Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 11th July 2006, 20:06
mority mority is offline
Junior Member
 
Join Date: Jul 2006
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have pretty much the same problem as oaky.

When I try to send a mail to to a user on a virtual mail domain on the mail server I am getting these error messages in /var/log/mail.log:
Code:
Jul 11 17:53:48 m34sxx postfix/smtpd[9920]: connect from mail.gmx.net[213.165.64.21]
Jul 11 17:53:48 m34sxx postfix/smtpd[9920]: 150843ECCF: client=mail.gmx.net[213.165.64.21]
Jul 11 17:53:48 m34sxx postfix/cleanup[9927]: 150843ECCF: message-id=<44B3E5C7.90208@gmx.net>
Jul 11 17:53:48 m34sxx postfix/qmgr[9746]: 150843ECCF: from=<mo2001@gmx.net>, size=791, nrcpt=1 (queue active)
Jul 11 17:53:48 m34sxx amavis[10048]: DENIED ACCESS from IP 83.151.xx.xx
Jul 11 17:53:48 m34sxx postfix/smtp[9747]: connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial SMTP greeting (port 10024)
Jul 11 17:53:48 m34sxx postfix/smtp[9747]: 150843ECCF: to=<mo@foobar.com>, relay=none, delay=0, status=deferred (connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial SMTP greeting)
Jul 11 17:53:48 m34sxx postfix/smtpd[9920]: disconnect from mail.gmx.net[213.165.64.21]
I would say the line I marked bold is the crucial one. 83.151.xx.xx is the public static IP address of my server running postfix. So there must be something wrong in the amavis config. But what can I do about it? Please let me know if I should post any config files.


I tried to "deactivate" amavis as oaky did like this
Code:
/etc/init.d/amavis stop
but then I get this in /var/log/mail.log:
Code:
Jul 11 18:03:48 m34sxx postfix/smtpd[12454]: connect from mail.gmx.net[213.165.64.21]
Jul 11 18:03:49 m34sxx postfix/smtpd[12454]: 064C23ECD0: client=mail.gmx.net[213.165.64.21]
Jul 11 18:03:49 m34sxx postfix/cleanup[12461]: 064C23ECD0: message-id=<44B3E820.4000109@gmx.net>
Jul 11 18:03:49 m34sxx postfix/qmgr[9746]: 064C23ECD0: from=<mo2001@gmx.net>, size=795, nrcpt=1 (queue active)
Jul 11 18:03:49 m34sxx postfix/smtp[12462]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10024)
Jul 11 18:03:49 m34sxx postfix/smtpd[12454]: disconnect from mail.gmx.net[213.165.64.21]
Jul 11 18:03:49 m34sxx postfix/smtp[12462]: 064C23ECD0: to=<mo@foobar.com>, relay=none, delay=0, status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)
__________________
german kezboards suck!
mo.agrav.org

Last edited by mority; 12th July 2006 at 10:26.
Reply With Quote
Sponsored Links
  #12  
Old 12th July 2006, 14:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

What's in /etc/postfix/main.cf (please strip out the comments)?
What's the output of
Code:
netstat -tap
(when amavisd is running) and
Code:
iptables -L
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #13  
Old 12th July 2006, 14:47
mority mority is offline
Junior Member
 
Join Date: Jul 2006
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Here goes the /etc/postfix/main.cf
Code:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

