HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Mail Warn-Log Error (http://www.howtoforge.com/forums/showthread.php?t=49569)

linus3x 21st October 2010 05:52

Mail Warn-Log Error
 
I was going through my log files finishing up a new installation of ISPConfig 3.03 when I discovered this one showing up in my Mail Warn-Log every time I rebooted the server:

linux spamd[2125]: dns: sendto() failed: Operation not permitted at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 395.

I looked at other posts in the forum and discovered that others have had this problem and the recommended solution was to run through this tutorial:

http://www.faqforge.com/linux/contro...k-connections/

I did that. I verified that fail2ban is no longer writing to iptables. I turned back on the firewall and rebooted.

Same error message.

Since fail2ban is not the culprit, is there a conflict between SpamAssassin and ISPConfig's firewall?

till 21st October 2010 12:31

Quote:

Since fail2ban is not the culprit, is there a conflict between SpamAssassin and ISPConfig's firewall?
Thats very unlikely as the ispconfig firewall does not contain any rules for outgoing traffic.

Most likely the system can not reach one or all nameservers that is defined in /etc/resolv.conf. Please check that all nameservers that are listed there are reachable and working. Do not use 127.0.0.1 as nameserver when you have mydns installed. Use external nameservers in that case. With bind you can use 127.0.0.1 as nameserver.

linus3x 21st October 2010 17:00

Well, if it has something to do with DNS & name servers then I'll have to postpone troubleshooting for now - this is a development box sitting on an internal network behind a firewall and the name server records are still fake at this point. In other words, there's no "glue record" out in the real world, no actual registration record pointing back to this 192.168.x.x IP address.

I'll write a note to revisit this thread once we move to production just in case anyone else is encountering this problem.

linus3x 9th November 2010 02:25

Quick followup: I installed ISPConfig 3 on the production server. It's been up for about a week and I haven't seen the "dns: sendto() failed" error on that box at all so I suspect this was a development box/name server issue - just like till said.

BTW - the errors I saw when ISPConfig's firewall and fail2ban were both writing to iptables looked like this:

Code:

2010-11-02 22:24:33,124 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-ssh returned 100
2010-11-02 22:24:33,124 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment

Configuring fail2ban to use ip route instead of iptables fixed those errors right up.


All times are GMT +2. The time now is 13:32.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.