View Full Version : Email server stopt working after power failure
DaRKNeSS666NL
5th January 2008, 13:09
Oke,
After a great year with a working server, we had a power failure over here.
Now I can't receive any mails no more! So something went wrong with the server configuration. I honestly don't know whereto look for it. Its has something to do with the smtp config. If I send an email with gmail to the server I am getting this mail:Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 13): 550 Relaying denied
----- Original message -----
Received: by 10.115.58.1 with SMTP id l1mr17750318wak.110.1199530664873;
Sat, 05 Jan 2008 02:57:44 -0800 (PST)
Received: by 10.114.179.4 with HTTP; Sat, 5 Jan 2008 02:57:44 -0800 (PST)
Message-ID: <9f2294380801050257r4e615bdes96ab280b29a93883@mail. gmail.com>
Date: Sat, 5 Jan 2008 11:57:44 +0100
From: "DaRK NeSS" <darkness666nl@gmail.com>
To: "Appie - Domestic Violence" <appie@domestic-violence.nl>
Subject: Re: email test uitwendig
In-Reply-To: <000501c84f89$67affdc0$370ff940$@nl>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_22102_12366948.1199530664865"
References: <000501c84f89$67affdc0$370ff940$@nl>
------=_Part_22102_12366948.1199530664865
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Is there an command to test the server? Does anybody can offer me an hand?
TIA
till
5th January 2008, 19:12
Please have a look in the mail log file and post the errors you got there.
DaRKNeSS666NL
6th January 2008, 12:32
My mail log does have as far I can see no email errors only from the virus scanner
/var/log/mail.logJan 6 12:17:40 dcs-server freshclam[4366]: Received signal: wake up
Jan 6 12:17:40 dcs-server freshclam[4366]: ClamAV update process started at Sun Jan 6 12:17:40 2008
Jan 6 12:17:40 dcs-server freshclam[4366]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Jan 6 12:17:40 dcs-server freshclam[4366]: See the FAQ at http://www.clamav.net/support/faq for an explanation.
Jan 6 12:17:40 dcs-server freshclam[4366]: Can't query current.cvd.clamav.net
Jan 6 12:17:40 dcs-server freshclam[4366]: Invalid DNS reply. Falling back to HTTP mode.
Jan 6 12:17:40 dcs-server freshclam[4366]: Reading CVD header (main.cvd):
Jan 6 12:17:45 dcs-server freshclam[4366]: Can't get information about database.clamav.net: Temporary DNS error
Jan 6 12:17:45 dcs-server freshclam[4366]: Can't read main.cvd header from database.clamav.net (IP: )
Jan 6 12:17:45 dcs-server freshclam[4366]: Trying again in 5 secs...
Jan 6 12:17:50 dcs-server freshclam[4366]: ClamAV update process started at Sun Jan 6 12:17:50 2008
Jan 6 12:17:50 dcs-server freshclam[4366]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Jan 6 12:17:50 dcs-server freshclam[4366]: See the FAQ at http://www.clamav.net/support/faq for an explanation.
Jan 6 12:17:50 dcs-server freshclam[4366]: Can't query current.cvd.clamav.net
Jan 6 12:17:50 dcs-server freshclam[4366]: Invalid DNS reply. Falling back to HTTP mode.
Jan 6 12:17:50 dcs-server freshclam[4366]: Reading CVD header (main.cvd):
Jan 6 12:18:00 dcs-server freshclam[4366]: Can't get information about database.clamav.net: Temporary DNS error
Jan 6 12:18:00 dcs-server freshclam[4366]: Can't read main.cvd header from database.clamav.net (IP: )
Jan 6 12:18:00 dcs-server freshclam[4366]: Trying again in 5 secs...
Jan 6 12:18:05 dcs-server freshclam[4366]: ClamAV update process started at Sun Jan 6 12:18:05 2008
Jan 6 12:18:05 dcs-server freshclam[4366]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Jan 6 12:18:05 dcs-server freshclam[4366]: See the FAQ at http://www.clamav.net/support/faq for an explanation.
Jan 6 12:18:05 dcs-server freshclam[4366]: Can't query current.cvd.clamav.net
Jan 6 12:18:05 dcs-server freshclam[4366]: Invalid DNS reply. Falling back to HTTP mode.
Jan 6 12:18:05 dcs-server freshclam[4366]: Reading CVD header (main.cvd):
Jan 6 12:18:10 dcs-server freshclam[4366]: Can't get information about database.clamav.net: Temporary DNS error
Jan 6 12:18:10 dcs-server freshclam[4366]: Can't read main.cvd header from database.clamav.net (IP: )
Jan 6 12:18:10 dcs-server freshclam[4366]: Giving up on database.clamav.net...
Jan 6 12:18:10 dcs-server freshclam[4366]: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.
