Email server stopt working after power failure

Discussion in 'General' started by DaRKNeSS666NL, Jan 5, 2008.

  1. DaRKNeSS666NL

    DaRKNeSS666NL HowtoForge Supporter

    Oke,

    After a great year with a working server, we had a power failure over here.

    Now I can't receive any mails no more! So something went wrong with the server configuration. I honestly don't know whereto look for it. Its has something to do with the smtp config. If I send an email with gmail to the server I am getting this mail:
    Code:
    Technical details of permanent failure:
    PERM_FAILURE: SMTP Error (state 13): 550 Relaying denied
    
      ----- Original message -----
    
    Received: by 10.115.58.1 with SMTP id l1mr17750318wak.110.1199530664873;
           Sat, 05 Jan 2008 02:57:44 -0800 (PST)
    Received: by 10.114.179.4 with HTTP; Sat, 5 Jan 2008 02:57:44 -0800 (PST)
    Message-ID: <9f2294380801050257r4e615bdes96ab280b29a93883@mail.gmail.com>
    Date: Sat, 5 Jan 2008 11:57:44 +0100
    From: "DaRK NeSS" <darkness666nl@gmail.com>
    To: "Appie - Domestic Violence" <appie@domestic-violence.nl>
    Subject: Re: email test uitwendig
    In-Reply-To: <000501c84f89$67affdc0$370ff940$@nl>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
           boundary="----=_Part_22102_12366948.1199530664865"
    References: <000501c84f89$67affdc0$370ff940$@nl>
    
    ------=_Part_22102_12366948.1199530664865
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: 7bit
    Content-Disposition: inline
    
    

    Is there an command to test the server? Does anybody can offer me an hand?

    TIA
     
  2. till

    till Super Moderator

    Please have a look in the mail log file and post the errors you got there.
     
  3. DaRKNeSS666NL

    DaRKNeSS666NL HowtoForge Supporter

    My mail log does have as far I can see no email errors only from the virus scanner

