HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   SMTP-server seams tob e down within Postfix (http://www.howtoforge.com/forums/showthread.php?t=2701)

Hans 23rd February 2006 09:50

SMTP-server seams tob e down within Postfix
 
My Debian server is located in a datacenter and the system ports for smtp, ssh, ftp, pop3, http are monitored.
When one of these processes is down, I will receive a sms on my mobile phone.
According my ISPConfig hosting-controlpanel everything is functioning fine.
And I do not have any problems with any of the running processes but …
everytime I receive a message from datacenter that my smtp is down.
Two minutes later or so, I receive a sms again that all running processes are running and that my server is fine. This happens again and again.

I have contacted the company in the datacenter, and they told me that when my smtp-server is not showing the initial greeting within 20 seconds, the monitoring system thinks that my smtp-server is down.

I think it has something to do with a setting within Postfix, I had a look at this problem, but it is not clear to me why this problem occurs.

Can anyone give me advise?

I would be very grateful.

till 23rd February 2006 12:49

If you connect to your server with telnet on localhost, how much time does it take if you get the server greeting?

Another possibility might be that your postfix tries to resolve the domain of the monitoring serveice and thsi fails or took longer then 20 seconds.

Hans 23rd February 2006 14:21

Quote:

Originally Posted by till
If you connect to your server with telnet on localhost, how much time does it take if you get the server greeting?

Another possibility might be that your postfix tries to resolve the domain of the monitoring serveice and thsi fails or took longer then 20 seconds.

Till,
I have setup a telnet connection.
It took 28 seconds to establish the connection,
which is 8 seconds more then the 20 seconds i mentioned before.

Hans

Hans 23rd February 2006 14:30

Till,
I have setup a telnet connection.
It took 28 seconds to establish the connection,
which is 8 seconds more then the 20 seconds i mentioned before.

To be more precise:

It took me 28 sec. to reach my server from my pc at home to the server in the datacenter.
THe command i used was: telnet <ip-address> 25

On my server itself, it took almost no time.
I used the command: telnet localhost 25

Hans

falko 23rd February 2006 16:34

Anything in the mail log?

Hans 23rd February 2006 19:41

logfile
 
Quote:

Originally Posted by falko
Anything in the mail log?

Falko,

The lines below is a copy of small piece of my /var/log/mail.log file.
As you can see, the first two lines there is a normal behaviour (connect/disconnect).
The next lines look strange to me, but i do not know why this accurs.
I hope you can help me.

Hans

---
Feb 23 07:15:58 server1 postfix/smtpd[4227]: connect from sms-monitor.transip.nl[80.69.67.10]
Feb 23 07:15:58 server1 postfix/smtpd[4227]: disconnect from sms-monitor.transip.nl[80.69.67.10]
Feb 23 07:17:55 server1 courierpop3login: Connection, ip=[::ffff:80.69.67.10]
Feb 23 07:17:55 server1 postfix/smtpd[4269]: unable to get certificate from '/etc/postfix/ssl/smtpd.crt'
Feb 23 07:17:55 server1 postfix/smtpd[4269]: 4269:error:02001002:system library:fopen:No such file or directory:bss_file.c:2$
Feb 23 07:17:55 server1 postfix/smtpd[4269]: 4269:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
Feb 23 07:17:55 server1 postfix/smtpd[4269]: 4269:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:$
Feb 23 07:17:55 server1 postfix/smtpd[4269]: TLS engine: cannot load RSA cert/key data
Feb 23 07:17:55 server1 postfix/smtpd[4269]: connect from sms-monitor.transip.nl[80.69.67.10]
Feb 23 07:17:55 server1 postfix/smtpd[4269]: disconnect from sms-monitor.transip.nl[80.69.67.10]
---

till 23rd February 2006 20:07

I guess the SSL certificates in your postfix configuration where missing. Are there any certificates in /etc/postfix/ssl/

Hans 23rd February 2006 20:33

directory contents
 
Quote:

Originally Posted by till
I guess the SSL certificates in your postfix configuration where missing. Are there any certificates in /etc/postfix/ssl/

Till,

hereby i send you the directory contents of /etc/postfix/ssl
server1:/etc/postfix/ssl# dir
cacert.pem cakey.pem smtpd.csr smtpd.key


Is this ok or do i miss smtpd.crt ? If so, how can i correct the problem?

Hans:confused:

falko 23rd February 2006 22:44

Quote:

Originally Posted by Hans
If so, how can i correct the problem?

Hans:confused:

Run these commands:

Code:

cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Then restart Postfix.

Hans 24th February 2006 10:39

Quote:

Originally Posted by falko
Run these commands:

Code:

cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Then restart Postfix.

Falko,
Thank you so much!
It seems to be working now.

Hans


All times are GMT +2. The time now is 06:32.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.