Host xxx.xxx.xxx.xxx is not allowed to connect to this MariaDB server

Discussion in 'Installation/Configuration' started by Ganesan, Oct 10, 2018.

  1. Ganesan

    Ganesan New Member

    After restart postfix & amavis and try to send email, the mail.log is:
    Oct 10 23:40:46 hwamail amavis[23484]: Using primary internal av scanner code for ClamAV-clamd
    Oct 10 23:40:46 hwamail amavis[23484]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
    Oct 10 23:40:46 hwamail amavis[23484]: Deleting db files __db.002,nanny.db,snmp.db,__db.001,__db.003 in /var/lib/amavis/db
    Oct 10 23:40:46 hwamail amavis[23484]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.54, libdb 5.3
    Oct 10 23:42:41 hwamail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=23536, secured, session=<ywhltOF3JgAAAAAAAAAAAAAAAAAAAAAB>
    Oct 10 23:42:41 hwamail dovecot: imap([email protected]): Disconnected: Logged out in=306 out=128767
    Oct 10 23:42:41 hwamail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=23538, secured, session=<RAhmtOF3JwAAAAAAAAAAAAAAAAAAAAAB>
    Oct 10 23:42:41 hwamail dovecot: imap([email protected]): Disconnected: Logged out in=79 out=776
    Oct 10 23:43:13 hwamail postfix/smtpd[23549]: connect from localhost[::1]
    Oct 10 23:43:13 hwamail postfix/smtpd[23549]: warning: table "mysql:/etc/postfix/mysql-virtual_client.cf": empty query string -- ignored
    Oct 10 23:43:13 hwamail postfix/cleanup[23556]: warning: regexp map /etc/postfix/body_checks, line 1: ignoring unrecognized request
    Oct 10 23:43:13 hwamail postfix/smtpd[23549]: 8E00D40E14CD: client=localhost[::1]
    Oct 10 23:43:13 hwamail postfix/cleanup[23556]: 8E00D40E14CD: message-id=<[email protected]>
    Oct 10 23:43:13 hwamail postfix/qmgr[23428]: 8E00D40E14CD: from=<[email protected]>, size=742, nrcpt=1 (queue active)
    Oct 10 23:43:13 hwamail postfix/smtpd[23549]: disconnect from localhost[::1]
    Oct 10 23:43:13 hwamail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=23559, secured, session=<G9BRtuF3MAAAAAAAAAAAAAAAAAAAAAAB>
    Oct 10 23:43:14 hwamail dovecot: imap([email protected]): Disconnected: Logged out in=625 out=525
    Oct 10 23:43:14 hwamail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=23565, secured, session=<2bhYtuF3MwAAAAAAAAAAAAAAAAAAAAAB>
    Oct 10 23:43:14 hwamail dovecot: imap([email protected]): Disconnected: Logged out in=306 out=128767
    Oct 10 23:43:15 hwamail postfix/smtpd[23566]: connect from localhost[127.0.0.1]
    Oct 10 23:43:15 hwamail postfix/smtpd[23566]: 6183A40E3014: client=localhost[127.0.0.1]
    Oct 10 23:43:15 hwamail postfix/cleanup[23556]: 6183A40E3014: message-id=<[email protected]>
    Oct 10 23:43:15 hwamail postfix/qmgr[23428]: 6183A40E3014: from=<[email protected]>, size=1190, nrcpt=1 (queue active)
    Oct 10 23:43:15 hwamail amavis[23509]: (23509-01) Passed CLEAN {RelayedOutbound}, LOCAL [::1]:49594 [xxx.xxx.xxx.xxx] <[email protected]> -> <[email protected]>, Queue-ID: 8E00D40E14CD, $
    Oct 10 23:43:15 hwamail postfix/smtp[23558]: 8E00D40E14CD: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.9, delays=0.13/0/0/1.8, dsn=2.0.0, status=sent (250 2.0.0 fro$
    Oct 10 23:43:15 hwamail postfix/qmgr[23428]: 8E00D40E14CD: removed
