EMAIL not working

I get this error message:

Reporting-MTA: dns; linuxserver.rdtech-online.com
X-Postfix-Queue-ID: 6913730EDD5
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Fri, 6 Jun 2008 12:32:18 -0700 (PDT)

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.4.4
Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error
for name=linuxserver.rdtech-online.com type=AAAA: Host not found


It was setup using the perfect setup for suse 10.3
Domain and everything tested fine. (using ispconfig and godaddy setup)

My other problem is that when I go to the domain name, it doesn't work (http://rdtech-online.com) but when I use www.rdtech-online.com, then it works. What could be the problem?

 

Please create an A record for linuxserver.rdtech-online.com:

Code:

mh1:~# dig linuxserver.rdtech-online.com

; <<>> DiG 9.3.4 <<>> linuxserver.rdtech-online.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14451
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;linuxserver.rdtech-online.com. IN      A

;; AUTHORITY SECTION:
rdtech-online.com.      3600    IN      SOA     ns1.syncrohost.com. paulsvang.hotmail.com. 2008060505 28800 7200 604800 86400

;; Query time: 456 msec
;; SERVER: 145.253.2.75#53(145.253.2.75)
;; WHEN: Sat Jun  7 12:06:18 2008
;; MSG SIZE  rcvd: 116

mh1:~#

Both are working fine for me.

 

Falko,

I appreciate the help. I'll try that out to see if it works. Both sites are working for me now(If shows the html IP Shared address page if I run the page from the server but from another computer, it works).

Domain is working. I'll test the email stuff again.

Thanks,

Paul

 

Okay so I've added an A record for linuxserver.rdtech-online.com in ISPCONFIG under DNS

Now heres the problem I'm getting. I'm sending the email from another computer with a different static IP. My server is on another static IP. Its saying that its looping back.

ERROR MESSAGE:

Reporting-MTA: dns; linuxserver.rdtech-online.com
X-Postfix-Queue-ID: 37FC030EE0C
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Sat, 7 Jun 2008 09:23:24 -0700 (PDT)

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail for linuxserver.rdtech-online.com loops back
to myself

 

Add linuxserver.rdtech-online.com to the bottom of /etc/postfix/local-host-names and restart Postfix.

 

I'll try that right now. Let me see if it will work.

 

Okay. It was added and I've tried it but ended with no results. Email got sent out and nothing came back. In Webmail, I didnt receive any thing. So I tried it reversed. I got into webmail and sent myselft something. It seems that that mail is lost somewhere. Weird.

What might be causing this?

Please advise

 

What's in your mail log now?

 

I think this is it (/var/log/mail) Is this the right location? I've just tried to send it to myself again and so I copied and paste the lower section of the mail log.





Jun 9 20:23:43 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:23:43 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:23:43 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:23:57 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:23:57 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:23:57 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:24:00 linuxserver postfix/smtpd[3597]: connect from bay0-omc3-s38.bay0.hotmail.com[65.54.246.238]
Jun 9 20:24:00 linuxserver postfix/smtpd[3597]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead
Jun 9 20:24:00 linuxserver postfix/smtpd[3597]: 9A8CF30ED6A: client=bay0-omc3-s38.bay0.hotmail.com[65.54.246.238]
Jun 9 20:24:00 linuxserver postfix/cleanup[3600]: 9A8CF30ED6A: message-id=<[email protected]>
Jun 9 20:24:00 linuxserver postfix/cleanup[3600]: 9A8CF30ED6A: message-id=<004c01c8caa8$c947c6e0$5bd754a0$@com>
Jun 9 20:24:00 linuxserver postfix/qmgr[17252]: 9A8CF30ED6A: from=<[email protected]>, size=3723, nrcpt=1 (queue active)
Jun 9 20:24:00 linuxserver postfix/local[3601]: 9A8CF30ED6A: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.16, delays=0.12/0/0/0.04, dsn=2.0.0, status=sent (delivered to mailbox)
Jun 9 20:24:00 linuxserver postfix/qmgr[17252]: 9A8CF30ED6A: removed
Jun 9 20:24:00 linuxserver postfix/smtpd[3597]: disconnect from bay0-omc3-s38.bay0.hotmail.com[65.54.246.238]
Jun 9 20:24:04 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:24:04 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:24:04 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:22 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:22 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:22 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:23 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:23 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:23 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:23 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:23 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:23 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:27 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:27 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:28 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=1
Jun 9 20:25:28 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:28 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:28 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:28 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:28 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:29 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=1
Jun 9 20:25:29 linuxserver pop3d: Connection, ip=[::ffff:10.1.10.140]
Jun 9 20:25:29 linuxserver pop3d: LOGIN, user=webmaster, ip=[::ffff:10.1.10.140]
Jun 9 20:25:29 linuxserver pop3d: LOGOUT, user=webmaster, ip=[::ffff:10.1.10.140], top=0, retr=0, rcvd=12, sent=39, time=0
Jun 9 20:25:31 linuxserver postfix/smtpd[3597]: connect from bay0-omc2-s24.bay0.hotmail.com[65.54.246.160]
Jun 9 20:25:31 linuxserver postfix/smtpd[3597]: 300C430ED6A: client=bay0-omc2-s24.bay0.hotmail.com[65.54.246.160]
Jun 9 20:25:31 linuxserver postfix/cleanup[3600]: 300C430ED6A: message-id=<[email protected]>
Jun 9 20:25:31 linuxserver postfix/cleanup[3600]: 300C430ED6A: message-id=<005601c8caa8$fd7fd970$f87f8c50$@com>
Jun 9 20:25:31 linuxserver postfix/qmgr[17252]: 300C430ED6A: from=<[email protected]>, size=3736, nrcpt=1 (queue active)
Jun 9 20:25:31 linuxserver postfix/local[3601]: 300C430ED6A: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.2, delays=0.17/0/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
Jun 9 20:25:31 linuxserver postfix/qmgr[17252]: 300C430ED6A: removed
Jun 9 20:25:31 linuxserver postfix/smtpd[3597]: disconnect from bay0-omc2-s24.bay0.hotmail.com[65.54.246.160]

