Mail-Error - Log filled with references to example.com

Discussion in 'ISPConfig 3 Priority Support' started by inside83, Jan 25, 2015.

  1. inside83

    inside83 Member

    Hello,

    I hope I'm not boring the support staff but I want my ISPconfig-enabled servers to run as smoothly as possible and I'm fairly new in the Linux world.
    My Mail-Error - Log (Monitor > Show Mail-Error - Log) is filled with "example.com" references. Right now "example.com" is mentioned 32 on the log page.
    It looks something like this:
    example.com_1.jpg
    example.com_2.jpg
    Is this normal?
    Should I be worried?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You must have example.com somewhere in the config files instead of your real domain name. try e.g.:

    grep -r example.com /etc

    to find it.
     
  3. inside83

    inside83 Member

    Should I replace all occurrences of example.com with mydomain.com?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. example.com is just a placeholder for yur real domain name.
     
  5. inside83

    inside83 Member

    Could that be done automatically?
    Like replace all example.com with mydomain.com.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    I wont do that automatically. There cant be that many places, maybe 2-3 files.
     
  7. inside83

    inside83 Member

    When I executed
    Code:
    grep -r example.com /etc
    the result had 58 lines before it frozen.
    This is the result:
    Code:
    grep: /etc/alternatives/jre_1.7.0/lib/audio/default.sf2: No such file or directory
    grep: /etc/alternatives/jre_openjdk/lib/audio/default.sf2: No such file or directory
    grep: /etc/alternatives/jre/lib/audio/default.sf2: No such file or directory
    /etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
    /etc/httpd/conf/httpd.conf:# Redirect permanent /foo http://www.example.com/bar
    /etc/httpd/conf/httpd.conf:#ErrorDocument 402 http://www.example.com/subscription_info.html
    /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:#    ServerAdmin [email protected]
    /etc/httpd/conf/httpd.conf:#    DocumentRoot /www/docs/dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    ServerName dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    ErrorLog logs/dummy-host.example.com-error_log
    /etc/httpd/conf/httpd.conf:#    CustomLog logs/dummy-host.example.com-access_log common
    /etc/httpd/conf.d/webalizer.conf:    # Allow from .example.com
    /etc/postfix/transport:#        In order to send mail for example.com and  its  subdomains
    /etc/postfix/transport:#             example.com      uucp:example
    /etc/postfix/transport:#             .example.com     uucp:example
    /etc/postfix/transport:#        directs  mail  for [email protected] via the slow transport
    /etc/postfix/transport:#        to a mail exchanger for example.com.  The  slow  transport
    /etc/postfix/transport:#             example.com      slow:
    /etc/postfix/transport:#        above).  The following sends all mail for example.com  and
    /etc/postfix/transport:#        its subdomains to host gateway.example.com:
    /etc/postfix/transport:#             example.com      :[gateway.example.com]
    /etc/postfix/transport:#             .example.com     :[gateway.example.com]
    /etc/postfix/transport:#        MX host for example.com.
    /etc/postfix/transport:#             example.com      smtp:bar.example:2025
    /etc/postfix/transport:#        This directs mail for [email protected] to host bar.example
    /etc/postfix/transport:#             .example.com     error:mail for *.example.com is not deliverable
    /etc/postfix/transport:#        This  causes  all mail for [email protected] to be
    /etc/amavisd/amavisd.conf~:$mydomain = 'example.com';   # a convenient default for other settings
    /etc/amavisd/amavisd.conf~:# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!
    /etc/amavisd/amavisd.conf~:# [email protected]'  => [[email protected]' => 10.0}],
    /etc/amavisd/amavisd.conf~:# [email protected]'  => [{'.ebay.com'                 => -3.0}],
    /etc/amavisd/amavisd.conf~:# [email protected]'  => [[email protected]' => -7.0,
    /etc/amavisd/amavisd.conf:# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!
    /etc/amavisd/amavisd.conf:# [email protected]'  => [[email protected]' => 10.0}],
    /etc/amavisd/amavisd.conf:# [email protected]'  => [{'.ebay.com'                 => -3.0}],
    /etc/amavisd/amavisd.conf:# [email protected]'  => [[email protected]' => -7.0,
    /etc/dovecot/conf.d/auth-static.conf.ext:#  args = proxy=y host=%1Mu.example.com nopassword=y
    /etc/dovecot/dovecot-sql.conf:#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
    /etc/krb5.conf:  kdc = kerberos.example.com
    /etc/krb5.conf:  admin_server = kerberos.example.com
    /etc/krb5.conf: .example.com = EXAMPLE.COM
    /etc/krb5.conf: example.com = EXAMPLE.COM
    /etc/mail/virtusertable:# @foo.org      [email protected]
    /etc/mail/virtusertable:# [email protected] [email protected]
    /etc/mail/virtusertable:# [email protected] [email protected]
    /etc/mail/virtusertable:# [email protected]    [email protected]
    /etc/mail/virtusertable:# [email protected]   [email protected]
    /etc/dovecot-sql.conf:#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
    /etc/php.ini:; following the section heading [HOST=www.example.com] only apply to
    /etc/php.ini:; PHP files served from www.example.com.  Directives set in these
    /etc/php.ini:;sendmail_from = [email protected]
    grep: /etc/udev/devices/ttyp7: Input/output error
    grep: /etc/udev/devices/kmsg: Operation not permitted
    
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Seems a bit as if there was a fifferent controlpanel installed before you installed ISPConfig as there are so many files that dont belong to a ispconfig setup. You should chcek the files in /etc/postfix, /etc/mail and /etc/amavisd/ directory. before you change a file, do a backup.
     
  9. inside83

    inside83 Member

    I swear there was nothing but CentOS before I installed ISPConfig.
    Thank you.
    I'll come back with the results.
     
  10. inside83

    inside83 Member

    etc/postfix
    only
    Code:
    /etc/postfix/transport
    and everything is uncommented
    etc/mail
    only
    Code:
    /etc/mail/virtusertable
    and everything is uncommented
    /etc/amavisd
    both files
    Code:
    /etc/amavisd/amavisd.conf
    /etc/amavisd/amavisd.conf~
    and in both files everything is uncommented exept
    Code:
    # soft-blacklisting (positive score)
         [email protected]'                     =>  3.0,
         '.example.net'                           =>  1.0,
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so thats all fine.

    Do you see these messages in the mailqueue when you run:

    postqueue -p

    If yes, then you could take a loo inside the message with the postcat command to see which application has send it.
     
  12. inside83

    inside83 Member

    This is what I get when I run
    postqueue - p
    But when I go to Monitor > Show Mail Queue in ISPConfig, there is nothing.
    It could not fit here in the post so here is the link:
    http://paste.ofcode.org/xeNUCDqAPMCwGaagZmLNiY
    Please help.
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

  14. inside83

    inside83 Member

    I just checked and ran
    grep -r example.com /etc/fail2ban
    There is
    Code:
    [email protected]
    in a lot of places in /etc/fail2ban/jail.conf
    Should I put my e-mail address instead?
    There is 'example.com' in other files too, but always uncommented.
    This is what I get when I execute
    postcat /var/spool/postfix/deferred/0/0196531A1FB8
    http://paste.ofcode.org/HcHNtV2ZnJwAvF2hgBEFzw
    It looks like Fail2Ban is informing me (or rather informing [email protected]) about it banning the IP address.
    Am I right?
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page