Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 30th January 2008, 14:58
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
Default postfix bounced email question

I had a email that was bounced yesterday that I have a question about. my mail.log is missing several hours before the email and starts back up right after the email started getting bounced. mail.info and syslog still have log info but mail.log is missing several hours.
from syslog I found this
Code:
Jan 29 03:39:16 server postfix/smtpd[14727]: connect from some.domain.com[75.x.x.x]
Jan 29 03:39:16 server postfix/smtpd[14727]: setting up TLS connection from some.domain.com[75.x.x.x]
Jan 29 03:39:16 server postfix/smtpd[14727]: TLS connection established from some.domain.com[75.x.x.x]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jan 29 03:39:17 server postfix/policy-spf[14734]: handler sender_policy_framework: is decisive.
Jan 29 03:39:17 server postfix/policy-spf[14734]: : Policy action=PREPEND Received-SPF: none (some.domain.com: No applicable sender policy available) receiver=server.server.com; identity=mfrom; envelope-from="nobody@some.domain.com"; helo=some.domain.com; client-ip=75.x.x.x
Jan 29 03:39:18 server postfix/smtpd[14727]: 57B494CC15E: client=some.domain.com[75.x.x.x]
Jan 29 03:39:18 server postfix/cleanup[14735]: 57B494CC15E: message-id=<E1JJm02-0002dc-CB@some.domain.com>
Jan 29 03:39:18 server postfix/qmgr[11372]: 57B494CC15E: from=<nobody@some.domain.com>, size=8036, nrcpt=1 (queue active)
Jan 29 03:39:18 server postfix/smtpd[14727]: disconnect from some.domain.com[75.x.x.x]
Jan 29 03:39:18 server postfix/pickup[14443]: A1B1C4CC2D9: uid=10006 from=<customer5_guruweb>
Jan 29 03:39:18 server postfix/cleanup[14735]: A1B1C4CC2D9: message-id=<20080129093918.A1B1C4CC2D9@server.server.com>
Jan 29 03:39:18 server postfix/qmgr[11372]: A1B1C4CC2D9: from=<web5_xxxx@server.com>, size=413, nrcpt=1 (queue active)
Jan 29 03:39:18 server postfix/local[14753]: A1B1C4CC2D9: to=<admispconfig@localhost.localdomain>, relay=local, delay=0.3, delays=0.1/0.01/0/0.19, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
Jan 29 03:39:18 server postfix/qmgr[11372]: A1B1C4CC2D9: removed
Jan 29 03:39:24 server postfix/local[14736]: 57B494CC15E: to=<web5_xxxx@server.com>, orig_to=<webmaster@server.com>, relay=local, delay=7.5, delays=1.8/0.01/0/5.7, dsn=5.3.0, status=bounced (Command died with signal 6: "/usr/bin/procmail -f-")
Jan 29 03:39:24 server postfix/cleanup[14735]: 3B4264CC2D9: message-id=<20080129093924.3B4264CC2D9@server.server.com>
Jan 29 03:39:24 server postfix/qmgr[11372]: 3B4264CC2D9: from=<>, size=9965, nrcpt=1 (queue active)
Jan 29 03:39:24 server postfix/bounce[14774]: 57B494CC15E: sender non-delivery notification: 3B4264CC2D9
Jan 29 03:39:24 server postfix/qmgr[11372]: 57B494CC15E: removed
Jan 29 03:39:26 server postfix/smtp[14775]: certificate verification failed for some.domain.com: num=18:self signed certificate
Jan 29 03:40:17 server postfix/smtp[14775]: 3B4264CC2D9: to=<nobody@some.domain.com>, relay=some.domain.com[75.x.x.x]:25, delay=53, delays=0.01/0.02/2.5/51, dsn=4.0.0, status=deferred (host some.domain.com[75.x.x.x] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
Jan 29 03:42:38 server postfix/anvil[14731]: statistics: max connection rate 1/60s for (smtp:75.x.x.x) at Jan 29 03:39:16
Jan 29 03:42:38 server postfix/anvil[14731]: statistics: max connection count 1 for (smtp:75.x.x.x) at Jan 29 03:39:16
Jan 29 03:42:38 server postfix/anvil[14731]: statistics: max cache size 1 at Jan 29 03:39:16

Jan 29 04:09:02 server postfix/qmgr[11372]: 3B4264CC2D9: from=<>, size=9965, nrcpt=1 (queue active)
Jan 29 04:09:04 server postfix/smtp[15289]: certificate verification failed for some.domain.com: num=18:self signed certificate
Jan 29 04:09:55 server postfix/smtp[15289]: 3B4264CC2D9: to=<nobody@some.domain.com>, relay=some.domain.com[75.x.x.x]:25, delay=1831, delays=1778/0.02/2.4/51, dsn=4.0.0, status=deferred (host some.domain.com[75.x.x.x] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
what could cause this error? and foremost what could cause my mail.log to be missing several hours while this took place?
Code:
Jan 29 03:39:24 server postfix/local[14736]: 57B494CC15E: to=<web5_xxxx@server.com>, orig_to=<webmaster@server.com>, relay=local, delay=7.5, delays=1.8/0.01/0/5.7, dsn=5.3.0, status=bounced (Command died with signal 6: "/usr/bin/procmail -f-")
Reply With Quote
Sponsored Links
  #2  
Old 31st January 2008, 20:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Does
Code:
/usr/bin/procmail -v
show any errors?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 31st January 2008, 21:23
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
Default