    /var/log/mail.log
    Code:
    Jan  6 12:17:40 dcs-server freshclam[4366]: Received signal: wake up 
    Jan  6 12:17:40 dcs-server freshclam[4366]: ClamAV update process started at Sun Jan  6 12:17:40 2008 
    Jan  6 12:17:40 dcs-server freshclam[4366]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES 
    Jan  6 12:17:40 dcs-server freshclam[4366]: See the FAQ at http://www.clamav.net/support/faq for an explanation. 
    Jan  6 12:17:40 dcs-server freshclam[4366]: Can't query current.cvd.clamav.net 
    Jan  6 12:17:40 dcs-server freshclam[4366]: Invalid DNS reply. Falling back to HTTP mode. 
    Jan  6 12:17:40 dcs-server freshclam[4366]: Reading CVD header (main.cvd): 
    Jan  6 12:17:45 dcs-server freshclam[4366]: Can't get information about database.clamav.net: Temporary DNS error 
    Jan  6 12:17:45 dcs-server freshclam[4366]: Can't read main.cvd header from database.clamav.net (IP: ) 
    Jan  6 12:17:45 dcs-server freshclam[4366]: Trying again in 5 secs... 
    Jan  6 12:17:50 dcs-server freshclam[4366]: ClamAV update process started at Sun Jan  6 12:17:50 2008 
    Jan  6 12:17:50 dcs-server freshclam[4366]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES 
    Jan  6 12:17:50 dcs-server freshclam[4366]: See the FAQ at http://www.clamav.net/support/faq for an explanation. 
    Jan  6 12:17:50 dcs-server freshclam[4366]: Can't query current.cvd.clamav.net 
    Jan  6 12:17:50 dcs-server freshclam[4366]: Invalid DNS reply. Falling back to HTTP mode. 
    Jan  6 12:17:50 dcs-server freshclam[4366]: Reading CVD header (main.cvd): 
    Jan  6 12:18:00 dcs-server freshclam[4366]: Can't get information about database.clamav.net: Temporary DNS error 
    Jan  6 12:18:00 dcs-server freshclam[4366]: Can't read main.cvd header from database.clamav.net (IP: ) 
    Jan  6 12:18:00 dcs-server freshclam[4366]: Trying again in 5 secs... 
    Jan  6 12:18:05 dcs-server freshclam[4366]: ClamAV update process started at Sun Jan  6 12:18:05 2008 
    Jan  6 12:18:05 dcs-server freshclam[4366]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES 
    Jan  6 12:18:05 dcs-server freshclam[4366]: See the FAQ at http://www.clamav.net/support/faq for an explanation. 
    Jan  6 12:18:05 dcs-server freshclam[4366]: Can't query current.cvd.clamav.net 
    Jan  6 12:18:05 dcs-server freshclam[4366]: Invalid DNS reply. Falling back to HTTP mode. 
    Jan  6 12:18:05 dcs-server freshclam[4366]: Reading CVD header (main.cvd): 
    Jan  6 12:18:10 dcs-server freshclam[4366]: Can't get information about database.clamav.net: Temporary DNS error 
    Jan  6 12:18:10 dcs-server freshclam[4366]: Can't read main.cvd header from database.clamav.net (IP: ) 
    Jan  6 12:18:10 dcs-server freshclam[4366]: Giving up on database.clamav.net... 
    Jan  6 12:18:10 dcs-server freshclam[4366]: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons. 
    Jan  6 12:18:10 dcs-server freshclam[4366]: -------------------------------------- 
    Jan  6 12:40:29 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  6 12:40:29 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
    Jan  6 12:40:29 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  6 12:40:29 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  6 12:40:29 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
    Jan  6 12:40:30 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=1
    Jan  6 12:40:30 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  6 12:40:30 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
    Jan  6 12:40:30 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  6 13:10:39 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  6 13:10:39 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
    Jan  6 13:10:39 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  6 13:10:39 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  6 13:10:39 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
    Jan  6 13:10:39 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  6 13:10:39 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  6 13:10:39 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
    Jan  6 13:10:39 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  6 13:16:52 dcs-server postfix/master[18012]: terminating on signal 15
    Jan  6 13:16:53 dcs-server postfix/master[30790]: daemon started -- version 2.3.3, configuration /etc/postfix
    
     
  4. falko

    falko Super Moderator

    Do you have network connectivity? Can you resolve DNS names? What's in /etc/resolv.conf?
     
  5. DaRKNeSS666NL

    DaRKNeSS666NL HowtoForge Supporter

    In my /etc/resolv.conf
    Code:
    nameserver 192.168.1.1
    Its the routers IP adress
     
  6. falko

    falko Super Moderator

    Please try this instead:
    Code:
    nameserver 145.253.2.75
    nameserver 193.174.32.18
     
  7. DaRKNeSS666NL

    DaRKNeSS666NL HowtoForge Supporter

    Done that now and no go.

    But they are just name servers right?
    So I can put more of my own in then? Like 213.51.129.37 for example that one is from my isp.
     
  8. DaRKNeSS666NL

    DaRKNeSS666NL HowtoForge Supporter

    Okee, Its little bit better now but I can't see any emails.

    I know that the mail is deliverd to my server I can see that in my rollernet logs

    Code:
    Message from mail.rollernet.us accepted by 84.31.***.** (www.***-online.nl) after 3 seconds.
    	From: Queue F4060582F79D
    To: info@d******-violence.nl
    Date: 2008-01-08 21:48:58 	sent (250 2.0.0 Ok: queued as 8CBF97F4041)
    Also in my webmail (roundcube) no email is ariving
     
  9. till

    till Super Moderator

    Which messages do you get in the mail log of the receiving mailserver?
     
  10. DaRKNeSS666NL

    DaRKNeSS666NL HowtoForge Supporter

    Here it is I Have noticed 2 warnings One from clamav that its outdated and needs to update.

    And the most related one I think are the last few lines. If I read correctly the mail server sees all the email as dangerous or unknown and removes them.