 

having the same problem.

Everythings looking fine in the logs up till june 8th when my email stopped working.

Good looking code below.

Code:

Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun  8 21:47:47 node1 dovecot: pop3-login: Login: user=<web3_marketing>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun  8 21:47:47 node1 dovecot: pop3-login: Login: user=<web1_dev>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun  8 21:47:47 node1 dovecot: POP3(web3_marketing): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun  8 21:47:47 node1 dovecot: POP3(web1_dev): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun  8 21:47:47 node1 dovecot: pop3-login: Login: user=<web3_sales>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun  8 21:47:47 node1 dovecot: pop3-login: Login: user=<web1_fax>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun  8 21:47:47 node1 dovecot: POP3(web3_sales): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun  8 21:47:47 node1 dovecot: POP3(web1_fax): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun  8 21:47:48 node1 dovecot: pop3-login: Login: user=<web1_lalocation>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun  8 21:47:48 node1 dovecot: POP3(web1_lalocation): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0

Normal code there.

Then all of the sudden

Code:

Jun  8 21:53:45 node1 postfix/smtpd[30125]: connect from unknown[125.187.32.184]
Jun  8 21:53:46 node1 postfix/smtpd[30125]: setting up TLS connection from unknown[125.187.32.184]
Jun  8 21:53:47 node1 postfix/smtpd[30125]: TLS connection established from unknown[125.187.32.184]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jun  8 21:53:47 node1 postfix/smtpd[30125]: DAF461438079: client=unknown[125.187.32.184]
Jun  8 21:53:48 node1 postfix/cleanup[30129]: DAF461438079: message-id=<[email protected]>
Jun  8 21:53:48 node1 postfix/qmgr[30238]: DAF461438079: from=<[email protected]>, size=1938, nrcpt=1 (queue active)
Jun  8 21:53:48 node1 postfix/local[30132]: DAF461438079: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=1.2, delays=1.2/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Jun  8 21:53:48 node1 postfix/qmgr[30238]: DAF461438079: removed
Jun  8 21:53:49 node1 postfix/smtpd[30125]: disconnect from unknown[125.187.32.184]

research on 125.187.32.184 shows its some IP in korea
http://bsn.borderware.com/lookup.php?ip=125.187.32.184

Now this is the error message i recieve start recieving right after this hack on me.

Code:

Jun  8 21:57:09 node1 postfix/anvil[30127]: statistics: max connection rate 1/60s for (smtp:125.187.32.184) at Jun  8 21:53:45
Jun  8 21:57:09 node1 postfix/anvil[30127]: statistics: max connection count 1 for (smtp:125.187.32.184) at Jun  8 21:53:45
Jun  8 21:57:09 node1 postfix/anvil[30127]: statistics: max cache size 1 at Jun  8 21:53:45

Several questions.

Im not recieving emails after this apparant. Are they stealing emails?

What security hole in the TLS did they use for postfix?
How did they establish a connection so easily?

