Unable to receve email

Discussion in 'Server Operation' started by aberrio, Jul 1, 2009.

  1. aberrio

    aberrio New Member

    Hello,

    After restore a configuration file I am not able to receive email. I am able to send. Messages do not hit the mail queue any suggestion. DNS server is resolving correctly. Also had disable firewall..no good......Server works for a year without prolmes


    here is my config files

    main.cfg..

    # --------------- local settings ------------------
    myhostname = mail.xxxxxxx.com
    mydomain = xxxxxxx.com
    inet_interfaces = localhost, $myhostname
    alias_maps =
    alias_database =
    relay_domains = mysql:$config_directory/mysql_relay_domains_maps.cf
    smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
    debug_peer_level = 2
    debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail
    newaliases_path = /usr/bin/newaliases
    command_directory = /usr/sbin
    daemon_directory = /usr/lib/postfix
    mailq_path = /usr/bin/mailq
    setgid_group = maildrop
    mynetworks_style = host
    mynetworks = 127.0.0.0/8
    #mydestination = localhost, $myhostname
    mydestination = localhost
    unknown_local_recipient_reject_code = 550
    address_verify_map = btree:/var/lib/postfix/address_verify
    inet_protocols = all
    biff = no
    content_filter = smtp-amavis:[127.0.0.1]:10024
    # ---------------------- VIRTUAL DOMAINS START ----------------------
    virtual_mailbox_domains = mysql:$config_directory/mysql_virtual_domains_maps.cf
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_maps = mysql:$config_directory/mysql_virtual_mailbox_maps.cf
    virtual_alias_maps = mysql:$config_directory/mysql_virtual_alias_maps.cf
    virtual_minimum_uid = 150
    virtual_uid_maps = static:150
    virtual_gid_maps = static:8
    #virtual_transport = dovecot
    virtual_transport = virtual
    dovecot_destination_recipient_limit = 1
    # ---------------------- VIRTUAL DOMAINS END ----------------------
    # ---------------------- ADDITIONAL FOR QUOTA SUPPORT -------------
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
    virtual_overquota_bounce = yes
    # ---------------------- ADDITIONAL FOR QUOTA SUPPORT END -----
    # ---------------------- SASL PART START ----------------------
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_password_maps =
    smtpd_sasl_auth_enable = yes
    smtpd_tls_auth_only = no
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    #smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    # ---------------------- SASL PART END ----------------------
    # ---------------------- TLS PART START ----------------------
    smtp_use_tls = yes
    smtp_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtp_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache

    smtpd_use_tls = yes
    smtpd_tls_security_level = may
    smtpd_tls_received_header = no
    smtpd_tls_ask_ccert = no
    smtpd_tls_loglevel = 0
    tls_random_source = dev:/dev/urandom
    # ---------------------- TLS PART END ----------------------
    smtpd_helo_required = yes
    disable_vrfy_command = yes
    strict_rfc821_envelopes = yes
    maps_rbl_reject_code = 450
    invalid_hostname_reject_code = 554
    multi_recipient_bounce_reject_code = 554
    non_fqdn_reject_code = 554
    relay_domains_reject_code = 554
    unknown_address_reject_code = 554
    unknown_client_reject_code = 554
    unknown_hostname_reject_code = 554
    unknown_local_recipient_reject_code = 554
    unknown_relay_recipient_reject_code = 554
    unknown_sender_reject_code = 554
    unknown_virtual_alias_reject_code = 554
    unknown_virtual_mailbox_reject_code = 554
    unverified_recipient_reject_code = 554
    unverified_sender_reject_code = 554
    smtpd_recipient_restrictions =
    permit_mynetworks
    permit_tls_all_clientcerts
    permit_sasl_authenticated
    warn_if_reject reject_non_fqdn_helo_hostname
    warn_if_reject reject_unknown_helo_hostname
    warn_if_reject reject_unknown_client
    warn_if_reject reject_unverified_sender
    warn_if_reject reject_rhsbl_sender dsn.rfc-ignorant.org
    warn_if_reject reject_rhsbl_sender abuse.rfc-ignorant.org
    warn_if_reject reject_rhsbl_sender whois.rfc-ignorant.org
    warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org
    warn_if_reject reject_rhsbl_sender postmaster.rfc-ignorant.org
    reject_unauth_destination
    reject_invalid_helo_hostname
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unknown_sender_domain
    reject_unknown_recipient_domain
    reject_unverified_recipient
    reject_unauth_pipelining
    reject_rbl_client multi.uribl.com
    reject_rbl_client dul.dnsbl.sorbs.net
    reject_rbl_client sbl-xbl.spamhaus.org
    reject_rbl_client dnsbl.sorbs.net
    reject_rbl_client ix.dnsbl.manitu.net
    reject_rbl_client combined.rbl.msrbl.net
    reject_rbl_client rabl.nuclearelephant.com
    reject_rbl_client cbl.abuseat.org
    reject_rbl_client sbl.spamhaus.org
    reject_rbl_client bl.spamcop.net
    reject_rbl_client dnsbl.sorbs.net=127.0.0.2
    reject_rbl_client dnsbl.sorbs.net=127.0.0.3
    reject_rbl_client dnsbl.sorbs.net=127.0.0.4
    reject_rbl_client dnsbl.sorbs.net=127.0.0.5
    reject_rbl_client dnsbl.sorbs.net=127.0.0.7
    reject_rbl_client dnsbl.sorbs.net=127.0.0.9
    reject_rbl_client dnsbl.sorbs.net=127.0.0.11
    reject_rbl_client dnsbl.sorbs.net=127.0.0.12
    permit
    smtpd_data_restrictions =
    reject_unauth_pipelining,
    reject_multi_recipient_bounce,
    permit
    sample_directory = /usr/share/doc/packages/postfix/samples
    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    html_directory = /usr/share/doc/packages/postfix/html
    manpage_directory = /usr/share/man


    here is master.cfg

    #
    # Postfix master process configuration file. For details on the format
    # of the file, see the Postfix master(5) manual page.
    #
    # ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ==========================================================================
    smtp inet n - n - - smtpd
    #submission inet n - n - - smtpd
    # -o smtpd_etrn_restrictions=reject
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
    # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
    #submission inet n - n - - smtpd
    # -o smtpd_etrn_restrictions=reject
    # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
    #628 inet n - n - - qmqpd
    pickup fifo n - n 60 1 pickup
    cleanup unix n - n - 0 cleanup
    qmgr fifo n - n 300 1 qmgr
    #qmgr fifo n - n 300 1 oqmgr
    tlsmgr unix - - n 1000? 1 tlsmgr
    rewrite unix - - n - - trivial-rewrite
    bounce unix - - n - 0 bounce
    defer unix - - n - 0 bounce
    trace unix - - n - 0 bounce
    verify unix - - n - 1 verify
    flush unix n - n 1000? 0 flush
    proxymap unix - - n - - proxymap
    smtp unix - - n - - smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay unix - - n - - smtp
    -o fallback_relay=
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n - n - - showq
    error unix - - n - - error
    discard unix - - n - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - n - - lmtp
    anvil unix - - n - 1 anvil
    #localhost:10025 inet n - n - - smtpd -o content_filter=
    scache unix - - n - 1 scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent. See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
    cyrus unix - n n - - pipe
    user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    uucp unix - n n - - pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    ifmail unix - n n - - pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix - n n - - pipe
    flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
    procmail unix - n n - - pipe
    flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
    dovecot unix - n n - - pipe
    flags=DRhu user= vmail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)

    smtp-amavis unix - - n - 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    127.0.0.1:10025 inet n - n - - smtpd
    -o content_filter=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtp_data_restrictions=reject_unauth_pipelining
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtp_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o smtpd_milters=
    -o local_header_rewrite_clients=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
    retry unix - - n - - error
    proxywrite unix - - n - 1 proxymap
     
    Last edited: Jul 1, 2009
  2. aberrio

    aberrio New Member

    Hello,

    Any ideas?

    regards,


    Al
     
  3. Tezux

    Tezux New Member

    So there is no trace of any messages been sent to you in the mail log file at all??
    have you tried sending a mail to root? Did it work ok?
    maybe post your log file
     
  4. falko

    falko Super Moderator

    Are there any errors in your mail log when you send a mail to the server?
     
