Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th June 2008, 22:54
rdtech rdtech is offline
Member
 
Join Date: Mar 2008
Posts: 74
Thanks: 0
Thanked 0 Times in 0 Posts
Default EMAIL not working

I get this error message:

Reporting-MTA: dns; linuxserver.rdtech-online.com
X-Postfix-Queue-ID: 6913730EDD5
X-Postfix-Sender: rfc822; paul@spstaffing.com
Arrival-Date: Fri, 6 Jun 2008 12:32:18 -0700 (PDT)

Final-Recipient: rfc822; webmaster@linuxserver.rdtech-online.com
Original-Recipient: rfc822;webmaster@rdtech-online.com
Action: failed
Status: 5.4.4
Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error
for name=linuxserver.rdtech-online.com type=AAAA: Host not found


It was setup using the perfect setup for suse 10.3
Domain and everything tested fine. (using ispconfig and godaddy setup)

My other problem is that when I go to the domain name, it doesn't work (http://rdtech-online.com) but when I use www.rdtech-online.com, then it works. What could be the problem?
Reply With Quote
Sponsored Links
  #2  
Old 7th June 2008, 13:07
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Quote:
Originally Posted by rdtech View Post
I get this error message:

Reporting-MTA: dns; linuxserver.rdtech-online.com
X-Postfix-Queue-ID: 6913730EDD5
X-Postfix-Sender: rfc822; paul@spstaffing.com
Arrival-Date: Fri, 6 Jun 2008 12:32:18 -0700 (PDT)

Final-Recipient: rfc822; webmaster@linuxserver.rdtech-online.com
Original-Recipient: rfc822;webmaster@rdtech-online.com
Action: failed
Status: 5.4.4
Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error
for name=linuxserver.rdtech-online.com type=AAAA: Host not found


It was setup using the perfect setup for suse 10.3
Domain and everything tested fine. (using ispconfig and godaddy setup)
Please create an A record for linuxserver.rdtech-online.com:
Code:
mh1:~# dig linuxserver.rdtech-online.com

; <<>> DiG 9.3.4 <<>> linuxserver.rdtech-online.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14451
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;linuxserver.rdtech-online.com. IN      A

;; AUTHORITY SECTION:
rdtech-online.com.      3600    IN      SOA     ns1.syncrohost.com. paulsvang.hotmail.com. 2008060505 28800 7200 604800 86400

;; Query time: 456 msec
;; SERVER: 145.253.2.75#53(145.253.2.75)
;; WHEN: Sat Jun  7 12:06:18 2008
;; MSG SIZE  rcvd: 116

mh1:~#
Quote:
Originally Posted by rdtech View Post
My other problem is that when I go to the domain name, it doesn't work (http://rdtech-online.com) but when I use www.rdtech-online.com, then it works. What could be the problem?
Both are working fine for me.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 7th June 2008, 19:06
rdtech rdtech is offline
Member
 
Join Date: Mar 2008
Posts: 74
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Falko,

I appreciate the help. I'll try that out to see if it works. Both sites are working for me now(If shows the html IP Shared address page if I run the page from the server but from another computer, it works).

Domain is working. I'll test the email stuff again.

Thanks,

Paul

Last edited by rdtech; 7th June 2008 at 19:14.
Reply With Quote
  #4  
Old 7th June 2008, 19:32
rdtech rdtech is offline
Member
 
Join Date: Mar 2008
Posts: 74
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Okay so I've added an A record for linuxserver.rdtech-online.com in ISPCONFIG under DNS

Now heres the problem I'm getting. I'm sending the email from another computer with a different static IP. My server is on another static IP. Its saying that its looping back.

ERROR MESSAGE:

Reporting-MTA: dns; linuxserver.rdtech-online.com
X-Postfix-Queue-ID: 37FC030EE0C
X-Postfix-Sender: rfc822; paulsvang@hotmail.com
Arrival-Date: Sat, 7 Jun 2008 09:23:24 -0700 (PDT)

Final-Recipient: rfc822; webmaster@linuxserver.rdtech-online.com
Original-Recipient: rfc822;webmaster@rdtech-online.com
Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail for linuxserver.rdtech-online.com loops back
to myself
Reply With Quote
  #5  
Old 8th June 2008, 13:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Add linuxserver.rdtech-online.com to the bottom of /etc/postfix/local-host-names and restart Postfix.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 8th June 2008, 19:27
rdtech rdtech is offline
Member
 
Join Date: Mar 2008
Posts: 74
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'll try that right now. Let me see if it will work.
Reply With Quote
  #7  
Old 8th June 2008, 19:55
rdtech rdtech is offline
Member
 
Join Date: Mar 2008
Posts: 74
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Okay. It was added and I've tried it but ended with no results. Email got sent out and nothing came back. In Webmail, I didnt receive any thing. So I tried it reversed. I got into webmail and sent myselft something. It seems that that mail is lost somewhere. Weird.