Jan 6 12:18:10 dcs-server freshclam[4366]: --------------------------------------
Jan 6 12:40:29 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 6 12:40:29 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
Jan 6 12:40:29 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 6 12:40:29 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 6 12:40:29 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
Jan 6 12:40:30 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=1
Jan 6 12:40:30 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 6 12:40:30 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
Jan 6 12:40:30 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 6 13:10:39 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 6 13:10:39 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
Jan 6 13:10:39 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 6 13:10:39 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 6 13:10:39 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
Jan 6 13:10:39 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 6 13:10:39 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 6 13:10:39 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
Jan 6 13:10:39 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 6 13:16:52 dcs-server postfix/master[18012]: terminating on signal 15
Jan 6 13:16:53 dcs-server postfix/master[30790]: daemon started -- version 2.3.3, configuration /etc/postfix
falko
6th January 2008, 14:23
Do you have network connectivity? Can you resolve DNS names? What's in /etc/resolv.conf?
DaRKNeSS666NL
6th January 2008, 14:34
In my /etc/resolv.conf
nameserver 192.168.1.1
Its the routers IP adress
falko
7th January 2008, 15:07
Please try this instead:
nameserver 145.253.2.75
nameserver 193.174.32.18
DaRKNeSS666NL
8th January 2008, 22:33
Done that now and no go.
But they are just name servers right?
So I can put more of my own in then? Like 213.51.129.37 for example that one is from my isp.
DaRKNeSS666NL
8th January 2008, 23:04
Okee, Its little bit better now but I can't see any emails.
I know that the mail is deliverd to my server I can see that in my rollernet logs
Message from mail.rollernet.us accepted by 84.31.***.** (www.***-online.nl) after 3 seconds.
From: Queue F4060582F79D
To: info@d******-violence.nl
Date: 2008-01-08 21:48:58 sent (250 2.0.0 Ok: queued as 8CBF97F4041)
Also in my webmail (roundcube) no email is ariving
till
9th January 2008, 10:10
Which messages do you get in the mail log of the receiving mailserver?
DaRKNeSS666NL
9th January 2008, 22:01
Here it is I Have noticed 2 warnings One from clamav that its outdated and needs to update.
And the most related one I think are the last few lines. If I read correctly the mail server sees all the email as dangerous or unknown and removes them.
Jan 9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
Jan 9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
Jan 9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
Jan 9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 9 21:24:23 dcs-server courierpop3login: Connection, ip=[::ffff:84.198.59.205]
Jan 9 21:24:23 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_toon, ip=[::ffff:84.198.59.205]
Jan 9 21:24:23 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_toon, ip=[::ffff:84.198.59.205], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 9 21:39:05 dcs-server freshclam[4376]: Received signal: wake up
Jan 9 21:39:05 dcs-server freshclam[4376]: ClamAV update process started at Wed Jan 9 21:39:05 2008
Jan 9 21:39:05 dcs-server freshclam[4376]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Jan 9 21:39:05 dcs-server freshclam[4376]: See the FAQ at http://www.clamav.net/support/faq for an explanation.
Jan 9 21:39:05 dcs-server freshclam[4376]: Your ClamAV installation is OUTDATED!
Jan 9 21:39:05 dcs-server freshclam[4376]: Local version: 0.91.2 Recommended version: 0.92
Jan 9 21:39:05 dcs-server freshclam[4376]: DON'T PANIC! Read http://www.clamav.net/support/faq
Jan 9 21:39:05 dcs-server freshclam[4376]: main.inc is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven)
Jan 9 21:39:05 dcs-server freshclam[4376]: daily.inc is up to date (version: 5459, sigs: 21320, f-level: 21, builder: ccordes)
Jan 9 21:39:05 dcs-server freshclam[4376]: --------------------------------------
Jan 9 22:01:15 dcs-server courierpop3login: Connection, ip=[::ffff:90.128.161.215]
Jan 9 22:01:15 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215]
Jan 9 22:01:15 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 9 22:31:21 dcs-server courierpop3login: Connection, ip=[::ffff:90.128.161.215]
Jan 9 22:31:21 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215]
Jan 9 22:31:21 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
Jan 9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
Jan 9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan 9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
Jan 9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan 9 22:46:37 dcs-server postfix/smtpd[13672]: connect from unknown[208.11.75.2]
Jan 9 22:46:38 dcs-server postfix/smtpd[13672]: setting up TLS connection from unknown[208.11.75.2]
Jan 9 22:46:38 dcs-server postfix/smtpd[13672]: TLS connection established from unknown[208.11.75.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Jan 9 22:46:38 dcs-server postfix/smtpd[13672]: F095C7F4041: client=unknown[208.11.75.2]
Jan 9 22:46:39 dcs-server postfix/cleanup[13676]: F095C7F4041: message-id=<f07c7c440801091150n53b9a144t4ddbe8188422bcb8@mail. gmail.com>
Jan 9 22:46:39 dcs-server postfix/qmgr[23609]: F095C7F4041: from=<domesticviolence.nl@gmail.com>, size=3075, nrcpt=1 (queue active)
Jan 9 22:46:39 dcs-server postfix/smtpd[13672]: disconnect from unknown[208.11.75.2]
Jan 9 22:46:39 dcs-server procmail[13678]: Suspicious rcfile "/var/www/web5/user/domestic-violence.nl_info/.procmailrc"
Jan 9 22:46:39 dcs-server postfix/local[13677]: F095C7F4041: to=<domestic-violence.nl_info@dcs-server.dcs-online.nl>, orig_to=<info@domestic-violence.nl>, relay=local, delay=0.3, delays=0.26/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
Jan 9 22:46:39 dcs-server postfix/qmgr[23609]: F095C7F4041: removed
This is the /var/www/web5/user/domestic-violence.nl_info/.procmailrc
MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR
ORGMAIL=$MAILDIR
INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.mailsize.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.quota.rc
INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.antivirus.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.local-rules.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.html-trap.rc
INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.spamassassin.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.autoresponder.rc
I am currently running the update to version.....19. Mabey that will help.
