#1  
Old 18th May 2013, 21:40
JESUSSAVES JESUSSAVES is offline
Member
 
Join Date: Sep 2011
Location: U.S.
Posts: 78
Thanks: 10
Thanked 5 Times in 4 Posts
Default mail stopped working

Hi,

I've a Squeeze Perfect Server installation with Bind Dovecot and Apache2.
After the above installation I installed Roundcube and everything was working fine.

I installed a secure certificate recently with StartSSL using that how-to.

It seems my own mail is no longer working, nor is anyone elses.

I've noticed that under Monitor I do have several requests in the mail queue for the last several days only.

There is nothing in mail.err log.

Every hour root gets mail from cron saying ispconfig/server/server.sh with a warning: "There is no public key available for the following key id: xxxxx"

I actual have a directory that's gone missing, where I keep my individual daily database backups. Not sure how that happened. I'm the only one with root password, but I haven't changed the password for a while.

I would like to get mail working again but not sure where to look.

Any help would be greatly appreciated.

Thank you.
Reply With Quote
Sponsored Links
  #2  
Old 20th May 2013, 15:24
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,082
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

Please take a look into the mail.log file in /var/log/ folder and post the errors that you get there. Most likely a wrong or no key file is installed for the ssl cert in postfix and /or dovecot.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 20th May 2013, 17:27
JESUSSAVES JESUSSAVES is offline
Member
 
Join Date: Sep 2011
Location: U.S.
Posts: 78
Thanks: 10
Thanked 5 Times in 4 Posts
Default mail.log errors

Till, thank you for your help.

I created a mail account for a site that had none. Then sent from my Outlook account an email to it. Also I signed into the new account in Roundcube an saw my welcome message. I sent an email to my outlook account from Roundcube. That was at 10:55 and 10:56 respectively.

Since then the mail.log has been ablaze with activity about my email attempts.
So far the mail has not been delivered in either direction.

Also under /var/mail/ the expected new user record was not created, webnn.

Also I did a netstat -tapn and dovecot is listed but not postfix.

Here is the output from mail.log, but I don't see "errors".
Code:
May 20 11:00:01 ns01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:00:01 ns01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:00:01 ns01 postfix/smtpd[21174]: connect from localhost.localdomain[127.0.0.1]
May 20 11:00:01 ns01 postfix/smtpd[21174]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
May 20 11:00:01 ns01 postfix/smtpd[21174]: disconnect from localhost.localdomain[127.0.0.1]
May 20 11:00:03 ns01 postfix/pickup[19522]: 3597B140086: uid=0 from=<root>
May 20 11:00:03 ns01 postfix/cleanup[21209]: 3597B140086: message-id=<20130520150003.3597B140086@ns01.delcowebhosting.com>
May 20 11:00:03 ns01 postfix/qmgr[2270]: 3597B140086: from=<root@ns01.delcowebhosting.com>, size=668, nrcpt=1 (queue active)
May 20 11:00:03 ns01 postfix/smtpd[21214]: connect from localhost.localdomain[127.0.0.1]
May 20 11:00:03 ns01 postfix/smtpd[21214]: AAE95140084: client=localhost.localdomain[127.0.0.1]
May 20 11:00:03 ns01 postfix/cleanup[21209]: AAE95140084: message-id=<20130520150003.3597B140086@ns01.delcowebhosting.com>
May 20 11:00:03 ns01 postfix/qmgr[2270]: AAE95140084: from=<root@ns01.delcowebhosting.com>, size=1179, nrcpt=1 (queue active)
May 20 11:00:03 ns01 postfix/smtpd[21214]: disconnect from localhost.localdomain[127.0.0.1]
May 20 11:00:03 ns01 amavis[30509]: (30509-07) Passed CLEAN, <root@ns01.delcowebhosting.com> -> <root@ns01.delcowebhosting.com>, Message-ID: <20130520150003.3597B140086@ns01.delcowebhosting.com>, mail_id: sw82TKn3JRmX, Hits: -0.001, size: 668, queued_as: AAE95140084, 485 ms
May 20 11:00:03 ns01 postfix/smtp[21211]: 3597B140086: to=<root@ns01.delcowebhosting.com>, orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.57, delays=0.08/0/0/0.49, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=30509-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AAE95140084)
May 20 11:00:03 ns01 postfix/qmgr[2270]: 3597B140086: removed
May 20 11:00:03 ns01 postfix/local[21215]: AAE95140084: to=<administrator@ns01.delcowebhosting.com>, orig_to=<root@ns01.delcowebhosting.com>, relay=local, delay=0.08, delays=0.04/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")
May 20 11:00:03 ns01 postfix/qmgr[2270]: AAE95140084: removed
May 20 11:00:12 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:00:12 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
May 20 11:01:12 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:01:12 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
May 20 11:02:12 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:02:12 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
May 20 11:03:12 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:03:12 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
May 20 11:04:12 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:04:12 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
May 20 11:05:01 ns01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:05:01 ns01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:05:01 ns01 postfix/smtpd[21287]: connect from localhost.localdomain[127.0.0.1]
May 20 11:05:01 ns01 postfix/smtpd[21287]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
May 20 11:05:01 ns01 postfix/smtpd[21287]: disconnect from localhost.localdomain[127.0.0.1]
May 20 11:05:12 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:05:12 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
May 20 11:06:12 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:06:12 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
May 20 11:07:12 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:07:12 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
May 20 11:08:12 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:08:12 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
May 20 11:09:13 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:09:13 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
May 20 11:10:01 ns01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:10:01 ns01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:10:01 ns01 postfix/smtpd[21387]: connect from localhost.localdomain[127.0.0.1]
May 20 11:10:01 ns01 postfix/smtpd[21387]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
May 20 11:10:01 ns01 postfix/smtpd[21387]: disconnect from localhost.localdomain[127.0.0.1]
May 20 11:10:07 ns01 postfix/master[2263]: terminating on signal 15
May 20 11:10:08 ns01 postfix/master[21509]: daemon started -- version 2.7.1, configuration /etc/postfix
May 20 11:10:12 ns01 dovecot: imap-login: Login: user=<info@lightningflatscreenmounting.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 20 11:10:12 ns01 dovecot: IMAP(info@lightningflatscreenmounting.com): Disconnected: Logged out bytes=166/1251
Reply With Quote
  #4  
Old 21st May 2013, 10:06
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,082
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