My RSA encryption is alphanumeric surely they would have had to try more then one time to brute force a TLS connection so this couldnt be a brute forced connection right?

How can i check my TLS security and settings?

What is (Postfix / Anvil)?

Key. (Domain and IP addresses have been changed to keep apparant spam spiders from taking advantage.)

mydomainishere = Is my domain
75.MY.IP.HERE = My client side or my server side public ip address.
node1 is my server nickname.

 

Upon Further research

I have found all the emails sitting in /var/spool/mail

Is this normail behavior?

when i connect with outlook express it says it successfuly connects to all acounts and doesnt give any errors. But it doest download any of the emails.

i made sure this was the place email was sending one of account a picture in a email and the file named web1_dev in /var/spool/mail increased by the exact email size.

So i opened up webmail and see the email is not there.

The smtp is working fine. why isnt people get there emails downloaded from clients or webmail?

Ive got all this email sitting in /var/spool/mail for a lot of accounts and mutiple domains

 

Maildir is and was checked.

The email has been working fine for a long long time up till a couple a days ago.

 

It was using 2.2.22 stable when it crapped out.

However it worked good on 2.2.22 for a very long time.

i tried a upgrade to 2.2.23 stable in hopes it would fix it. it didnt.

this is running on Centos 5.1

trying the uncheck method now. Ill uncheck it for 5 minutes. then recheck the mailuser option. Ill post the results in 10 minutes. it sure would be nice to have this email sitting here.

also another noted.

The virtuser file in the email settings in the ispconfig control panel is

/etc/postfix/virtusertable

although the email is sitting in /var/spool/mail

However this setting was never changed in the past and did work fine.

The option is now unchecked ill post the results in 10 minutes'ish

 

ok i did as instructed.

I unchecked it for 5 minutes then i rechecked and waited for 5 minutes before clicking send / recieve to check it.

Sadly it did not work. And the email address i sent it too you can see it go to the email name in /var/spool/mail as that file for the email name increased.

 

Code:

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

mail_owner = postfix

inet_interfaces = all

$mydomain,

unknown_local_recipient_reject_code = 550

alias_maps = hash:/etc/aliases

debug_peer_level = 2

debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.3.3/samples

readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_sasl_local_domain = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = mail.mydomain.com
home_mailbox = Maildir/
mailbox_command = 

virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names

Excerpt from log.

Code:

Jun 10 06:46:13 node1 postfix/anvil[30563]: statistics: max connection rate 1/60s for (smtp:210.83.70.51) at Jun 10 06:42:52
Jun 10 06:46:13 node1 postfix/anvil[30563]: statistics: max connection count 1 for (smtp:210.83.70.51) at Jun 10 06:42:52
Jun 10 06:46:13 node1 postfix/anvil[30563]: statistics: max cache size 1 at Jun 10 06:42:52
Jun 10 06:47:10 node1 dovecot: pop3-login: Login: user=<web1_dev>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun 10 06:47:10 node1 dovecot: pop3-login: Login: user=<web4_webmaster>, method=PLAIN, rip=::ffff:75.145.52.237, lip=::ffff:75.MY.IP.HERE
Jun 10 06:47:10 node1 dovecot: POP3(web1_dev): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun 10 06:47:10 node1 dovecot: POP3(web4_webmaster): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun 10 06:47:10 node1 dovecot: pop3-login: Login: user=<web1_steve>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun 10 06:47:10 node1 dovecot: POP3(web1_steve): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun 10 06:47:10 node1 dovecot: pop3-login: Login: user=<web1_fax>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE
Jun 10 06:47:10 node1 dovecot: POP3(web1_fax): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun 10 06:47:10 node1 dovecot: pop3-login: Login: user=<web1_admin>, method=PLAIN, rip=::ffff:75.MY.IP.HERE, lip=::ffff:75.MY.IP.HERE

 

And there is no errors email clients (outlook, Exchange) they all say they connect correctly.

And still no email appearing in webmail (just in case it was client.) every test email i send i see the email for that name getting bigger and bigger in

Code:

/var/spool/mail

.

I checked my virtual users table in

Code:

/etc/postfix/virtusertable

and all the names are correct or existent.
I have

Code:

etc/init.d/postfix restart 

after trying the unchecking / check trick.

I also verified sendmail is not running and postfix is.

If

Code:

/var/spool/mail 

or the

Code:

symlink /var/mail 

is where the mail is supposed to pulled out of, its not getting pulled out of there.

 

would moving the mail from

/var/spool/mail

to a different folder allow us to download our emails?