    Oct 10 23:43:17 hwamail postfix/smtp[23567]: 6183A40E3014: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[172.217.194.26]:25, delay=2.1, delays=0.11/0.01/1.2/0.83, dsn=5.7.1, s$
    Oct 10 23:43:17 hwamail postfix/cleanup[23556]: 9A7A240E3015: message-id=<[email protected]>
    Oct 10 23:43:17 hwamail postfix/bounce[23568]: 6183A40E3014: sender non-delivery notification: 9A7A240E3015
    Oct 10 23:43:17 hwamail postfix/qmgr[23428]: 9A7A240E3015: from=<>, size=3799, nrcpt=1 (queue active)
    Oct 10 23:43:17 hwamail postfix/qmgr[23428]: 6183A40E3014: removed
    Oct 10 23:43:17 hwamail dovecot: lda([email protected]): sieve: msgid=<[email protected]>: forwarded to <[email protected]>
    Oct 10 23:43:17 hwamail postfix/pickup[23426]: E1ED740E301B: uid=5000 from=<MAILER-DAEMON>
    Oct 10 23:43:17 hwamail postfix/cleanup[23556]: E1ED740E301B: message-id=<[email protected]>
    Oct 10 23:43:18 hwamail postfix/qmgr[23428]: E1ED740E301B: from=<>, size=4031, nrcpt=1 (queue active)
    Oct 10 23:43:18 hwamail dovecot: lda([email protected]): sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
    Oct 10 23:43:18 hwamail postfix/pipe[23569]: 9A7A240E3015: to=<[email protected]>, relay=dovecot, delay=0.54, delays=0.1/0/0/0.43, dsn=2.0.0, status=sent (delivered via dovecot service)
    Oct 10 23:43:18 hwamail postfix/qmgr[23428]: 9A7A240E3015: removed
    Oct 10 23:43:19 hwamail postfix/smtpd[23576]: connect from localhost[127.0.0.1]
    Oct 10 23:43:19 hwamail postfix/smtpd[23576]: D183D40E3012: client=localhost[127.0.0.1]
    Oct 10 23:43:19 hwamail postfix/cleanup[23556]: D183D40E3012: message-id=<[email protected]>
    Oct 10 23:43:19 hwamail postfix/qmgr[23428]: D183D40E3012: from=<>, size=4475, nrcpt=1 (queue active)
    Oct 10 23:43:19 hwamail amavis[23510]: (23510-01) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] <> -> <[email protected]>, Message-ID: <[email protected]>, mail$
    Oct 10 23:43:19 hwamail postfix/smtp[23558]: E1ED740E301B: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=0.28/0/0/1.8, dsn=2.0.0, status=sent (250 2.0.0 from $
    Oct 10 23:43:19 hwamail postfix/qmgr[23428]: E1ED740E301B: removed
    Oct 10 23:43:20 hwamail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=23578, secured, session=<bIi7tuF3OgAAAAAAAAAAAAAAAAAAAAAB>
    Oct 10 23:43:20 hwamail dovecot: imap([email protected]): Disconnected: Logged out in=294 out=8488
    Oct 10 23:43:22 hwamail postfix/smtp[23567]: D183D40E3012: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[172.217.194.26]:25, delay=2.4, delays=0.09/0/1.4/0.95, dsn=5.7.1, status$
    Oct 10 23:43:22 hwamail postfix/qmgr[23428]: D183D40E3012: removed
    Oct 10 23:43:24 hwamail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=23580, secured, session=<0qb6tuF3OwAAAAAAAAAAAAAAAAAAAAAB>
    Oct 10 23:43:24 hwamail dovecot: imap([email protected]): Disconnected: Logged out in=306 out=128450
    Oct 10 23:43:28 hwamail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=23582, secured, session=<1bs5t+F3PAAAAAAAAAAAAAAAAAAAAAAB>
    Oct 10 23:43:28 hwamail dovecot: imap([email protected]): Disconnected: Logged out in=192 out=4500
    Oct 10 23:43:29 hwamail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=192.168.100.2, mpid=23585, TLS, session=<SZNCt+F3FAA6uagq>
    Oct 10 23:43:29 hwamail dovecot: imap([email protected]): Disconnected: Logged out in=32 out=444
     