myhostname = m34sxx.foobar.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = m34s10.foobar.com, localhost, localhost.localdomain
relayhost = 
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
Here is the output of 'netstat -tap':
Code:
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 m34sxx.foobar.com:imaps  *:*                     LISTEN     15619/couriertcpd
tcp        0      0 m34sxx.foobar.com:10024  *:*                     LISTEN     25831/amavisd (mast
tcp        0      0 m34sxx.foobar.com:10025  *:*                     LISTEN     9743/master
tcp        0      0 m34sxx.foobar.com:mysql  *:*                     LISTEN     17778/mysqld
tcp        0      0 m34sxx.foobar.com:imap2  *:*                     LISTEN     10257/couriertcpd
tcp        0      0 m34sxx.foobar.com:sunrpc *:*                     LISTEN     15132/portmap
tcp        0      0 m34sxx.foobar.com:www    *:*                     LISTEN     15818/apache2
tcp        0      0 m34sxx.foobar.com:ssh    *:*                     LISTEN     5203/sshd
tcp        0      0 m34sxx.foobar.com:984    *:*                     LISTEN     15224/famd
tcp        0      0 m34sxx.foobar.com:smtp   *:*                     LISTEN     9743/master
tcp        0      0 m34sxx.foobar.com:https  *:*                     LISTEN     15818/apache2
LISHED29994/sshd: mo [pri
iptables does not give me output because it's a virtual server where I am not allowed to use iptables.
__________________
german kezboards suck!
mo.agrav.org

Last edited by mority; 12th July 2006 at 14:50.
Reply With Quote
  #14  
Old 13th July 2006, 14:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

I found this on the internet: http://www.irbs.net/internet/postfix/0402/2378.html
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #15  
Old 13th July 2006, 16:24
mority mority is offline
Junior Member
 
Join Date: Jul 2006
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the link, falko!

I changed the line
Code:
@inet_acl = qw( 127.0.0.1 );
to
Code:
@inet_acl = qw( 83.151.31.44 );
according to the information from the link. And this seems to me to have fixed amavis. But now I get many error messages about ClamAV failing to scan or something and the mail still does not get delivered

Here is the excerpt from /var/log/mail.log:
Code:
Jul 13 14:17:24 m34s10 postfix/smtpd[6441]: connect from mail.gmx.de[213.165.64.21]
Jul 13 14:17:24 m34s10 postfix/smtpd[6441]: A9F7E3ECD3: client=mail.gmx.de[213.165.64.21]
Jul 13 14:17:24 m34s10 postfix/cleanup[6446]: A9F7E3ECD3: message-id=<44B65614.3060804@gmx.net>
Jul 13 14:17:24 m34s10 postfix/qmgr[5816]: A9F7E3ECD3: from=<mo2001@gmx.net>, size=770, nrcpt=1 (queue active)
Jul 13 14:17:24 m34s10 postfix/smtpd[6441]: disconnect from mail.gmx.de[213.165.64.21]
Jul 13 14:17:24 m34s10 amavis[6333]: (06333-01) Clam Antivirus-clamd FAILED - unknown status: /var/lib/amavis/amavis-20060713T161724-06333/parts: lstat() failed. ERROR\n
Jul 13 14:17:24 m34s10 amavis[6333]: (06333-01) WARN: all primary virus scanners failed, considering backups
Jul 13 14:17:29 m34s10 dccproc[6454]: socket(UDP): Address family not supported by protocol
Jul 13 14:17:29 m34s10 postfix/smtpd[6455]: connect from localhost[127.0.0.1]
Jul 13 14:17:29 m34s10 postfix/smtpd[6455]: 6BE2D3ECD6: client=localhost[127.0.0.1]
Jul 13 14:17:29 m34s10 postfix/cleanup[6446]: 6BE2D3ECD6: message-id=<44B65614.3060804@gmx.net>
Jul 13 14:17:29 m34s10 postfix/qmgr[5816]: 6BE2D3ECD6: from=<mo2001@gmx.net>, size=1229, nrcpt=1 (queue active)
Jul 13 14:17:29 m34s10 postfix/smtpd[6455]: disconnect from localhost[127.0.0.1]
Jul 13 14:17:29 m34s10 amavis[6333]: (06333-01) Passed, <mo2001@gmx.net> -> <mo@eurosprachdienst.com>, Message-ID: <44B65614.3060804@gmx.net>, Hits: 1.177
Jul 13 14:17:29 m34s10 postfix/smtp[6447]: A9F7E3ECD3: to=<mo@eurosprachdienst.com>, relay=127.0.0.1[127.0.0.1], delay=5, status=sent (250 2.6.0 Ok, id=06333-01, from MTA: 250 Ok: queued as 6BE2D3ECD6)
Jul 13 14:17:29 m34s10 postfix/qmgr[5816]: A9F7E3ECD3: removed
Jul 13 14:17:43 m34s10 postfix/virtual[6487]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
Jul 13 14:17:44 m34s10 postfix/master[5813]: warning: process /usr/lib/postfix/virtual pid 6487 exit status 1
Jul 13 14:17:44 m34s10 postfix/master[5813]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
Jul 13 14:18:44 m34s10 postfix/virtual[6592]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
Jul 13 14:18:45 m34s10 postfix/master[5813]: warning: process /usr/lib/postfix/virtual pid 6592 exit status 1
Jul 13 14:18:45 m34s10 postfix/master[5813]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
__________________
german kezboards suck!
mo.agrav.org
Reply With Quote
  #16  
Old 14th July 2006, 12:15
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Originally Posted by mority
Jul 13 14:17:24 m34s10 amavis[6333]: (06333-01) Clam Antivirus-clamd FAILED - unknown status: /var/lib/amavis/amavis-20060713T161724-06333/parts: lstat() failed. ERROR\n
Please check the ClamAV part in amavisd.conf:

Code:
@av_scanners = (

### http://www.clamav.net/
['Clam Antivirus-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# NOTE: run clamd under the same user as amavisd;  match the socket
# name (LocalSocket) in clamav.conf to the socket name in this entry
# When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

);

@av_scanners_backup = (

  ### http://www.clamav.net/
  ['Clam Antivirus - clamscan', 'clamscan',
    "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

);
Maybe also a reboot helps. If not, then this is probably because you have a vserver... But then the backup scanner should still work.


Quote:
Originally Posted by mority
Jul 13 14:17:43 m34s10 postfix/virtual[6487]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
Have a look here: http://www.howtoforge.com/forums/sho...52&postcount=4
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #17  
Old 14th July 2006, 15:47
mority mority is offline
Junior Member
 
Join Date: Jul 2006
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I deleted those "proxy:" strings according to your instructions from the link. Now I get the following in /var/log/mail.log (clamav is still failing in the first place but the backup scanner seems to work now) and the first email got delivered to my own little mail server. Hooray and great thanks to you, falko!

Code:
Jul 14 13:38:21 m34s10 postfix/smtpd[18976]: connect from mail.gmx.net[213.165.64.21]
Jul 14 13:38:22 m34s10 postfix/smtpd[18976]: 1C5BC3EAF5: client=mail.gmx.net[213.165.64.21]
Jul 14 13:38:22 m34s10 postfix/cleanup[18984]: 1C5BC3EAF5: message-id=<44B79E71.7090900@gmx.net>
Jul 14 13:38:22 m34s10 postfix/qmgr[17952]: 1C5BC3EAF5: from=<mo2001@gmx.net>, size=772, nrcpt=1 (queue active)
Jul 14 13:38:22 m34s10 postfix/smtpd[18976]: disconnect from mail.gmx.net[213.165.64.21]
Jul 14 13:38:29 m34s10 amavis[7420]: (07420-05) Clam Antivirus-clamd FAILED - unknown status: /var/lib/amavis/amavis-20060714T153826-07420/parts: lstat() failed. ERROR\n
Jul 14 13:38:29 m34s10 amavis[7420]: (07420-05) WARN: all primary virus scanners failed, considering backups
Jul 14 13:38:43 m34s10 dccproc[19018]: socket(UDP): Address family not supported by protocol
Jul 14 13:38:43 m34s10 postfix/smtpd[19019]: connect from localhost[127.0.0.1]
Jul 14 13:38:43 m34s10 postfix/smtpd[19019]: BF8013ECC8: client=localhost[127.0.0.1]
Jul 14 13:38:43 m34s10 postfix/cleanup[18984]: BF8013ECC8: message-id=<44B79E71.7090900@gmx.net>
Jul 14 13:38:43 m34s10 postfix/qmgr[17952]: BF8013ECC8: from=<mo2001@gmx.net>, size=1231, nrcpt=1 (queue active)
Jul 14 13:38:43 m34s10 postfix/smtpd[19019]: disconnect from localhost[127.0.0.1]
Jul 14 13:38:43 m34s10 postfix/virtual[19022]: BF8013ECC8: to=<mo@eurosprachdienst.com>, relay=virtual, delay=0, status=sent (delivered to maildir)
Jul 14 13:38:43 m34s10 postfix/qmgr[17952]: BF8013ECC8: removed
Jul 14 13:38:43 m34s10 amavis[7420]: (07420-05) Passed, <mo2001@gmx.net> -> <mo@eurosprachdienst.com>, Message-ID: <44B79E71.7090900@gmx.net>, Hits: 0.615
Jul 14 13:38:44 m34s10 postfix/smtp[18985]: 1C5BC3EAF5: to=<mo@eurosprachdienst.com>, relay=127.0.0.1[127.0.0.1], delay=22, status=sent (250 2.6.0 Ok, id=07420-05, from MTA: 250 Ok: queued as BF8013ECC8)
Jul 14 13:38:44 m34s10 postfix/qmgr[17952]: 1C5BC3EAF5: removed
__________________
german kezboards suck!
mo.agrav.org
Reply With Quote
  #18  
Old 15th July 2006, 14:06
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Looks ok (apart from the ClamAV error, but if your backup scanner works, it's ok).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #19  
Old 16th July 2006, 15:12
mority mority is offline
Junior Member
 
