Trying to find where [email protected] is located

360bladez · Aug 28, 2014

Hey

Finished the The perfect server centos 6.4 guide a few days ago
Now im trying to configure mail

On my mail logs it shows

Code:

postfix/qmgr[911]: 67BA546E5AAA: from=<[email protected]>, size=4763, nrcpt=1 (queue active)
Aug 28 21:04:39 www postfix/qmgr[911]: 850E246E5AB9: from=<[email protected]>, size=3372, nrcpt=1 (queue active)
Aug 28 21:04:39 www postfix/qmgr[911]: 251B946E5ABE: from=<[email protected]>, size=3283, nrcpt=1 (queue active)
Aug 28 21:04:39 www postfix/qmgr[911]: 05F1646E440B: from=<[email protected]>, size=643, nrcpt=1 (queue active)
Aug 28 21:04:39 www postfix/qmgr[911]: 461F546E5AB5: from=<[email protected]>, size=3196, nrcpt=1 (queue active)
Aug 28 21:04:39 www postfix/qmgr[911]: B92C346E5A9A: from=<[email protected]>, size=3441, nrcpt=1 (queue active)

Code:

Aug 28 21:05:39 www postfix/smtp[20709]: 05F1646E440B: to=<[email protected]>, relay=none, delay=134664, delays=134603/0.03/60/0, dsn=4.4.1, status=deferred (connect to example.com[93.184.216.119]:25: Connection timed out)

I have edited the fail2ban configs files to email me on
ban sasl, ssh
But I can find where these configs are

MY /etc/fail2ban/jail.local
does not have a postfix section other then sasl
I dont know where else to look

Anyone have any ideas ?

till · Aug 28, 2014

Check /etc/postfix/main.cf and /etc/mailname

360bladez · Aug 28, 2014

Thanks for the response

I dont have /etc/mailname

I am trying to look through my main.cf and I am not seeing what is linking it
I am going to post my main.cf, could you please take a look

till · Aug 29, 2014

Do the command:

hostname

or

hostname -f

return example.com?

360bladez · Aug 29, 2014

Both return my correct hostname

till · Aug 29, 2014

try

grep -r example.com /etc

to see if there is any config file that includes that domain name.

360bladez · Aug 29, 2014

Code:

/etc/httpd/conf.d/webalizer.conf:    # Allow from .example.com
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
/etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
/etc/httpd/conf/httpd.conf:# Redirect permanent /foo http://www.example.com/bar
/etc/httpd/conf/httpd.conf:#ErrorDocument 402 http://www.example.com/subscription_info.html
/etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
/etc/httpd/conf/httpd.conf:#    Allow from .example.com
/etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
/etc/httpd/conf/httpd.conf:#    Allow from .example.com
/etc/httpd/conf/httpd.conf:#    Allow from .example.com
/etc/httpd/conf/httpd.conf:#    ServerAdmin [email protected]
/etc/httpd/conf/httpd.conf:#    DocumentRoot /www/docs/dummy-host.example.com
/etc/httpd/conf/httpd.conf:#    ServerName dummy-host.example.com
/etc/httpd/conf/httpd.conf:#    ErrorLog logs/dummy-host.example.com-error_log
/etc/httpd/conf/httpd.conf:#    CustomLog logs/dummy-host.example.com-access_log common
grep: /etc/udev/devices/ptyaf: No such device or address
grep: /etc/udev/devices/ptyac: No such device or address

This doesnt seem to search all folders only that one
Trying to look through all the files again to see if I missed something
Any other ideas please let me know
Thanks again!

till · Aug 29, 2014

Nothing related to fail2ban. Then I dont know where else it can come from. Did you restart the server to ensure that all services use the latest settings from conf files?

360bladez · Aug 29, 2014

I dont know if you seen my edited reply
That command only seems to be scanning that one folder

if i do grep -r example.com /etc/fail2ban

Code:

/etc/fail2ban/jail.local:           sendmail-whois[name=ProFTPD, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=GSSFTPd, [email protected]]
/etc/fail2ban/jail.local:              sendmail-whois[name=SSH, [email protected]]
/etc/fail2ban/jail.local:           sendmail[name=Postfix, [email protected]]
/etc/fail2ban/jail.local:action   = sendmail-whois[name=VSFTPD, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=VSFTPD, [email protected]]
/etc/fail2ban/jail.local:           sendmail-buffered[name=BadBots, lines=5, [email protected]]
/etc/fail2ban/jail.local:           sendmail[name=Postfix, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=openwebmail, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name="SSH,IPFW", [email protected]]
/etc/fail2ban/jail.local:#            sendmail-whois[name=Named, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=Named, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=MySQL, dest=root, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"]
/etc/fail2ban/jail.local:           blocklist_de[email="[email protected]", apikey="xxxxxx", service=%(filter)s]
/etc/fail2ban/jail.local:           sendmail-whois[name=Nagios, [email protected], [email protected], sendername="Fail2Ban"]
/etc/fail2ban/action.d/complain.conf:#              -c [email protected]
/etc/fail2ban/action.d/complain.conf:#              -- -f [email protected]
/etc/fail2ban/action.d/mynetwatchman.conf:# mnwlogin = [email protected]
/etc/fail2ban/action.d/dshield.conf:#              -c [email protected]
/etc/fail2ban/action.d/dshield.conf:#              -- -f [email protected]
/etc/fail2ban/jail.conf:           sendmail-whois[name=ProFTPD, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=GSSFTPd, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=sasl, [email protected]]
/etc/fail2ban/jail.conf:              sendmail-whois[name=SSH, [email protected]]
/etc/fail2ban/jail.conf:           sendmail[name=Postfix, [email protected]]
/etc/fail2ban/jail.conf:action   = sendmail-whois[name=VSFTPD, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=VSFTPD, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-buffered[name=BadBots, lines=5, [email protected]]
/etc/fail2ban/jail.conf:           sendmail[name=Postfix, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=openwebmail, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name="SSH,IPFW", [email protected]]
/etc/fail2ban/jail.conf:#            sendmail-whois[name=Named, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=Named, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=MySQL, dest=root, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"]
/etc/fail2ban/jail.conf:           blocklist_de[email="[email protected]", apikey="xxxxxx", service=%(filter)s]
/etc/fail2ban/jail.conf:           sendmail-whois[name=Nagios, [email protected], [email protected], sendername="Fail2Ban"]

Now I looked over these 2 files, Only 2 are set 2 true and they have my personal email address set

hmm restarting might of worked.... I thought i restarted like 10 times since this issue began happening....going to give it a few hours and see
nvm its back

Code:

ug 29 22:40:03 www postfix/smtpd[1146]: connect from localhost[::1]
Aug 29 22:40:03 www postfix/smtpd[1146]: lost connection after CONNECT from localhost[::1]
Aug 29 22:40:03 www postfix/smtpd[1146]: disconnect from localhost[::1]
Aug 29 22:40:03 www dovecot: pop3-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured
Aug 29 22:40:03 www dovecot: imap-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured
Aug 29 22:40:22 www postfix/scache[1024]: statistics: start interval Aug 29 22:37:00
Aug 29 22:40:22 www postfix/scache[1024]: statistics: domain lookup hits=0 miss=1 success=0%
Aug 29 22:40:22 www postfix/scache[1024]: statistics: address lookup hits=0 miss=1 success=0%
Aug 29 22:40:22 www postfix/scache[1024]: statistics: max simultaneous domains=1 addresses=1 connection=1
Aug 29 22:41:50 www postfix/qmgr[908]: 2DC6E46E5AAF: from=<[email protected]>, size=3196, nrcpt=1 (queue active)
Aug 29 22:41:50 www postfix/qmgr[908]: 464A046E5AA4: from=<[email protected]>, size=2829, nrcpt=1 (queue active)
Aug 29 22:42:02 www postfix/smtpd[1039]: timeout after END-OF-MESSAGE from unknown[127.0.0.1]
Aug 29 22:42:02 www postfix/smtpd[1039]: disconnect from unknown[127.0.0.1]
Aug 29 22:42:05 www postfix/smtpd[1022]: timeout after END-OF-MESSAGE from unknown[127.0.0.1]
Aug 29 22:42:05 www postfix/smtpd[1022]: disconnect from unknown[127.0.0.1]
Aug 29 22:42:20 www postfix/smtp[1282]: connect to example.com[2606:2800:220:6d:26bf:1447:1097:aa7]:25: Connection timed out
Aug 29 22:42:20 www postfix/smtp[1283]: connect to example.com[2606:2800:220:6d:26bf:1447:1097:aa7]:25: Connection timed out
Aug 29 22:42:50 www postfix/smtp[1282]: connect to example.com[93.184.216.119]:25: Connection timed out
Aug 29 22:42:50 www postfix/smtp[1283]: connect to example.com[93.184.216.119]:25: Connection timed out
Aug 29 22:42:50 www postfix/smtp[1282]: 2DC6E46E5AAF: to=<[email protected]>, relay=none, delay=198125, delays=198064/0.01/60/0, dsn=4.4.1, status=deferred (connect to example.com[93.184.216.119]:25: Connection timed out)
Aug 29 22:42:50 www postfix/smtp[1283]: 464A046E5AA4: to=<[email protected]>, relay=none, delay=203910, delays=203850/0.01/60/0, dsn=4.4.1, status=deferred (connect to example.com[93.184.216.119]:25: Connection timed out)
Aug 29 22:45:02 www dovecot: imap-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured
Aug 29 22:45:02 www postfix/smtpd[1385]: connect from localhost[::1]
Aug 29 22:45:02 www postfix/smtpd[1385]: lost connection after CONNECT from localhost[::1]
Aug 29 22:45:02 www postfix/smtpd[1385]: disconnect from localhost[::1]
Aug 29 22:45:02 www dovecot: pop3-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured

Code:

/etc/amavisd/amavisd.conf:# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!
/etc/amavisd/amavisd.conf:# '[email protected]'  => [{'[email protected]' => 10.0}],
/etc/amavisd/amavisd.conf:# '[email protected]'  => [{'.ebay.com'                 => -3.0}],
/etc/amavisd/amavisd.conf:# '[email protected]'  => [{'[email protected]' => -7.0,
/etc/amavisd/amavisd.conf~:$mydomain = 'example.com';   # a convenient default for other settings
/etc/amavisd/amavisd.conf~:# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!
/etc/amavisd/amavisd.conf~:# '[email protected]'  => [{'[email protected]' => 10.0}],
/etc/amavisd/amavisd.conf~:# '[email protected]'  => [{'.ebay.com'                 => -3.0}],
/etc/amavisd/amavisd.conf~:# '[email protected]'  => [{'[email protected]' => -7.0,
/etc/dovecot/conf.d/auth-static.conf.ext:#  args = proxy=y host=%1Mu.example.com nopassword=y
/etc/dovecot/dovecot-sql.conf:#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
/etc/dovecot-sql.conf:#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
/etc/fail2ban/jail.local:           sendmail-whois[name=ProFTPD, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=GSSFTPd, [email protected]]
/etc/fail2ban/jail.local:              sendmail-whois[name=SSH, [email protected]]
/etc/fail2ban/jail.local:           sendmail[name=Postfix, [email protected]]
/etc/fail2ban/jail.local:action   = sendmail-whois[name=VSFTPD, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=VSFTPD, [email protected]]
/etc/fail2ban/jail.local:           sendmail-buffered[name=BadBots, lines=5, [email protected]]
/etc/fail2ban/jail.local:           sendmail[name=Postfix, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=openwebmail, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name="SSH,IPFW", [email protected]]
/etc/fail2ban/jail.local:#            sendmail-whois[name=Named, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=Named, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=MySQL, dest=root, [email protected]]
/etc/fail2ban/jail.local:           sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"]
/etc/fail2ban/jail.local:           blocklist_de[email="[email protected]", apikey="xxxxxx", service=%(filter)s]
/etc/fail2ban/jail.local:           sendmail-whois[name=Nagios, [email protected], [email protected], sendername="Fail2Ban"]
/etc/fail2ban/action.d/complain.conf:#              -c [email protected]
/etc/fail2ban/action.d/complain.conf:#              -- -f [email protected]
/etc/fail2ban/action.d/mynetwatchman.conf:# mnwlogin = [email protected]
/etc/fail2ban/action.d/dshield.conf:#              -c [email protected]
/etc/fail2ban/action.d/dshield.conf:#              -- -f [email protected]
/etc/fail2ban/jail.conf:           sendmail-whois[name=ProFTPD, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=GSSFTPd, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=sasl, [email protected]]
/etc/fail2ban/jail.conf:              sendmail-whois[name=SSH, [email protected]]
/etc/fail2ban/jail.conf:           sendmail[name=Postfix, [email protected]]
/etc/fail2ban/jail.conf:action   = sendmail-whois[name=VSFTPD, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=VSFTPD, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-buffered[name=BadBots, lines=5, [email protected]]
/etc/fail2ban/jail.conf:           sendmail[name=Postfix, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=openwebmail, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name="SSH,IPFW", [email protected]]
/etc/fail2ban/jail.conf:#            sendmail-whois[name=Named, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=Named, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=MySQL, dest=root, [email protected]]
/etc/fail2ban/jail.conf:           sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"]
/etc/fail2ban/jail.conf:           blocklist_de[email="[email protected]", apikey="xxxxxx", service=%(filter)s]
/etc/fail2ban/jail.conf:           sendmail-whois[name=Nagios, [email protected], [email protected], sendername="Fail2Ban"]
/etc/httpd/conf.d/webalizer.conf:    # Allow from .example.com
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
/etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
/etc/httpd/conf/httpd.conf:# Redirect permanent /foo http://www.example.com/bar
/etc/httpd/conf/httpd.conf:#ErrorDocument 402 http://www.example.com/subscription_info.html
/etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
/etc/httpd/conf/httpd.conf:#    Allow from .example.com
/etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
/etc/httpd/conf/httpd.conf:#    Allow from .example.com
/etc/httpd/conf/httpd.conf:#    Allow from .example.com
/etc/httpd/conf/httpd.conf:#    ServerAdmin [email protected]
/etc/httpd/conf/httpd.conf:#    DocumentRoot /www/docs/dummy-host.example.com
/etc/httpd/conf/httpd.conf:#    ServerName dummy-host.example.com
/etc/httpd/conf/httpd.conf:#    ErrorLog logs/dummy-host.example.com-error_log
/etc/httpd/conf/httpd.conf:#    CustomLog logs/dummy-host.example.com-access_log common
/etc/krb5.conf:  kdc = kerberos.example.com
/etc/krb5.conf:  admin_server = kerberos.example.com
/etc/krb5.conf: .example.com = EXAMPLE.COM
/etc/krb5.conf: example.com = EXAMPLE.COM
/etc/mail/virtusertable:# @foo.org      %[email protected]
/etc/mail/virtusertable:# old+*@foo.org new+%[email protected]
/etc/mail/virtusertable:# gen+*@foo.org %[email protected]
/etc/mail/virtusertable:# +*@foo.org    %1%[email protected]
/etc/mail/virtusertable:# [email protected]   Z%[email protected]
/etc/openldap/ldap.conf:#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
/etc/php.ini:; following the section heading [HOST=www.example.com] only apply to
/etc/php.ini:; PHP files served from www.example.com.  Directives set in these
/etc/php.ini:;sendmail_from = [email protected]
/etc/pki/dovecot/dovecot-openssl.cnf:# Common Name (*.example.com is also possible)
/etc/pki/dovecot/dovecot-openssl.cnf:CN=imap.example.com
/etc/pki/dovecot/dovecot-openssl.cnf:[email protected]
/etc/postfix/transport:#        In order to send mail for example.com and  its  subdomains
/etc/postfix/transport:#             example.com      uucp:example
/etc/postfix/transport:#             .example.com     uucp:example
/etc/postfix/transport:#        directs  mail  for [email protected] via the slow transport
/etc/postfix/transport:#        to a mail exchanger for example.com.  The  slow  transport
/etc/postfix/transport:#             example.com      slow:
/etc/postfix/transport:#        above).  The following sends all mail for example.com  and
/etc/postfix/transport:#        its subdomains to host gateway.example.com:
/etc/postfix/transport:#             example.com      :[gateway.example.com]
/etc/postfix/transport:#             .example.com     :[gateway.example.com]
/etc/postfix/transport:#        MX host for example.com.
/etc/postfix/transport:#             example.com      smtp:bar.example:2025
/etc/postfix/transport:#        This directs mail for [email protected] to host bar.example
/etc/postfix/transport:#             .example.com     error:mail for *.example.com is not deliverable
/etc/postfix/transport:#        This  causes  all mail for [email protected] to be
/etc/pure-ftpd/pureftpd-ldap.conf:LDAPServer ldap.example.com
grep: /etc/udev/devices/ptyaf: No such device or address
grep: /etc/udev/devices/ptyac: No such device or address

Log in or Sign up

Trying to find where [email protected] is located

360bladez New Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

360bladez New Member HowtoForge Supporter

Attached Files:

main.cf.txt

till Super Moderator Staff Member ISPConfig Developer

360bladez New Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

360bladez New Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

360bladez New Member HowtoForge Supporter

Share This Page

Log in or Sign up

Trying to find where [email protected] is located

360bladez New Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

360bladez New Member HowtoForge Supporter

Attached Files:

main.cf.txt

till Super Moderator Staff Member ISPConfig Developer

360bladez New Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

360bladez New Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

360bladez New Member HowtoForge Supporter

Share This Page

Useful Searches