DNS, etc, it is hard to know where to look for the problem.
After about 5 minutes the issue resolved on its own and successful connections were made to the correct IP address for the server. The system is configured to use Open DNS (208.67.222.222 · 208.67.220.220) if that matters. Looking back through the firewall logs, I don't see any other instances of this before or since.
Thanks,
LMHmedchem