  5. aberrio

    aberrio New Member

    Hello Falko,

    There are no error, no warning, The message is not even queue. DNS is resolving accordingly. I am able to send but not receive, when I send email I am able to see infomration on the queue. Monit, logwatch and chkrootkit are able to send email to the admin, but not from outside.

    I am getting this message on the sender side.

    Delivery attempt history for your mail:

    Wed, 1 Jul 2009 16:37:19 -0500 (CDT)
    TCP active open: Failed connect() Error: Connection refused

    Wed, 1 Jul 2009 08:37:19 -0500 (CDT)
    TCP active open: Failed connect() Error: Connection refused

    Wed, 1 Jul 2009 00:37:19 -0500 (CDT)
    TCP active open: Failed connect() Error: Connection refused

    Tue, 30 Jun 2009 22:37:19 -0500 (CDT)
    TCP active open: Failed connect() Error: Connection refused

    Tue, 30 Jun 2009 21:37:19 -0500 (CDT)
    TCP active open: Failed connect() Error: Connection refused

    Tue, 30 Jun 2009 20:37:05 -0500 (CDT)
    TCP active open: Failed connect() Error: Connection refused

    The mail system will continue to try to deliver your message
    for an additional 2 days.


    Regads,

    AL
     
    Last edited: Jul 2, 2009
  6. Tezux

    Tezux New Member

    have you checked if your isp is maybe blocking it? Maybe they weren't before but now have changed there conditions or something like that.
    How have you set up the DNS records? Has something possibly changed here that could be causing this issue? Im guessing your Public IP Address and Private IP addresses have not changed aswell right?
    Check these (I dont know what OS you are using so may have to change these commands)
    /etc/hosts
    /etc/network/interfaces

    im guessing you have checked the MX records using dig MX yourdomain.com
     
  7. aberrio

    aberrio New Member

    Hello,

    MX record good, DNS resolving accordingly, I have static IP. I can telnet localhost 25 but i can not connect from outside. Port 25 is not block. Service Postfix is active with firewall.

    Any other sugestion?
     
  8. falko

    falko Super Moderator

    What are the outputs of
    Code:
    netstat -tap
    and
    Code:
    iptables -L
    ?
     
  9. aberrio

    aberrio New Member

    Here

    mail:~ # netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:imaps *:* LISTEN 2350/dovecot
    tcp 0 0 *op3s *:* LISTEN 2350/dovecot
    tcp 0 0 localhost:10024 *:* LISTEN 7104/amavisd (maste
    tcp 0 0 localhost:10025 *:* LISTEN 11201/master
    tcp 0 0 *:mysql *:* LISTEN 2179/mysqld
    tcp 0 0 localhost:dyna-access *:* LISTEN 2481/clamd
    tcp 0 0 *op3 *:* LISTEN 2350/dovecot
    tcp 0 0 *:sunrpc *:* LISTEN 2533/portmap
    tcp 0 0 *:imap *:* LISTEN 2350/dovecot
    tcp 0 0 *:ndmp *:* LISTEN 2618/perl
    tcp 0 0 mail.tchosting.n:domain *:* LISTEN 2420/named
    tcp 0 0 mail.tchosting.n:domain *:* LISTEN 2420/named
    tcp 0 0 localhost:domain *:* LISTEN 2420/named
    tcp 0 0 *:munin *:* LISTEN 2189/munin-node
    tcp 0 0 *:ssh *:* LISTEN 2292/sshd
    tcp 0 0 localhost:ipp *:* LISTEN 2587/cupsd
    tcp 0 0 mail.tchosting.net:smtp *:* LISTEN 11201/master
    tcp 0 0 mail.tchosting.net:smtp *:* LISTEN 11201/master
    tcp 0 0 localhost:smtp *:* LISTEN 11201/master
    tcp 0 0 localhost:953 *:* LISTEN 2420/named
    tcp 0 0 *:atmtcp *:* LISTEN 2344/monit
    tcp 0 3112 mail.tchosting.net:ssh c-67-175-83-229:noadmin ESTABLISHED 9819/0
    tcp 0 0 *:www-http *:* LISTEN 3054/httpd2-prefork
    tcp 0 0 *:domain *:* LISTEN 2420/named
    tcp 0 0 *:ssh *:* LISTEN 2292/sshd
    tcp 0 0 localhost:ipp *:* LISTEN 2587/cupsd
    tcp 0 0 localhost:smtp *:* LISTEN 11201/master
    tcp 0 0 localhost:953 *:* LISTEN 2420/named
    tcp 0 0 *:https *:* LISTEN 3054/httpd2-prefork