falko
10th January 2008, 17:38
What's the output of ls -la /var/www/web5/user/domestic-violence.nl_info?
DaRKNeSS666NL
10th January 2008, 22:12
The output
total 132
drwxrwxrwx 5 domestic-violence.nl_info web5 4096 2007-05-11 00:11 .
drwxrwxrwx 10 domestic-violence.nl_appie web5 4096 2007-12-15 16:57 ..
-rw-r--r-- 1 root root 103 2008-01-09 00:57 .antivirus. rc
-rw-r--r-- 1 root root 816 2008-01-09 00:57 .autorespon der.rc
-rw------- 1 domestic-violence.nl_info web5 24 2008-01-09 00:57 .forward
-rw-r--r-- 1 root root 67866 2008-01-09 00:57 .html-trap. rc
-rw-r--r-- 1 root root 3889 2008-01-09 00:57 .local-rule s.rc
drwx------ 10 domestic-violence.nl_info web5 4096 2007-06-30 21:23 Maildir
-rw-r--r-- 1 root root 204 2008-01-09 00:57 .mailsize.r c
-rw-r--r-- 1 root root 556 2008-01-09 00:57 .procmailrc
-rw-r--r-- 1 root root 656 2008-01-09 00:57 .quota.rc
drwxrwxrwx 2 domestic-violence.nl_info web5 4096 2007-12-26 13:18 .spamassass in
-rw-r--r-- 1 root root 1161 2008-01-09 00:57 .spamassass in.rc
-rw-r--r-- 1 root root 2039 2008-01-09 00:57 .user_prefs
-rw-r--r-- 1 root root 32 2008-01-09 00:57 .vacation.m sg
drwxrwxrwx 2 domestic-violence.nl_info web5 4096 2007-04-01 12:34 web
falko
11th January 2008, 14:50
/var/www/web5/user/domestic-violence.nl_info and /var/www/web5/user must have 755 permissions.
chmod 755 /var/www/web5/user/domestic-violence.nl_info
chmod 755 /var/www/web5/user
DaRKNeSS666NL
11th January 2008, 22:50
Falco,
That worked for my info account. Is there a simple way to chmod all my accounts? Or must I manually chmod all of them?
edit,
I have used the same chmod code voor my account appie but that doesn't worked for me.
chmod 755 /var/www/web5/user/domestic-violence.nl_appie
chmod 755 /var/www/web5/user
BTW what has hapend with my server (besides the power failure) that the rights have been chanced? could it be a virus or an hack? And is it better to start with a clean install?
falko
12th January 2008, 18:41
Or must I manually chmod all of them?I'd do it manually to avoid that you accidentally mess up permissions.
edit,
I have used the same chmod code voor my account appie but that doesn't worked for me.
chmod 755 /var/www/web5/user/domestic-violence.nl_appie
chmod 755 /var/www/web5/userMake sure that none of the directories in the path up to /var/www/web5/user/domestic-violence.nl_appie has 777 permissions. They should be 755.
BTW what has hapend with my server (besides the power failure) that the rights have been chanced? could it be a virus or an hack? And is it better to start with a clean install?Did you maybe do a recursive chmod on your directories?
DaRKNeSS666NL
12th January 2008, 20:31
I'd do it manually to avoid that you accidentally mess up permissions.
Make sure that none of the directories in the path up to /var/www/web5/user/domestic-violence.nl_appie has 777 permissions. They should be 755.
Did you maybe do a recursive chmod on your directories?
I manually changed the directories and at the moment all is working again.
I didn't do anything with my server. I only had 2 times an power failure, can it be that the instant shutdown changed the rights?
I think its saver to start over again. Working already on an older pc to get it to work with ISPconfig, so I can format the server.
Again thanks for you help mabey I will need it again tommorow;)
falko
13th January 2008, 14:22
can it be that the instant shutdown changed the rights?
I don't think so. Maybe you should check your server with chkrootkit and rkhunter.
DaRKNeSS666NL
14th January 2008, 21:43
I have checked with the 2 programs. I did get some warnings, but I installed a clean ubuntu server and there I got the same warnings.
So for now its working again. I am going to put the site on my backup server I have just created and will do an clean install of my primary server.
Thanks again.
vBulletin® v3.8.4, Copyright ©2000-2009, Jelsoft Enterprises Ltd.