Centos 7 postfix connection refused error

Discussion in 'Server Operation' started by cyberwatchers, Feb 16, 2015.

  1. cyberwatchers

    cyberwatchers New Member

    RESOLVED SEE BELOW

    I have installed Centos 7. brief network layout:
    centos 7 is on 10.1.1.0 network - server name = zenoss
    dc (domain controller) 10.1.1.5 (see logs)
    mail server is on 172.16.1.0 network - server name = mail
    relay server is on 172.16.10.0 network
    any any rule applies between said networks for now

    External MX mail.cyberwatchers.com
    Internal Domain = cyberwatchers.local
    currently my centos 7 box CAN send out logwatch mail as I am getting them every morning. they are send out using [email protected] via the logwatch.conf file. Why I am getting the below errors: root attempting to send to my email using .local vs .com I do not know. I see zenoss is trying to use domain.local (10.1.1.5) my domain controller for email delivery. I am not sure why this is. see below...
    ISSUE:
    This morning I awoke and checked those logs and see 16 deferred postfix emails. when looking at the logs on my centos server:

    Feb 15 18:26:33 zenoss postfix/qmgr[25573]: C14C780D3559: from=<[email protected]>, size=2817, nrcpt=1 (queue active)
    Feb 15 18:26:33 zenoss postfix/qmgr[25573]: BA50080D355B: from=<[email protected]>, size=2837, nrcpt=1 (queue active)
    Feb 15 18:26:33 zenoss postfix/qmgr[25573]: 8EEA880D3560: from=<[email protected]>, size=2837, nrcpt=1 (queue active)
    Feb 15 18:26:33 zenoss postfix/qmgr[25573]: 2214A80D3561: from=<[email protected]>, size=2817, nrcpt=1 (queue active)
    Feb 15 18:26:33 zenoss postfix/smtp[25606]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused
    Feb 15 18:26:33 zenoss postfix/smtp[25607]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused
    Feb 15 18:26:33 zenoss postfix/smtp[25609]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused
    Feb 15 18:26:33 zenoss postfix/smtp[25611]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused
    Feb 15 18:26:33 zenoss postfix/smtp[25606]: C14C780D3559: to=<[email protected]>, relay=none, delay=35091, delays=35091/0.02/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused)
    Feb 15 18:26:33 zenoss postfix/smtp[25607]: BA50080D355B: to=<[email protected]>, relay=none, delay=34925, delays=34925/0.02/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused)
    Feb 15 18:26:33 zenoss postfix/smtp[25609]: 8EEA880D3560: to=<[email protected]>, relay=none, delay=11040, delays=11040/0.03/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused)
    Feb 15 18:26:33 zenoss postfix/smtp[25611]: 2214A80D3561: to=<[email protected]>, relay=none, delay=10921, delays=10921/0.03/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused)

    It would seem I need to add my relay server which is on the 172 network so the postfix config am I correct? If that is so can you please give me a few examples as to how I can do this? I am sending logs from logwatch from a few other linux machines using .com and I am sure they are going outside my network. but I am not getting errors on those boxes like I am this one. The other boxes are using sendmail not postfix. CentOS 7 came with postfix. I would like to correct my security issue correctly thanks in advance.

    side note:
    currently I have OSSEC configured to use my internal relay server, (172.16.10.2) which forwards to my internal mail server just fine. My Firewall also forwards syslog msg's to relay also which then goes to my mail server also. I would like logwatch msg's to be forwarded to the relay then to the mail server.

    what works:
    OSSEC and my firewall logs get forwarded to my relay server, my relay server then using sendmail.mc file:
    define(`SMART_HOST', `mail.cyberwatchers.local')
    then gets forwarded to my mail server. this is done without ever having to go outside my network. Now I am currently sending my logwatch logs to mail.cyberwatchers.com and this is working. However I am getting the errors. I would prefer to send them like I do using the relay.


    here is my postconf -n (I have attempted following some guides but I ended up breaking the conf file uninstalling and reinstalling.) root@zenoss postfix]#
    postconf -n
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    debug_peer_level = 2
    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
    html_directory = no
    inet_interfaces = localhost
    inet_protocols = all
    mail_owner = postfix
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    mydestination = $myhostname, localhost.$mydomain, localhost
    newaliases_path = /usr/bin/newaliases.postfix
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
    sample_directory = /usr/share/doc/postfix-2.10.1/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    unknown_local_recipient_reject_code = 550
    ############################
    !!! RESOLVED !!!
    I created an ALIAS on my DNS (domain controller) called relay.cyberwatchers.local pointing it to the relay server 172.16.10.2.