The welcome message indicates that the local mailsystem is working correctly. To test if its a local issue or a remote issue, please login to roundcube, then send a email to the same address that you used for the roundcube login. It should be visible in the inbox within 1-2 minutes.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 21st May 2013, 13:59
JESUSSAVES JESUSSAVES is offline
Member
 
Join Date: Sep 2011
Location: U.S.
Posts: 78
Thanks: 10
Thanked 5 Times in 4 Posts
Default local test results

Till, thank you again for your response and help.

Yes, you are right the mail was delivered to the same account that sent it in less than 1 minute.

I'm quite sure that my system has been hacked and I'm wondering if fail2ban is working properly. I remember, it may have been when I was running Fedora not sure, but I used to get messages to root mail all day long about IP addresses being banned. I don't get them anymore. I'm wondering if fail2ban is working properly? I've copied the log from Monitor and pasted it below.

Code:
Data from: 2013-05-21 11:45
2013-05-19 06:25:06,756 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2013-05-19 06:25:06,941 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
2013-05-19 06:25:07,780 fail2ban.filter : INFO Log rotation detected for /var/log/mail.log
2013-05-19 06:25:07,942 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
2013-05-19 06:25:08,075 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log
2013-05-19 06:26:02,126 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log
2013-05-19 06:26:05,837 fail2ban.filter : INFO Log rotation detected for /var/log/mail.log
2013-05-19 06:51:52,500 fail2ban.actions: WARNING [ssh] Ban 61.156.238.56
2013-05-19 07:01:53,164 fail2ban.actions: WARNING [ssh] Unban 61.156.238.56
2013-05-19 19:35:48,397 fail2ban.actions: WARNING [ssh] Ban 114.80.202.30
2013-05-19 19:45:49,062 fail2ban.actions: WARNING [ssh] Unban 114.80.202.30
2013-05-19 21:53:11,384 fail2ban.actions: WARNING [ssh] Ban 210.6.26.45
2013-05-19 22:03:12,050 fail2ban.actions: WARNING [ssh] Unban 210.6.26.45
2013-05-20 06:25:06,061 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
2013-05-20 08:46:45,089 fail2ban.actions: WARNING [ssh] Ban 31.3.245.178
2013-05-20 08:56:45,751 fail2ban.actions: WARNING [ssh] Unban 31.3.245.178
2013-05-20 10:52:42,341 fail2ban.actions: WARNING [ssh] Ban 61.35.191.245
2013-05-20 11:02:43,002 fail2ban.actions: WARNING [ssh] Unban 61.35.191.245
2013-05-20 17:04:08,649 fail2ban.actions: WARNING [ssh] Ban 61.35.191.245
2013-05-20 17:14:09,314 fail2ban.actions: WARNING [ssh] Unban 61.35.191.245
2013-05-21 01:58:28,699 fail2ban.actions: WARNING [ssh] Ban 103.3.79.83
2013-05-21 02:08:29,362 fail2ban.actions: WARNING [ssh] Unban 103.3.79.83
2013-05-21 06:25:05,813 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
Reply With Quote
  #6  
Old 21st May 2013, 14:07
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,082
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

Quote:
Yes, you are right the mail was delivered to the same account that sent it in less than 1 minute.
Ok, thats good.

So the eror might be one of the following problems:

- Your server blocks external mail connections:

Please post the output of:

iptables -L

and

netstat -tap

- Your internet access provider which provides the internet connection to yourserver blocks port 25 or there is a router between the server and the internet whcih blocks port 25.
- There is a dns problem, e.g. the MX record does not point to the server. Test the dns record(s) of the domain with e.g. intodns:

http://www.intodns.com/

Quote:
I'm quite sure that my system has been hacked and I'm wondering if fail2ban is working properly.
The Ban / Unban messages indicate that fail2ban is working correctly, at least for SSH.

If you wnat to test it for other services you will have to use e.g. a mail client (not webmail) or a external FTP client and enter a wrong password more then 5 times.

If you think that the system has been hacked, then you should check it with rkhunter:

rkhunter --update

and then

rkhunter -c

The most important part is if there are any rootkits found. In the first part which checks the binaries you will most likely see some false positives.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPconfig 3.0.3.2 postfix not relaying outgoing attachments mychoice2009 Installation/Configuration 3 13th April 2011 17:42
ISPconfig 3 some users cannot send email to outside Rockblade Installation/Configuration 7 29th April 2010 01:40
Why did Squirrelmail, Dovecot/IMAP & Outbound mail break? websissy Technical 4 29th October 2009 22:39
Postfix + postfixadmin = SMTP errors... Rashef Server Operation 4 25th June 2009 16:12
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39


All times are GMT +2. The time now is 18:23.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.