Nope
Code:
srv02:/# /usr/bin/procmail -v
procmail v3.22 2001/09/10
    Copyright (c) 1990-2001, Stephen R. van den Berg    <srb@cuci.nl>
    Copyright (c) 1997-2001, Philip A. Guenther         <guenther@sendmail.com>

Submit questions/answers to the procmail-related mailinglist by sending to:
        <procmail-users@procmail.org>

And of course, subscription and information requests for this list to:
        <procmail-users-request@procmail.org>

Locking strategies:     dotlocking, fcntl()
Default rcfile:         $HOME/.procmailrc
        It may be writable by your primary group
Your system mailbox:    /var/mail/root
Reply With Quote
  #4  
Old 1st February 2008, 17:08
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

What's the output of
Code:
ls -la
in web5_xxxx's homedir? Maybe some permissions are wrong...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 2nd February 2008, 01:35
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
Default

I checked permissions already and they looked right so I don't believe their wrong. besides after that I also updated the user so that permissions or files would be replaced to check and make myself feal better haha I have been known to make mistakes. but here you can take a look.
Code:
ls -la web5_xxx
total 124
drwxr-xr-x 5 web5_xxx      web5  4096 2008-01-30 05:59 .
drwxr-xr-x 3 web5_xxx      web5  4096 2007-10-20 21:25 ..
-rw-r--r-- 1 root              root   189 2008-01-30 05:59 .antivirus.rc
-rw-r--r-- 1 root              root   804 2008-01-30 05:59 .autoresponder.rc
-rw-r--r-- 1 root              root 69149 2008-01-30 05:59 .html-trap.rc
-rw-r--r-- 1 root              root  3889 2008-01-30 05:59 .local-rules.rc
drwx------ 9 web5_xxx     web5  4096 2007-11-09 16:45 Maildir
-rw-r--r-- 1 root              root   204 2008-01-30 05:59 .mailsize.rc
-rw-r--r-- 1 root              root   656 2008-01-30 05:59 .quota.rc
drwx------ 2 web5_xxx     web5  4096 2008-01-29 03:39 .spamassassin
-rw-r--r-- 1 root              root  1236 2008-01-30 05:59 .spamassassin.rc
-rw-r--r-- 1 root              root  2039 2008-01-30 05:59 .user_prefs
-rw-r--r-- 1 root              root    32 2008-01-30 05:59 .vacation.msg
drwxrwxr-x 2 web5_xxx      web5  4096 2007-10-20 21:25 web
Thanks for taking the time to toss ideas at me falko. I put this server together back in October and never gave a lick of problems tell this fluk and hasn't since. everything seems to look right to myself and rkhunter, chrootkit, and clamav don't produce any negative results. I will continue to monitor the situation and ask if anything else seems to pop up. If you have any other ideas please feel free to toss them my way
Reply With Quote
  #6  
Old 2nd February 2008, 20:22
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

What's the output of
Code:
ls -la /var/www/web5
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 2nd February 2008, 20:30
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
Default

Code:
srv02:/# ls -la /var/www/web5
total 68
drwxr-xr-x 14 web5_xxx web5 4096 2008-01-30 05:59 .
drwxr-xr-x 13 root              root 4096 2007-10-20 21:30 ..
drwxr-xr-x  2 root              root 4096 2007-10-20 21:25 bin
drwxr-xr-x  2 web5_xxx web5 4096 2007-10-20 21:24 cgi-bin
drwxr-xr-x  2 root              root 4096 2007-10-20 21:25 dev
drwxr-xr-x  4 root              root 4096 2007-10-20 21:25 etc
-rw-------  1 web5_xxx web5   24 2008-01-30 05:59 .forward
-rw-rw-r--  1 root              web5   53 2008-02-02 04:00 .htpasswd
drwxr-xr-x  4 root              root 4096 2007-10-20 21:25 lib
drwxr-xr-x  4 web5_xxx web5 4096 2008-02-02 00:30 log
lrwxrwxrwx  1 root              root   44 2008-01-30 05:59 Maildir -> /var/www/web5/user/web5_xxx/Maildir
drwxrwxrwx  2 web5_xxx web5 4096 2007-10-20 21:24 phptmp
-rw-r--r--  1 root              root  494 2008-01-30 05:59 .procmailrc
lrwxrwxrwx  1 root              root   51 2008-01-30 05:59 .spamassassin -> /var/www/web5/user/web5_xxx/.spamassassin/
drwxr-xr-x  2 web5_xxx web5 4096 2007-10-20 21:24 ssl
drwxr-xr-x  3 web5_xxx web5 4096 2007-10-20 21:25 user
drwxr-xr-x  4 root              root 4096 2007-10-20 21:25 usr
lrwxrwxrwx  1 root              root   52 2008-01-30 05:59 .vacation.cache -> /var/www/web5/user/web5_xxx/.vacation.cache
drwxr-xr-x  3 root              root 4096 2007-10-20 21:25 var
drwxr-xr-x 17 web5_xxx web5 4096 2008-01-22 17:30 web
Reply With Quote
  #8  
Old 3rd February 2008, 20:20
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Looks ok, too...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 3rd February 2008, 21:32
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
 
Default

Yes I know that feeling too
I will continue to monitor the server and see what if anything will happen again.
either way, thanks for your time Falko.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix Email Delivery Problem sedat1903 HOWTO-Related Questions 2 22nd December 2008 12:19
how to configure postfix to send email out for a hosted domain nox171 Server Operation 24 13th July 2007 12:48
postfix email problem Andee63 Installation/Configuration 10 27th March 2007 18:09
Postfix not honoring email aliases for local delivery rneilson Installation/Configuration 24 22nd March 2007 12:12
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 16:47


All times are GMT +2. The time now is 09:49.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.