Join Date: Jul 2006
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

IMAP and receiving mails is working perfect now, but I still got a problem with sending mail. The authentication at the database does not seem to work here.
Here's a log entry I found in /var/log/auth.log:
Code:
Jul 16 12:54:19 m34s10 postfix/smtpd[8630]: sql_select option missing
Jul 16 12:54:19 m34s10 postfix/smtpd[8630]: auxpropfunc error no mechanism available
Jul 16 12:54:19 m34s10 postfix/smtpd[8630]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
Jul 16 12:54:27 m34s10 saslauthd[5022]: pam_mysql: MySQL err Access denied for user 'mail_admin'@'localhost' (using password: YES)
Jul 16 12:54:27 m34s10 saslauthd[5022]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jul 16 12:54:27 m34s10 saslauthd[5022]: do_auth         : auth failure: [user=mo@agrav.org] [service=smtp] [realm=agrav.org] [mech=pam] [reason=PAM auth error]
Jul 16 12:54:28 m34s10 saslauthd[5024]: pam_mysql: MySQL err Access denied for user 'mail_admin'@'localhost' (using password: YES)
Jul 16 12:54:28 m34s10 saslauthd[5024]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jul 16 12:54:28 m34s10 saslauthd[5024]: do_auth         : auth failure: [user=mo@agrav.org] [service=smtp] [realm=agrav.org] [mech=pam] [reason=PAM auth error]
I double checked the content of /etc/pam.d/smtp. It is definitely the right database user and password in there. I also tried to put the password in double quotes since I use special characters in it but I keep getting thos Authentication error messages for MySQL in auth.log. Do you have any idea to this issue, too?
__________________
german kezboards suck!
mo.agrav.org
Reply With Quote
  #20  
Old 17th July 2006, 15:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
 
Default

Does /etc/pam.d/smtp look like this?
Code:
auth    required   pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
Please use a password without special characters for now.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota... killfrog HOWTO-Related Questions 3 25th September 2009 21:45
Problems with groups/grpconv linuxfast General 28 21st April 2008 09:35
Problems with postfix vervem Installation/Configuration 5 27th March 2008 19:40
Removed PostFix, Now MySql Problems!!! sapient Installation/Configuration 10 24th October 2005 07:11
postfix problems. jernis Installation/Configuration 2 16th September 2005 21:14


All times are GMT +2. The time now is 18:05.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.