    Code:
    Jan  9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
    Jan  9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
    Jan  9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
    Jan  9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  9 21:24:23 dcs-server courierpop3login: Connection, ip=[::ffff:84.198.59.205]
    Jan  9 21:24:23 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_toon, ip=[::ffff:84.198.59.205]
    Jan  9 21:24:23 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_toon, ip=[::ffff:84.198.59.205], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  9 21:39:05 dcs-server freshclam[4376]: Received signal: wake up 
    Jan  9 21:39:05 dcs-server freshclam[4376]: ClamAV update process started at Wed Jan  9 21:39:05 2008 
    Jan  9 21:39:05 dcs-server freshclam[4376]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES 
    Jan  9 21:39:05 dcs-server freshclam[4376]: See the FAQ at http://www.clamav.net/support/faq for an explanation. 
    Jan  9 21:39:05 dcs-server freshclam[4376]: Your ClamAV installation is OUTDATED! 
    Jan  9 21:39:05 dcs-server freshclam[4376]: Local version: 0.91.2 Recommended version: 0.92 
    Jan  9 21:39:05 dcs-server freshclam[4376]: DON'T PANIC! Read http://www.clamav.net/support/faq 
    Jan  9 21:39:05 dcs-server freshclam[4376]: main.inc is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven) 
    Jan  9 21:39:05 dcs-server freshclam[4376]: daily.inc is up to date (version: 5459, sigs: 21320, f-level: 21, builder: ccordes) 
    Jan  9 21:39:05 dcs-server freshclam[4376]: -------------------------------------- 
    Jan  9 22:01:15 dcs-server courierpop3login: Connection, ip=[::ffff:90.128.161.215]
    Jan  9 22:01:15 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215]
    Jan  9 22:01:15 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  9 22:31:21 dcs-server courierpop3login: Connection, ip=[::ffff:90.128.161.215]
    Jan  9 22:31:21 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215]
    Jan  9 22:31:21 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
    Jan  9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
    Jan  9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
    Jan  9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
    Jan  9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
    Jan  9 22:46:37 dcs-server postfix/smtpd[13672]: connect from unknown[208.11.75.2]
    Jan  9 22:46:38 dcs-server postfix/smtpd[13672]: setting up TLS connection from unknown[208.11.75.2]
    Jan  9 22:46:38 dcs-server postfix/smtpd[13672]: TLS connection established from unknown[208.11.75.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
    Jan  9 22:46:38 dcs-server postfix/smtpd[13672]: F095C7F4041: client=unknown[208.11.75.2]
    Jan  9 22:46:39 dcs-server postfix/cleanup[13676]: F095C7F4041: message-id=<f07c7c440801091150n53b9a144t4ddbe8188422bcb8@mail.gmail.com>
    Jan  9 22:46:39 dcs-server postfix/qmgr[23609]: F095C7F4041: from=<domesticviolence.nl@gmail.com>, size=3075, nrcpt=1 (queue active)
    Jan  9 22:46:39 dcs-server postfix/smtpd[13672]: disconnect from unknown[208.11.75.2]
    Jan  9 22:46:39 dcs-server procmail[13678]: Suspicious rcfile "/var/www/web5/user/domestic-violence.nl_info/.procmailrc"
    Jan  9 22:46:39 dcs-server postfix/local[13677]: F095C7F4041: to=<domestic-violence.nl_info@dcs-server.dcs-online.nl>, orig_to=<info@domestic-violence.nl>, relay=local, delay=0.3, delays=0.26/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
    Jan  9 22:46:39 dcs-server postfix/qmgr[23609]: F095C7F4041: removed
    This is the /var/www/web5/user/domestic-violence.nl_info/.procmailrc
    Code:
    MAILDIR=$HOME/Maildir/
    DEFAULT=$MAILDIR
    ORGMAIL=$MAILDIR
    
    INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.mailsize.rc
    ## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.quota.rc
    INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.antivirus.rc
    ## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.local-rules.rc
    ## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.html-trap.rc
    INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.spamassassin.rc
    ## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.autoresponder.rc
    I am currently running the update to version.....19. Mabey that will help.
     