    mail:~ # iptables -L
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state ESTABLISHED
    ACCEPT icmp -- anywhere anywhere state RELATED
    input_ext all -- anywhere anywhere
    input_ext all -- anywhere anywhere
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
    DROP all -- anywhere anywhere
    Chain FORWARD (policy DROP)
    target prot opt source destination
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
    Chain forward_ext (0 references)
    target prot opt source destination
    Chain input_ext (2 references)
    target prot opt source destination
    DROP all -- anywhere anywhere PKTTYPE = broadcast
    ACCEPT icmp -- anywhere anywhere icmp source-quench
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ndmp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:atmtcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:atmtcp
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:dyna-access flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:dyna-access
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:munin flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:munin
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:domain
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:http
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:https flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:https
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imap flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:imap
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imaps flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:mysql flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:pop3 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:pop3s flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:http
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:https flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:https
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:mysql flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:urd flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:urd
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp-data flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
    ACCEPT udp -- anywhere anywhere udp dpt:domain
    ACCEPT udp -- anywhere anywhere udp dpt:http
    ACCEPT udp -- anywhere anywhere udp dpt:https
    ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
    reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
    DROP all -- anywhere anywhere PKTTYPE = multicast
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
    LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
    DROP all -- anywhere anywhere
    Chain reject_func (1 references)
    target prot opt source destination
    REJECT tcp -- anywhere anywhere reject-with tcp-reset
    REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
    REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
     
  10. falko

    falko Super Moderator

    What happens when you disable the firewall? Does it work then?
     
  11. aberrio

    aberrio New Member

    Nope, same problem, Does Amavis has to do anything with conecting to the server?

    Something that I noticed is that the for a reason postfix connect and disconnect every 2 minuts...

    Jul 4 20:02:54 mail postfix/smtpd[30733]: connect from localhost[127.0.0.1]
    Jul 4 20:02:54 mail postfix/smtpd[30733]: disconnect from localhost[127.0.0.1]
    Jul 4 20:04:16 mail postfix/smtpd[30733]: connect from localhost[127.0.0.1]
    Jul 4 20:04:54 mail postfix/smtpd[30749]: connect from localhost[127.0.0.1]
    Jul 4 20:04:54 mail postfix/smtpd[30749]: disconnect from localhost[127.0.0.1]
    Jul 4 20:05:03 mail postfix/smtpd[30733]: disconnect from localhost[127.0.0.1]
    Jul 4 20:06:54 mail postfix/smtpd[30795]: connect from localhost[127.0.0.1]
    Jul 4 20:06:54 mail postfix/smtpd[30795]: disconnect from localhost[127.0.0.1]
    Jul 4 20:08:55 mail postfix/smtpd[30824]: connect from localhost[127.0.0.1]
    Jul 4 20:08:55 mail postfix/smtpd[30824]: disconnect from localhost[127.0.0.1]
    Jul 4 20:10:56 mail postfix/smtpd[30866]: connect from localhost[127.0.0.1]
    Jul 4 20:10:56 mail postfix/smtpd[30866]: disconnect from localhost[127.0.0.1]

    Regads

    AL
     
    Last edited: Jul 5, 2009
  12. aberrio

    aberrio New Member

    Hello,

    I fixed this issues. I remove localhost from inet_interfaces and add 127.0.0.1.