  2. Ganesan

    Ganesan New Member

    Following is the non-delivery notification from gmail:
    This is the mail system at host hwamail.hwa.edu.sg. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <[email protected]>: host gmail-smtp-in.l.google.com[172.217.194.26] said: 550-5.7.1 [220.255.136.223] The IP you're using to send mail is not authorized 550-5.7.1 to send email directly to our servers. Please use the SMTP relay at 550-5.7.1 your service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError bi5-v6si24549353plb.62 - gsmtp (in reply to end of DATA command)

    2. Sorry, I didn't install roundcube.
     
  3. Ganesan

    Ganesan New Member

    In /var/log/mail.err, the following MySQL query timed out occurs but when I try on MySQL cli, I can get the password for the user.
    Oct 10 22:11:32 hwamail dovecot: auth-worker(2530): Error: mysql: Query timed out (no free connections for 60 secs): SELECT password FROM mail_user WHERE (login = '[email protected]' OR em$
    Oct 10 22:11:32 hwamail dovecot: auth-worker(2530): Error: sql([email protected],xxx.xxx.xxx.xxx): Password query failed: Not connected to database
    Oct 10 22:11:32 hwamail dovecot: auth: Error: auth worker: Aborted PASSV request for [email protected]: Lookup timed out
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Is your system configured to relay emails through gmail instead of sending them directly? Please post the /etc/postfix/main.cf file of your server.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Then try to send an email with your normal email client to the same email address that the mailbox which you use in that mail client belongs to. or in other words, send an email locally to yourself so that from and to address are the same.
     
  6. Ganesan

    Ganesan New Member

    My /etc/postfix/main.cf:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = /usr/share/doc/postfix

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = hwamail.hwa.edu.sg

    # mydomain = hwa.edu.sg
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname

    mydestination = hwamail.hwa.edu.sg, localhost, localhost.localdomain
    # mydestination = $mydomain hwamail.hwa.edu.sg, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    inet_protocols = all
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canon$
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
    smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
    message_size_limit = 0
     
  7. Ganesan

    Ganesan New Member

    I tried, I can send and receive from the same email without any problem.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, that's good. It means that the mail server itself is working fine. I also see that you don't have relay_host set, so the server should try to send emails by itself. I wonder if there might be another component in your network where the mails get routed trough might be affected by the outage and blocks the mails now? And you are sure that no mail arrived ion the gmail account, not even in spam folder? I don't see an error in the log for the last delivery attempt to gmail.
     
  9. Ganesan

    Ganesan New Member

    Yes, I am sure, the gmail account didn't get any email, even in spam folder.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    I must admit that I get a bit out of ideas as the mail system shows no errors in the log. Did you try sending to a different address than gmail too? Maybe you should consider having someone look directly at your server, e.g. Florian from ISPConfig Business support. You can reach him here: https://www.ispconfig.org/get-support/?type=ispconfig
     
  11. Ganesan

    Ganesan New Member

    I didn't change anything. Yesterday morning got power trip and restart the server, from there we can not send and receive emails.
     
  12. Ganesan

    Ganesan New Member

    For your info, I have file system quota problem.
    when I restart, I can see the message: Failed to start check and enable file system quotas.
    'systemctrl stats quota.service' for details.
    Is it cause the problem?
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    File system quota is not related to email, but it is a symptom that you filesystem might need to be checked for errors, e.g. with fsck command.
     
    Ganesan likes this.
  14. Ganesan

    Ganesan New Member

    Thank you.
     
  15. Ganesan

    Ganesan New Member

    I already submitted the ticket to ISPConfig Business support. Thank you so much.
     
  16. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    So what I can read from your messages is, that your server has the IP 220.255.136.223.
    When I lookup this one, it routes to bb220-255-136-223.singnet.com.sg (PTR record / reverse DNS).
    This looks quite like a dynamic ip. Google and other bigger providers don't like mails coming directly from dynamic ips as those are mostly spam. You need a real static server ip to route mails to the outside, or otherwise you will run into trouble (sooner or later, more likely sooner).
    The power outage might have been the reason because your router got a new ip assigned that is not accecpted as routing ip for mails directly to gmail.
     
  17. Ganesan

    Ganesan New Member

    Hi Croydon,
    Thanks much for your reply.

    I am using the public static IP address
     
  18. Ganesan

    Ganesan New Member

    Hi Croydon,
    Thank you very much to mention the dynamic IP. I have contacted the service provider and found the router spoiled.
     
  19. Ganesan

    Ganesan New Member

    Hi Mr Till,

    Thank you so much for your support.
    As Mr Croydon mentioned, the dynamic address causing the problem.
    In our school, we have 2 Broadband (1 static for staff & 1 dynamic for students). On that day, due to the power trip the staff network router spoiled and the dynamic (student network) auto connect.
    Now the problem solved.
    I am really sorry for the trouble.
     
    till likes this.

Share This Page