    Last edited: Jan 9, 2008
  11. falko

    falko Super Moderator

    What's the output of
    Code:
    ls -la /var/www/web5/user/domestic-violence.nl_info
    ?
     
  12. DaRKNeSS666NL

    DaRKNeSS666NL HowtoForge Supporter

    The output

    Code:
    total 132
    drwxrwxrwx  5 domestic-violence.nl_info  web5  4096 2007-05-11 00:11 .
    drwxrwxrwx 10 domestic-violence.nl_appie web5  4096 2007-12-15 16:57 ..
    -rw-r--r--  1 root                       root   103 2008-01-09 00:57 .antivirus.                                                                             rc
    -rw-r--r--  1 root                       root   816 2008-01-09 00:57 .autorespon                                                                             der.rc
    -rw-------  1 domestic-violence.nl_info  web5    24 2008-01-09 00:57 .forward
    -rw-r--r--  1 root                       root 67866 2008-01-09 00:57 .html-trap.                                                                             rc
    -rw-r--r--  1 root                       root  3889 2008-01-09 00:57 .local-rule                                                                             s.rc
    drwx------ 10 domestic-violence.nl_info  web5  4096 2007-06-30 21:23 Maildir
    -rw-r--r--  1 root                       root   204 2008-01-09 00:57 .mailsize.r                                                                             c
    -rw-r--r--  1 root                       root   556 2008-01-09 00:57 .procmailrc
    -rw-r--r--  1 root                       root   656 2008-01-09 00:57 .quota.rc
    drwxrwxrwx  2 domestic-violence.nl_info  web5  4096 2007-12-26 13:18 .spamassass                                                                             in
    -rw-r--r--  1 root                       root  1161 2008-01-09 00:57 .spamassass                                                                             in.rc
    -rw-r--r--  1 root                       root  2039 2008-01-09 00:57 .user_prefs
    -rw-r--r--  1 root                       root    32 2008-01-09 00:57 .vacation.m                                                                             sg
    drwxrwxrwx  2 domestic-violence.nl_info  web5  4096 2007-04-01 12:34 web
    
     
  13. falko

    falko Super Moderator

    /var/www/web5/user/domestic-violence.nl_info and /var/www/web5/user must have 755 permissions.

    Code:
    chmod 755 /var/www/web5/user/domestic-violence.nl_info
    chmod 755 /var/www/web5/user
     
  14. DaRKNeSS666NL

    DaRKNeSS666NL HowtoForge Supporter

    Falco,
    That worked for my info account. Is there a simple way to chmod all my accounts? Or must I manually chmod all of them?

    edit,
    I have used the same chmod code voor my account appie but that doesn't worked for me.
    Code:
    chmod 755 /var/www/web5/user/domestic-violence.nl_appie
    chmod 755 /var/www/web5/user

    BTW what has hapend with my server (besides the power failure) that the rights have been chanced? could it be a virus or an hack? And is it better to start with a clean install?
     
    Last edited: Jan 11, 2008
  15. falko

    falko Super Moderator

    I'd do it manually to avoid that you accidentally mess up permissions.

    Make sure that none of the directories in the path up to /var/www/web5/user/domestic-violence.nl_appie has 777 permissions. They should be 755.


    Did you maybe do a recursive chmod on your directories?
     
  16. DaRKNeSS666NL

    DaRKNeSS666NL HowtoForge Supporter

    I manually changed the directories and at the moment all is working again.

    I didn't do anything with my server. I only had 2 times an power failure, can it be that the instant shutdown changed the rights?
    I think its saver to start over again. Working already on an older pc to get it to work with ISPconfig, so I can format the server.

    Again thanks for you help mabey I will need it again tommorow;)
     
  17. falko

    falko Super Moderator

    I don't think so. Maybe you should check your server with chkrootkit and rkhunter.
     
  18. DaRKNeSS666NL

    DaRKNeSS666NL HowtoForge Supporter

    I have checked with the 2 programs. I did get some warnings, but I installed a clean ubuntu server and there I got the same warnings.

    So for now its working again. I am going to put the site on my backup server I have just created and will do an clean install of my primary server.

    Thanks again.
     

Share This Page