    Does this will have any implication on security latter?

    Best regards,

    AL
     
    Last edited: Jul 5, 2009
  13. Tezux

    Tezux New Member

    127.0.0.1 is localhost, there the same thing, so you haven't really changed anything. Thats weird how that fixed your problem
    Are you sure your /etc/hosts file is correctly configured? Do you have 127.0.0.1 in there aswell? Just curious

    As for it being a security issue, considering its the same thing as before I can't see how it could be, correct me if im wrong though?

    What gave you the idea that was the problem? What OS are you using by the way?

    I would love to see your /etc/hosts file config if you dont mind sharing

    Anyway its cool you got it working, great job;)
     
  14. aberrio

    aberrio New Member

    I know that was weird but is working now, I amble to telnet port 25 and I can see transaction on the queue. This configuration works for more that a year with out problem. I move my server my ISP give me a new set of IP and since that time my master and main file corrupted so I restore my backup but server did not works since.

    I was able to receive email locally from monit and rootkit and able to send email, but not from external IP.

    I change 127.0.0.0 in my host file but postfix complaint, so I decide to change in the main cfg.


    Here is my host file

    #
    # hosts This file describes a number of hostname-to-address
    # mappings for the TCP/IP subsystem. It is mostly
    # used at boot time, when no name servers are running.
    # On small systems, this file can be used instead of a
    # "named" name server.
    # Syntax:
    #
    # IP-Address Full-Qualified-Hostname Short-Hostname
    #
    127.0.0.1 localhost

    # special IPv6 addresses
    ::1 localhost ipv6-localhost ipv6-loopback
    fe00::0 ipv6-localnet
    ff00::0 ipv6-mcastprefix
    ff02::1 ipv6-allnodes
    ff02::2 ipv6-allrouters
    ff02::3 ipv6-allhosts
    zz.zzz.zz.zz mail.xxxxxxx.net mail
    127.0.0.2 mail.xxxxxxx.net mail
     
  15. Tezux

    Tezux New Member

    Have you tried changing the hosts file to something like this (changes in bold) and removing the last line at the bottom altogether which, why is it also stating localhost as 127.0.0.2 but at the top as 127.0.0.1? Wouldn't it be better to just keep it as 127.0.0.1 throughout ? Or do you have a need for this like that?


    #
    # hosts This file describes a number of hostname-to-address
    # mappings for the TCP/IP subsystem. It is mostly
    # used at boot time, when no name servers are running.
    # On small systems, this file can be used instead of a
    # "named" name server.
    # Syntax:
    #
    # IP-Address Full-Qualified-Hostname Short-Hostname
    #
    127.0.0.1 localhost.localdomain localhost

    # special IPv6 addresses
    ::1 localhost ipv6-localhost ipv6-loopback
    fe00::0 ipv6-localnet
    ff00::0 ipv6-mcastprefix
    ff02::1 ipv6-allnodes
    ff02::2 ipv6-allrouters
    ff02::3 ipv6-allhosts
    zz.zzz.zz.zz mail.xxxxxxx.net mail
    127.0.0.2 mail.xxxxxxx.net mail <<<<< Why is this line needed at all??
     
  16. aberrio

    aberrio New Member

    I believe that line was added when I installed Amavis.

    Regards,

    AL
     
  17. Tezux

    Tezux New Member

    So if you remove it and then change the inet config back to normal are all your problems solved?
     

Share This Page