What might be causing this?

Please advise
Reply With Quote
  #8  
Old 9th June 2008, 13:20
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

What's in your mail log now?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 10th June 2008, 06:24
rdtech rdtech is offline
Member
 
Join Date: Mar 2008
Posts: 74
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I think this is it (/var/log/mail) Is this the right location? I've just tried to send it to myself again and so I copied and paste the lower section of the mail log.





Jun 9 20:23:43 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:23:43 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:23:43 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:23:57 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:23:57 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:23:57 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:24:00 linuxserver postfix/smtpd[3597]: connect from bay0-omc3-s38.bay0.hotmail.com[65.54.246.238]
Jun 9 20:24:00 linuxserver postfix/smtpd[3597]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead
Jun 9 20:24:00 linuxserver postfix/smtpd[3597]: 9A8CF30ED6A: client=bay0-omc3-s38.bay0.hotmail.com[65.54.246.238]
Jun 9 20:24:00 linuxserver postfix/cleanup[3600]: 9A8CF30ED6A: message-id=<BAY123-DAV444795D61BA8DEBC40D5AAAB30@phx.gbl>
Jun 9 20:24:00 linuxserver postfix/cleanup[3600]: 9A8CF30ED6A: message-id=<004c01c8caa8$c947c6e0$5bd754a0$@com>
Jun 9 20:24:00 linuxserver postfix/qmgr[17252]: 9A8CF30ED6A: from=<paulsvang@hotmail.com>, size=3723, nrcpt=1 (queue active)
Jun 9 20:24:00 linuxserver postfix/local[3601]: 9A8CF30ED6A: to=<root@linuxserver.rdtech-online.com>, orig_to=<webmaster@rdtech-online.com>, relay=local, delay=0.16, delays=0.12/0/0/0.04, dsn=2.0.0, status=sent (delivered to mailbox)
Jun 9 20:24:00 linuxserver postfix/qmgr[17252]: 9A8CF30ED6A: removed
Jun 9 20:24:00 linuxserver postfix/smtpd[3597]: disconnect from bay0-omc3-s38.bay0.hotmail.com[65.54.246.238]
Jun 9 20:24:04 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:24:04 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:24:04 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:22 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:22 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:22 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:23 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:23 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:23 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:23 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:23 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:23 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:27 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:27 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:28 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=1
Jun 9 20:25:28 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:28 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:28 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:28 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:28 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:29 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=1
Jun 9 20:25:29 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:29 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:29 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:31 linuxserver postfix/smtpd[3597]: connect from bay0-omc2-s24.bay0.hotmail.com[65.54.246.160]
Jun 9 20:25:31 linuxserver postfix/smtpd[3597]: 300C430ED6A: client=bay0-omc2-s24.bay0.hotmail.com[65.54.246.160]
Jun 9 20:25:31 linuxserver postfix/cleanup[3600]: 300C430ED6A: message-id=<BAY123-DAV2C8CA33A4886413BC010AAAB30@phx.gbl>
Jun 9 20:25:31 linuxserver postfix/cleanup[3600]: 300C430ED6A: message-id=<005601c8caa8$fd7fd970$f87f8c50$@com>
Jun 9 20:25:31 linuxserver postfix/qmgr[17252]: 300C430ED6A: from=<paulsvang@hotmail.com>, size=3736, nrcpt=1 (queue active)
Jun 9 20:25:31 linuxserver postfix/local[3601]: 300C430ED6A: to=<root@linuxserver.rdtech-online.com>, orig_to=<webmaster@rdtech-online.com>, relay=local, delay=0.2, delays=0.17/0/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
Jun 9 20:25:31 linuxserver postfix/qmgr[17252]: 300C430ED6A: removed
Jun 9 20:25:31 linuxserver postfix/smtpd[3597]: disconnect from bay0-omc2-s24.bay0.hotmail.com[65.54.246.160]
Reply With Quote
  #10  
Old 10th June 2008, 11:29
Rockdrala Rockdrala is offline
Senior Member
 
Join Date: Dec 2007
Posts: 140
Thanks: 7
Thanked 2 Times in 2 Posts
 
Default having the same problem.