    I edited two parts of the main.cfg file:
    mydestination = relay.cyberwatchers.com, relay.cyberwatchers.local #dont think I need the .com one
    relayhost = relay.cyberwatchers.local
    #############################
    I have not gotten the above error messages since. Strange but I did get this strand ONCE about an hour after the fix and nothing more.
    Feb 16 19:58:01 zenoss postfix/qmgr[2902]: C14C780D3559: from=<[email protected]>, size=2817, nrcpt=1 (queue active)
    Feb 16 19:58:01 zenoss postfix/smtp[3322]: C14C780D3559: to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=126979, delays=126979/0.04/0.05/0.07, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1ta019781 Message accepted for delivery)

    Feb 16 19:58:01 zenoss postfix/qmgr[2902]: C14C780D3559: removed

    Feb 16 19:58:01 zenoss postfix/smtp[3323]: BA50080D355B: to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=126813, delays=126813/0.02/0.05/0.08, dsn=2.0.0, status=sent (250 2.0.0 t1H0w14E019782 Message accepted for delivery)

    Feb 16 19:58:01 zenoss postfix/qmgr[2902]: BA50080D355B: removed

    Feb 16 19:58:01 zenoss postfix/smtp[3325]: 8EEA880D3560: to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=102928, delays=102928/0.03/0.05/0.09, dsn=2.0.0, status=sent (250 2.0.0 t1H0w19X019784 Message accepted for delivery)

    Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 8EEA880D3560: removed

    Feb 16 19:58:01 zenoss postfix/smtp[3326]: 2214A80D3561: to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=102809, delays=102809/0.04/0.05/0.09, dsn=2.0.0, status=sent (250 2.0.0 t1H0w14I019785 Message accepted for delivery)

    Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 2214A80D3561: removed

    Feb 16 19:58:01 zenoss postfix/smtp[3324]: 0E7D380D355C: to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=103853, delays=103853/0.03/0.06/0.11, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1rY019783 Message accepted for delivery)

    Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 0E7D380D355C: removed

    Feb 16 19:58:01 zenoss postfix/smtp[3322]: 2E2727B80D: to=<[email protected]>, orig_to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=25581, delays=25581/0.14/0.08/0.05, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1eS019793 Message accepted for delivery)

    Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 2E2727B80D: removed

    Feb 16 19:58:01 zenoss postfix/smtp[3327]: 1B1CD7B808: to=<[email protected]>, orig_to=<[email protected]>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=25809, delays=25809/0.13/0.08/0.07, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1Wj019792 Message accepted for delivery)

    Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 1B1CD7B808: removed

    Feb 16 20:01:01 zenoss systemd: Starting Session 3 of user root.

    Feb 16 20:01:01 zenoss systemd: Started Session 3 of user root.

    Feb 16 20:01:01 zenoss CROND[3332]: (root) CMD (run-parts /etc/cron.hourly)

    Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3332 starting 0anacron

    Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3341 finished 0anacron

    Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3332 starting 0yum-hourly.cron

    Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3347 finished 0yum-hourly.cron

    Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: start interval Feb 16 19:58:01

    Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: domain lookup hits=0 miss=2 success=0%

    Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: address lookup hits=0 miss=2 success=0%

    Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: max simultaneous domains=1 addresses=1 connection=2

    IF ANYONE WANTS TO COMMENT OR HAS ANY INPUT OR ISSUES WITH THIS FIX PLEASE LET ME KNOW AS I WOULD LIKE TO SET THIS UP RIGHT. SEEMS TO BE WORKING FINE. THANKS.
     
    Last edited: Feb 17, 2015
    cyberwatchers, Feb 16, 2015
    #1

Share This Page