Sending e-mail not working: lost connection after CONNECT from localhost

Discussion in 'Installation/Configuration' started by Taleman, Nov 24, 2014.

  1. Taleman

    Taleman New Member HowtoForge Supporter

    Debian 6.10 Squeeze
    ISPConfig 3.0.5.4p5

    I updated ISPConfig from 3.0.4.6 to latest. I let it reconfigure services. That seems to have broken sending of e-mail. I believe the relevant error is in mail.log

    Code:
    Nov 24 10:35:01 ispc3 postfix/smtpd[15130]: connect from localhost[127.0.0.1]
    Nov 24 10:35:01 ispc3 postfix/smtpd[15130]: lost connection after CONNECT from localhost[127.0.0.1]
    Nov 24 10:35:01 ispc3 postfix/smtpd[15130]: disconnect from localhost[127.0.0.1]
    There is also:
    Code:
    Nov 24 10:35:05 ispc3 amavis[13498]: (!)DENIED ACCESS from IP 178.33.154.90, policy bank ''
    Nov 24 10:35:05 ispc3 amavis[13499]: (!)DENIED ACCESS from IP 178.33.154.90, policy bank ''
    [/CODE>
    
    If I run amavis in debug mode, I see errors like this:
    [CODE]Nov 24 11:15:05.216 posti.antenniserveri.fi /usr/sbin/amavisd-new[17060]: (!)DENIED ACCESS from IP 178.33.154.90, policy bank ''
    I tried putting back the copy of /etc/postfix/main.cf from before the ISPConfig update, but that does not seem to help. Now mailq keeps growing.

    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    IP-address(es) (as per ifconfig): ***.***.***.***, ***.***.***.***
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.0.5.4p5
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 5.3.3-7+squeeze22
    [INFO] php-cgi (used for cgi php in default vhost!) is version 5.3.3-7+squeeze22
    [WARN] Your php-cgi in /usr/lib/cgi-bin/ seems to be outdated and might contain a known exploit (-7+squeeze22)!
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
    	Apache 2 (PID 18420)
    [INFO] I found the following mail server(s):
    	Postfix (PID 12832)
    [INFO] I found the following pop3 server(s):
    	Courier Mailserver (PID 3526)
    [INFO] I found the following imap server(s):
    	Courier Mailserver (PID 3498)
    [INFO] I found the following ftp server(s):
    	PureFTP (PID 2264)
    
    ##### LISTENING PORTS #####
    (only		()
    Local		(Address)
    ***.***.***.***:587		(12832/master)
    [localhost]:587		(12832/master)
    [localhost]:909		(1157/famd)
    [localhost]:783		(2288/spamd.pid)
    [anywhere]:111		(895/portmap)
    ***.***.***.***:465		(12832/master)
    [localhost]:465		(12832/master)
    [anywhere]:113		(2172/inetd)
    [anywhere]:21		(2264/pure-ftpd)
    ***.***.***.***:53		(2130/mydns)
    ***.***.***.***:53		(2130/mydns)
    [localhost]:53		(2130/mydns)
    [anywhere]:22		(1175/sshd)
    [anywhere]:43224		(907/rpc.statd)
    ***.***.***.***:25		(12832/master)
    [localhost]:25		(12832/master)
    [anywhere]:2812		(1132/monit)
    [localhost]:60000		(2245/postgrey.pid)
    [localhost]:10024		(17045/amavisd)
    [localhost]:10025		(12832/master)
    [anywhere]:3306		(1375/mysqld)
    [localhost]10		(3526/couriertcpd)
    [localhost]43		(3498/couriertcpd)
    *:*:*:*::*:8080		(18420/apache2)
    *:*:*:*::*:80		(18420/apache2)
    *:*:*:*::*:8081		(18420/apache2)
    *:*:*:*::*:21		(2264/pure-ftpd)
    *:*:*:*::*:53		(2130/mydns)
    *:*:*:*::*:22		(1175/sshd)
    *:*:*:*::*:443		(18420/apache2)
    *:*:*:*::*:993		(3515/couriertcpd)
    *:*:*:*::*:995		(3538/couriertcpd)
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination      
    
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats the ispconfig monitor, the message indicates that postfix is reachable. so that not an error.

    according to your amavis problem, it seems as if you send emails to amavis from your external IP address and not from localhost or that you configured your external IP as localhost in /etc/hosts. Normally you send emails to amavis from localhost, IP 127.0.0.1) and amavis will only accept mails from that IP address.
     
  3. Taleman

    Taleman New Member HowtoForge Supporter

    I just realized the e-mail server does not receive mails from outside anymore.

    I'll see what amavis configs show about IP-addressess. The /etc/hosts has correct localhost and 127.... stuff.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    According to the error:

    Nov 24 10:35:05 ispc3 amavis[13498]: (!)DENIED ACCESS from IP 178.33.154.90, policy bank ''
    Nov 24 10:35:05 ispc3 amavis[13499]: (!)DENIED ACCESS from IP 178.33.154.90, policy bank ''

    the postfix on yur server tries to access amavis from your external Ip and not localhost. On which IP addresses is postfix listening?
     
  5. Taleman

    Taleman New Member HowtoForge Supporter

    I have now added 60-custom file to /etc/amavis/conf.d and restarted amavis.

    @inet_acl=qw( 127.0.0.1 [::1] 999.999.999.90 );

    where the IP number is a single number of the e-mail server external address. Should I put network address and mask there so all IP-numbers of this host are included?

    Does not help.

    I then restarted all email services. That did not help either.
     
  6. Taleman

    Taleman New Member HowtoForge Supporter

    Seems it is working now

    Finally mailq started emptying.

    Seems adding the custom file to amavis config did help, I did not wait enough to see the results.

    I'll continue testing other stuff, there may be other misconfigurations I have not noticed yet.

    Very much thanks for the help.
     
  7. conductive

    conductive Member

    I was not receiving mail either. As it turns out somebody had cracked one of my mail boxes and swas sending out loads of spam. Check mail.warn for attempted logins and mail.log for <[email protected]>
     

Share This Page