HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   postfix bounced email question (http://www.howtoforge.com/forums/showthread.php?t=19948)

daveb 30th January 2008 13:58

postfix bounced email question
 
I had a email that was bounced yesterday that I have a question about. my mail.log is missing several hours before the email and starts back up right after the email started getting bounced. mail.info and syslog still have log info but mail.log is missing several hours.
from syslog I found this
Code:

Jan 29 03:39:16 server postfix/smtpd[14727]: connect from some.domain.com[75.x.x.x]
Jan 29 03:39:16 server postfix/smtpd[14727]: setting up TLS connection from some.domain.com[75.x.x.x]
Jan 29 03:39:16 server postfix/smtpd[14727]: TLS connection established from some.domain.com[75.x.x.x]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jan 29 03:39:17 server postfix/policy-spf[14734]: handler sender_policy_framework: is decisive.
Jan 29 03:39:17 server postfix/policy-spf[14734]: : Policy action=PREPEND Received-SPF: none (some.domain.com: No applicable sender policy available) receiver=server.server.com; identity=mfrom; envelope-from="nobody@some.domain.com"; helo=some.domain.com; client-ip=75.x.x.x
Jan 29 03:39:18 server postfix/smtpd[14727]: 57B494CC15E: client=some.domain.com[75.x.x.x]
Jan 29 03:39:18 server postfix/cleanup[14735]: 57B494CC15E: message-id=<E1JJm02-0002dc-CB@some.domain.com>
Jan 29 03:39:18 server postfix/qmgr[11372]: 57B494CC15E: from=<nobody@some.domain.com>, size=8036, nrcpt=1 (queue active)
Jan 29 03:39:18 server postfix/smtpd[14727]: disconnect from some.domain.com[75.x.x.x]
Jan 29 03:39:18 server postfix/pickup[14443]: A1B1C4CC2D9: uid=10006 from=<customer5_guruweb>
Jan 29 03:39:18 server postfix/cleanup[14735]: A1B1C4CC2D9: message-id=<20080129093918.A1B1C4CC2D9@server.server.com>
Jan 29 03:39:18 server postfix/qmgr[11372]: A1B1C4CC2D9: from=<web5_xxxx@server.com>, size=413, nrcpt=1 (queue active)
Jan 29 03:39:18 server postfix/local[14753]: A1B1C4CC2D9: to=<admispconfig@localhost.localdomain>, relay=local, delay=0.3, delays=0.1/0.01/0/0.19, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
Jan 29 03:39:18 server postfix/qmgr[11372]: A1B1C4CC2D9: removed
Jan 29 03:39:24 server postfix/local[14736]: 57B494CC15E: to=<web5_xxxx@server.com>, orig_to=<webmaster@server.com>, relay=local, delay=7.5, delays=1.8/0.01/0/5.7, dsn=5.3.0, status=bounced (Command died with signal 6: "/usr/bin/procmail -f-")
Jan 29 03:39:24 server postfix/cleanup[14735]: 3B4264CC2D9: message-id=<20080129093924.3B4264CC2D9@server.server.com>
Jan 29 03:39:24 server postfix/qmgr[11372]: 3B4264CC2D9: from=<>, size=9965, nrcpt=1 (queue active)
Jan 29 03:39:24 server postfix/bounce[14774]: 57B494CC15E: sender non-delivery notification: 3B4264CC2D9
Jan 29 03:39:24 server postfix/qmgr[11372]: 57B494CC15E: removed
Jan 29 03:39:26 server postfix/smtp[14775]: certificate verification failed for some.domain.com: num=18:self signed certificate
Jan 29 03:40:17 server postfix/smtp[14775]: 3B4264CC2D9: to=<nobody@some.domain.com>, relay=some.domain.com[75.x.x.x]:25, delay=53, delays=0.01/0.02/2.5/51, dsn=4.0.0, status=deferred (host some.domain.com[75.x.x.x] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
Jan 29 03:42:38 server postfix/anvil[14731]: statistics: max connection rate 1/60s for (smtp:75.x.x.x) at Jan 29 03:39:16
Jan 29 03:42:38 server postfix/anvil[14731]: statistics: max connection count 1 for (smtp:75.x.x.x) at Jan 29 03:39:16
Jan 29 03:42:38 server postfix/anvil[14731]: statistics: max cache size 1 at Jan 29 03:39:16

Jan 29 04:09:02 server postfix/qmgr[11372]: 3B4264CC2D9: from=<>, size=9965, nrcpt=1 (queue active)
Jan 29 04:09:04 server postfix/smtp[15289]: certificate verification failed for some.domain.com: num=18:self signed certificate
Jan 29 04:09:55 server postfix/smtp[15289]: 3B4264CC2D9: to=<nobody@some.domain.com>, relay=some.domain.com[75.x.x.x]:25, delay=1831, delays=1778/0.02/2.4/51, dsn=4.0.0, status=deferred (host some.domain.com[75.x.x.x] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))

what could cause this error? and foremost what could cause my mail.log to be missing several hours while this took place?
Code:

Jan 29 03:39:24 server postfix/local[14736]: 57B494CC15E: to=<web5_xxxx@server.com>, orig_to=<webmaster@server.com>, relay=local, delay=7.5, delays=1.8/0.01/0/5.7, dsn=5.3.0, status=bounced (Command died with signal 6: "/usr/bin/procmail -f-")

falko 31st January 2008 19:23

Does
Code:

/usr/bin/procmail -v
show any errors?

daveb 31st January 2008 20:23

Nope
Code:

srv02:/# /usr/bin/procmail -v
procmail v3.22 2001/09/10
    Copyright (c) 1990-2001, Stephen R. van den Berg    <srb@cuci.nl>
    Copyright (c) 1997-2001, Philip A. Guenther        <guenther@sendmail.com>

Submit questions/answers to the procmail-related mailinglist by sending to:
        <procmail-users@procmail.org>

And of course, subscription and information requests for this list to:
        <procmail-users-request@procmail.org>

Locking strategies:    dotlocking, fcntl()
Default rcfile:        $HOME/.procmailrc
        It may be writable by your primary group
Your system mailbox:    /var/mail/root


falko 1st February 2008 16:08

What's the output of
Code:

ls -la
in web5_xxxx's homedir? Maybe some permissions are wrong...

daveb 2nd February 2008 00:35

I checked permissions already and they looked right so I don't believe their wrong. besides after that I also updated the user so that permissions or files would be replaced to check and make myself feal better haha I have been known to make mistakes. but here you can take a look.
Code:

ls -la web5_xxx
total 124
drwxr-xr-x 5 web5_xxx      web5  4096 2008-01-30 05:59 .
drwxr-xr-x 3 web5_xxx      web5  4096 2007-10-20 21:25 ..
-rw-r--r-- 1 root              root  189 2008-01-30 05:59 .antivirus.rc
-rw-r--r-- 1 root              root  804 2008-01-30 05:59 .autoresponder.rc
-rw-r--r-- 1 root              root 69149 2008-01-30 05:59 .html-trap.rc
-rw-r--r-- 1 root              root  3889 2008-01-30 05:59 .local-rules.rc
drwx------ 9 web5_xxx    web5  4096 2007-11-09 16:45 Maildir
-rw-r--r-- 1 root              root  204 2008-01-30 05:59 .mailsize.rc
-rw-r--r-- 1 root              root  656 2008-01-30 05:59 .quota.rc
drwx------ 2 web5_xxx    web5  4096 2008-01-29 03:39 .spamassassin
-rw-r--r-- 1 root              root  1236 2008-01-30 05:59 .spamassassin.rc
-rw-r--r-- 1 root              root  2039 2008-01-30 05:59 .user_prefs
-rw-r--r-- 1 root              root    32 2008-01-30 05:59 .vacation.msg
drwxrwxr-x 2 web5_xxx      web5  4096 2007-10-20 21:25 web

Thanks for taking the time to toss ideas at me falko. I put this server together back in October and never gave a lick of problems tell this fluk and hasn't since. everything seems to look right to myself and rkhunter, chrootkit, and clamav don't produce any negative results. I will continue to monitor the situation and ask if anything else seems to pop up. If you have any other ideas please feel free to toss them my way :)

falko 2nd February 2008 19:22

What's the output of
Code:

ls -la /var/www/web5
?

daveb 2nd February 2008 19:30

Code:

srv02:/# ls -la /var/www/web5
total 68
drwxr-xr-x 14 web5_xxx web5 4096 2008-01-30 05:59 .
drwxr-xr-x 13 root              root 4096 2007-10-20 21:30 ..
drwxr-xr-x  2 root              root 4096 2007-10-20 21:25 bin
drwxr-xr-x  2 web5_xxx web5 4096 2007-10-20 21:24 cgi-bin
drwxr-xr-x  2 root              root 4096 2007-10-20 21:25 dev
drwxr-xr-x  4 root              root 4096 2007-10-20 21:25 etc
-rw-------  1 web5_xxx web5  24 2008-01-30 05:59 .forward
-rw-rw-r--  1 root              web5  53 2008-02-02 04:00 .htpasswd
drwxr-xr-x  4 root              root 4096 2007-10-20 21:25 lib
drwxr-xr-x  4 web5_xxx web5 4096 2008-02-02 00:30 log
lrwxrwxrwx  1 root              root  44 2008-01-30 05:59 Maildir -> /var/www/web5/user/web5_xxx/Maildir
drwxrwxrwx  2 web5_xxx web5 4096 2007-10-20 21:24 phptmp
-rw-r--r--  1 root              root  494 2008-01-30 05:59 .procmailrc
lrwxrwxrwx  1 root              root  51 2008-01-30 05:59 .spamassassin -> /var/www/web5/user/web5_xxx/.spamassassin/
drwxr-xr-x  2 web5_xxx web5 4096 2007-10-20 21:24 ssl
drwxr-xr-x  3 web5_xxx web5 4096 2007-10-20 21:25 user
drwxr-xr-x  4 root              root 4096 2007-10-20 21:25 usr
lrwxrwxrwx  1 root              root  52 2008-01-30 05:59 .vacation.cache -> /var/www/web5/user/web5_xxx/.vacation.cache
drwxr-xr-x  3 root              root 4096 2007-10-20 21:25 var
drwxr-xr-x 17 web5_xxx web5 4096 2008-01-22 17:30 web


falko 3rd February 2008 19:20

Looks ok, too... :confused:

daveb 3rd February 2008 20:32

Yes I know that feeling too :confused:
I will continue to monitor the server and see what if anything will happen again.
either way, thanks for your time Falko.


All times are GMT +2. The time now is 17:27.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.