Amavis: DENIED ISPCONFIG: ACCESS from IP x.x.x.x DENIED / cant recieve emails

Discussion in 'Installation/Configuration' started by KaiserGimmel, Oct 16, 2009.

  1. KaiserGimmel

    KaiserGimmel New Member

    Hello guys,

    i googled a lot and apparently i cant find a solution for my problem.
    I installed ispconfig the 3rd time today (ISPConfig 3.0.1.5 and .6) - even set up my vserver again.

    I did everything like in the tutorial for debian lenny - but i cant receive emails. Something is wrong with amavis:

    Code:
    root@torchwood:~$ tail /var/log/mail.log
    Oct 16 20:23:06 torchwood postfix/smtpd[16182]: connect from moutng.kundenserver.de[212.227.17.8]
    Oct 16 20:23:06 torchwood postfix/smtpd[16182]: 6D60667CA42: client=moutng.kundenserver.de[212.227.17.8]
    Oct 16 20:23:06 torchwood postfix/cleanup[16189]: 6D60667CA42: message-id=<4AD8D626.1020007@sender.de>
    Oct 16 20:23:06 torchwood postfix/qmgr[12030]: 6D60667CA42: from=<me@sender.de>, size=8269, nrcpt=1 (queue active)
    Oct 16 20:23:06 torchwood postfix/smtpd[16182]: disconnect from moutng.kundenserver.de[212.227.17.8]
    [COLOR="Red"]Oct 16 20:23:06 torchwood amavis[31237]: (!)DENIED ACCESS from IP 77.237.241.239, policy bank ''[/COLOR]
    Oct 16 20:23:06 torchwood postfix/smtp[16190]: 6D60667CA42: to=<max@reciever.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.04, delays=0.03/0.01/0/0, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
    at first i had the problem that postfix couldnt connect to the mysql because of permission problems. I fixed that after i copied the ispconfig user and added it to connect from my hostname. Im wondering what went wrong in the install.php - there was the correct hostname entered. Google said i should modify the amavis 50-user config and add an my ip there - but that didnt helped me...

    In the case its related to the amavis problem:
    Code:
    root@torchwood:~# cat /etc/hosts
    77.237.241.239  torchwood.melcher.it torchwood
    127.0.0.1 localhost.localdomain localhost
    Code:
    root@torchwood:/home# hostname -f
    torchwood.melcher.it
    root@torchwood:/home# hostname
    torchwood.melcher.it
    what i tried:
    Code:
    telnet localhost 10024 => Connection closed by foreign host.
    Code:
    netstat -tulpn | grep 10024 => tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      30817/amavisd (mast
    if i try to send an email the same happens:
    Code:
    Oct 16 20:35:32 torchwood postfix/smtpd[21268]: connect from ppp-93-104-79-85.dynamic.mnet-online.de[93.104.79.85]
    Oct 16 20:35:32 torchwood postfix/smtpd[21268]: 810A067CA47: client=ppp-93-104-79-85.dynamic.mnet-online.de[93.104.79.85], sasl_method=PLAIN, sasl_username=max@melcher.it
    Oct 16 20:35:32 torchwood postfix/cleanup[21475]: 810A067CA47: message-id=<4AD8D912.5080801@melcher.it>
    Oct 16 20:35:32 torchwood postfix/qmgr[21072]: 810A067CA47: from=<max@melcher.it>, size=664, nrcpt=1 (queue active)
    Oct 16 20:35:32 torchwood amavis[31240]: (!)DENIED ACCESS from IP 77.237.241.239, policy bank ''
    Oct 16 20:35:32 torchwood postfix/smtp[21073]: 810A067CA47: to=<me@maxmelcher.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.17, delays=0.17/0/0/0, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)

    Please help me - its urgent!
    many thanks in advance
    Max
     
  2. KaiserGimmel

    KaiserGimmel New Member

    I added into /etc/amavis/conf.d/50-user :
    Code:
    @inet_acl = qw( 127.0.0.1 [::1] 77.237.241.239 );
    $inet_socket_bind = undef;
    now i can connect with telnet localhost 10024 but i still cant get emails. :(
     
  3. falko

    falko Super Moderator

    What's the output of
    Code:
    netstat -tap
    ? Are there any other errors in your mail log now?
     
  4. KaiserGimmel

    KaiserGimmel New Member

    Hello Falk,

    thanks for your reply:

    Code:
    root@torchwood:~# netstat -tap
    Aktive Internetverbindungen (Server und stehende Verbindungen)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 *:imaps                 *:*                     LISTEN      9677/couriertcpd
    tcp        0      0 *:pop3s                 *:*                     LISTEN      9700/couriertcpd
    tcp        0      0 *:10024                 *:*                     LISTEN      9142/amavisd (maste
    tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      9764/master
    tcp        0      0 *:mysql                 *:*                     LISTEN      9208/mysqld
    tcp        0      0 *:pop3                  *:*                     LISTEN      9688/couriertcpd
    tcp        0      0 *:imap2                 *:*                     LISTEN      9664/couriertcpd
    tcp        0      0 localhost.localdo:spamd *:*                     LISTEN      9286/spamd.pid
    tcp        0      0 *:http-alt              *:*                     LISTEN      7874/apache2
    tcp        0      0 *:www                   *:*                     LISTEN      7874/apache2
    tcp        0      0 *:ftp                   *:*                     LISTEN      9775/pure-ftpd (SER
    tcp        0      0 *:ssh                   *:*                     LISTEN      9115/sshd
    tcp        0      0 *:smtp                  *:*                     LISTEN      473/smtpd
    tcp        0      0 *:https                 *:*                     LISTEN      7874/apache2
    tcp        1      0 torchwood.melcher.:smtp mx002.twitter.com:35603 CLOSE_WAIT  13470/smtpd
    tcp        0      0 torchwood.melcher:49089 localhost.locald:sunrpc TIME_WAIT   -
    tcp        1      0 torchwood.melcher.:smtp mx003.twitter.com:48117 CLOSE_WAIT  13340/smtpd
    tcp        0      0 torchwood.melcher:imaps ppp-93-104-23-229:49175 VERBUNDEN   32444/couriertls
    tcp        1      0 torchwood.melcher.:smtp mx003.twitter.com:56442 CLOSE_WAIT  14643/smtpd
    tcp        0      0 torchwood.melc:http-alt ppp-93-104-23-229:49453 TIME_WAIT   -
    tcp        1      0 torchwood.melcher.:smtp mx001.twitter.com:60968 CLOSE_WAIT  27205/smtpd
    tcp        0      0 torchwood.melcher:imaps ppp-93-104-23-229:49215 VERBUNDEN   32574/couriertls
    tcp        0      0 torchwood.melc:http-alt ppp-93-104-23-229:49463 TIME_WAIT   -
    tcp        0      0 localhost.localdo:mysql torchwood.melcher:46900 TIME_WAIT   -
    tcp        1      0 torchwood.melcher.:smtp mx001.twitter.com:60966 CLOSE_WAIT  9031/smtpd
    tcp        1      0 torchwood.melcher.:smtp mx002.twitter.com:44990 CLOSE_WAIT  736/smtpd
    tcp        1      0 torchwood.melcher.:smtp mx002.twitter.com:58734 CLOSE_WAIT  19082/smtpd
    tcp        0      0 torchwood.melcher.i:www ppp-93-104-23-229:49306 TIME_WAIT   -
    tcp        1      0 torchwood.melcher.:smtp moutng.kundenserv:62288 CLOSE_WAIT  13898/smtpd
    tcp        0      0 torchwood.melc:http-alt ppp-93-104-23-229:49452 TIME_WAIT   -
    tcp        1      0 torchwood.melcher.:smtp mx003.twitter.com:40247 CLOSE_WAIT  23661/smtpd
    tcp        1      0 torchwood.melcher.:smtp mx003.twitter.com:39664 CLOSE_WAIT  15840/smtpd
    tcp        0   3700 torchwood.melcher.i:ssh ppp-93-104-23-229:49167 VERBUNDEN   32432/sshd: kaos [p
    tcp        0      0 torchwood.melcher.:smtp moutng.kundenserv:54078 VERBUNDEN   32529/smtpd
    tcp        0      0 torchwood.melc:http-alt ppp-93-104-23-229:49454 TIME_WAIT   -
    tcp        0      0 torchwood.melcher:imaps ppp-93-104-23-229:49214 VERBUNDEN   32572/couriertls
    tcp        1      0 torchwood.melcher.:smtp mx004.twitter.com:44535 CLOSE_WAIT  14859/smtpd
    tcp        1      0 torchwood.melcher.:smtp mx007.twitter.com:40430 CLOSE_WAIT  14271/smtpd
    tcp        0      0 torchwood.melc:http-alt ppp-93-104-23-229:49455 TIME_WAIT   -
    tcp        0      0 localhost.localdo:mysql torchwood.melcher:46901 TIME_WAIT   -
    tcp        0      0 torchwood.melcher:60208 localhost.locald:sunrpc TIME_WAIT   -
    
    i got it working after I added my external ip to the main.conf of postfix with
    -o mynetworks=[external_ip]

    at 05:00 i got this in the log and mails are not deliverd again:

    Code:
    Oct 17 05:10:51 torchwood amavis[30901]: (30901-14) (!)rw_loop: leaving rw loop, no progress
    Oct 17 05:10:51 torchwood postfix/proxymap[26293]: warning: connect to mysql server 127.0.0.1: Host 'torchwood.melcher.it' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
    Oct 17 05:10:51 torchwood postfix/proxymap[26293]: warning: connect to mysql server 127.0.0.1: Host 'torchwood.melcher.it' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
    Oct 17 05:10:51 torchwood postfix/trivial-rewrite[23493]: fatal: proxy:mysql:/etc/postfix/mysql-virtual_domains.cf(0,lock|fold_fix): table lookup problem
    Oct 17 05:10:51 torchwood postfix/trivial-rewrite[23494]: fatal: proxy:mysql:/etc/postfix/mysql-virtual_domains.cf(0,lock|fold_fix): table lookup problem
    Oct 17 05:10:51 torchwood postfix/trivial-rewrite[23495]: fatal: proxy:mysql:/etc/postfix/mysql-virtual_domains.cf(0,lock|fold_fix): table lookup problem
    Oct 17 05:10:51 torchwood postfix/trivial-rewrite[23501]: fatal: proxy:mysql:/etc/postfix/mysql-virtual_domains.cf(0,lock|fold_fix): table lookup problem
    
    I'm wondering why this case is not covered by the installation of ipconfig...
    I've done the flush-host thing and now I'm googling how to fix the queries per day thing... I assume that somehow connects from my local machine to my local machine are not treated as local connections - but I really dont know why... -.-

    suggestions?
    so long
    Max

    p.s. as you see in the netstat there are a lot of open connections - at least the mails didnt get bounced... :)
     

Share This Page