Everythings looking fine in the logs up till june 8th when my email stopped working.

Good looking code below.

Code:
Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun  8 21:47:47 node1 dovecot: pop3-login: Login: user=<web3_marketing>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun  8 21:47:47 node1 dovecot: pop3-login: Login: user=<web1_dev>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun  8 21:47:47 node1 dovecot: POP3(web3_marketing): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun  8 21:47:47 node1 dovecot: POP3(web1_dev): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun  8 21:47:47 node1 dovecot: pop3-login: Login: user=<web3_sales>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun  8 21:47:47 node1 dovecot: pop3-login: Login: user=<web1_fax>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun  8 21:47:47 node1 dovecot: POP3(web3_sales): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun  8 21:47:47 node1 dovecot: POP3(web1_fax): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun  8 21:47:48 node1 dovecot: pop3-login: Login: user=<web1_lalocation>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun  8 21:47:48 node1 dovecot: POP3(web1_lalocation): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Normal code there.

Then all of the sudden

Code:
Jun  8 21:53:45 node1 postfix/smtpd[30125]: connect from unknown[125.187.32.184]
Jun  8 21:53:46 node1 postfix/smtpd[30125]: setting up TLS connection from unknown[125.187.32.184]
Jun  8 21:53:47 node1 postfix/smtpd[30125]: TLS connection established from unknown[125.187.32.184]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jun  8 21:53:47 node1 postfix/smtpd[30125]: DAF461438079: client=unknown[125.187.32.184]
Jun  8 21:53:48 node1 postfix/cleanup[30129]: DAF461438079: message-id=<20080609015251.15057.qmail@m19.mailyes.net>
Jun  8 21:53:48 node1 postfix/qmgr[30238]: DAF461438079: from=<like@r-pure.net>, size=1938, nrcpt=1 (queue active)
Jun  8 21:53:48 node1 postfix/local[30132]: DAF461438079: to=<root@mail.mydomainishere.com>, orig_to=<webmaster@mydomainishere.com>, relay=local, delay=1.2, delays=1.2/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Jun  8 21:53:48 node1 postfix/qmgr[30238]: DAF461438079: removed
Jun  8 21:53:49 node1 postfix/smtpd[30125]: disconnect from unknown[125.187.32.184]
research on 125.187.32.184 shows its some IP in korea
http://bsn.borderware.com/lookup.php?ip=125.187.32.184

Now this is the error message i recieve start recieving right after this hack on me.
Code:
Jun  8 21:57:09 node1 postfix/anvil[30127]: statistics: max connection rate 1/60s for (smtp:125.187.32.184) at Jun  8 21:53:45
Jun  8 21:57:09 node1 postfix/anvil[30127]: statistics: max connection count 1 for (smtp:125.187.32.184) at Jun  8 21:53:45
Jun  8 21:57:09 node1 postfix/anvil[30127]: statistics: max cache size 1 at Jun  8 21:53:45
Several questions.

Im not recieving emails after this apparant. Are they stealing emails?

What security hole in the TLS did they use for postfix?
How did they establish a connection so easily?

My RSA encryption is alphanumeric surely they would have had to try more then one time to brute force a TLS connection so this couldnt be a brute forced connection right?

How can i check my TLS security and settings?

What is (Postfix / Anvil)?

Key. (Domain and IP addresses have been changed to keep apparant spam spiders from taking advantage.)

mydomainishere = Is my domain
75.MY.IP.HERE = My client side or my server side public ip address.
node1 is my server nickname.

Last edited by Rockdrala; 10th June 2008 at 11:34.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
hotmail rejects outgoing email nzimas Server Operation 3 1st May 2009 04:39
Email server stopt working after power failure DaRKNeSS666NL General 17 14th January 2008 21:43
Email Forwarding not working grocal Installation/Configuration 5 12th September 2007 21:02
1 email working, but others arent? lipp9000 Installation/Configuration 8 22nd July 2006 17:35
email forwarding locally consumes all resources rdells General 20 1st May 2006 20:43


All times are GMT +2. The time now is 22:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.