Email server stopt working after power failure

Oke,

After a great year with a working server, we had a power failure over here.

Now I can't receive any mails no more! So something went wrong with the server configuration. I honestly don't know whereto look for it. Its has something to do with the smtp config. If I send an email with gmail to the server I am getting this mail:

Code:

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 13): 550 Relaying denied

  ----- Original message -----

Received: by 10.115.58.1 with SMTP id l1mr17750318wak.110.1199530664873;
       Sat, 05 Jan 2008 02:57:44 -0800 (PST)
Received: by 10.114.179.4 with HTTP; Sat, 5 Jan 2008 02:57:44 -0800 (PST)
Message-ID: <[email protected]>
Date: Sat, 5 Jan 2008 11:57:44 +0100
From: "DaRK NeSS" <[email protected]>
To: "Appie - Domestic Violence" <[email protected]>
Subject: Re: email test uitwendig
In-Reply-To: <000501c84f89$67affdc0$370ff940$@nl>
MIME-Version: 1.0
Content-Type: multipart/alternative;
       boundary="----=_Part_22102_12366948.1199530664865"
References: <000501c84f89$67affdc0$370ff940$@nl>

------=_Part_22102_12366948.1199530664865
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Is there an command to test the server? Does anybody can offer me an hand?

TIA

 

My mail log does have as far I can see no email errors only from the virus scanner

/var/log/mail.log

Code:

Jan  6 12:17:40 dcs-server freshclam[4366]: Received signal: wake up 
Jan  6 12:17:40 dcs-server freshclam[4366]: ClamAV update process started at Sun Jan  6 12:17:40 2008 
Jan  6 12:17:40 dcs-server freshclam[4366]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES 
Jan  6 12:17:40 dcs-server freshclam[4366]: See the FAQ at http://www.clamav.net/support/faq for an explanation. 
Jan  6 12:17:40 dcs-server freshclam[4366]: Can't query current.cvd.clamav.net 
Jan  6 12:17:40 dcs-server freshclam[4366]: Invalid DNS reply. Falling back to HTTP mode. 
Jan  6 12:17:40 dcs-server freshclam[4366]: Reading CVD header (main.cvd): 
Jan  6 12:17:45 dcs-server freshclam[4366]: Can't get information about database.clamav.net: Temporary DNS error 
Jan  6 12:17:45 dcs-server freshclam[4366]: Can't read main.cvd header from database.clamav.net (IP: ) 
Jan  6 12:17:45 dcs-server freshclam[4366]: Trying again in 5 secs... 
Jan  6 12:17:50 dcs-server freshclam[4366]: ClamAV update process started at Sun Jan  6 12:17:50 2008 
Jan  6 12:17:50 dcs-server freshclam[4366]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES 
Jan  6 12:17:50 dcs-server freshclam[4366]: See the FAQ at http://www.clamav.net/support/faq for an explanation. 
Jan  6 12:17:50 dcs-server freshclam[4366]: Can't query current.cvd.clamav.net 
Jan  6 12:17:50 dcs-server freshclam[4366]: Invalid DNS reply. Falling back to HTTP mode. 
Jan  6 12:17:50 dcs-server freshclam[4366]: Reading CVD header (main.cvd): 
Jan  6 12:18:00 dcs-server freshclam[4366]: Can't get information about database.clamav.net: Temporary DNS error 
Jan  6 12:18:00 dcs-server freshclam[4366]: Can't read main.cvd header from database.clamav.net (IP: ) 
Jan  6 12:18:00 dcs-server freshclam[4366]: Trying again in 5 secs... 
Jan  6 12:18:05 dcs-server freshclam[4366]: ClamAV update process started at Sun Jan  6 12:18:05 2008 
Jan  6 12:18:05 dcs-server freshclam[4366]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES 
Jan  6 12:18:05 dcs-server freshclam[4366]: See the FAQ at http://www.clamav.net/support/faq for an explanation. 
Jan  6 12:18:05 dcs-server freshclam[4366]: Can't query current.cvd.clamav.net 
Jan  6 12:18:05 dcs-server freshclam[4366]: Invalid DNS reply. Falling back to HTTP mode. 
Jan  6 12:18:05 dcs-server freshclam[4366]: Reading CVD header (main.cvd): 
Jan  6 12:18:10 dcs-server freshclam[4366]: Can't get information about database.clamav.net: Temporary DNS error 
Jan  6 12:18:10 dcs-server freshclam[4366]: Can't read main.cvd header from database.clamav.net (IP: ) 
Jan  6 12:18:10 dcs-server freshclam[4366]: Giving up on database.clamav.net... 
Jan  6 12:18:10 dcs-server freshclam[4366]: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons. 
Jan  6 12:18:10 dcs-server freshclam[4366]: -------------------------------------- 
Jan  6 12:40:29 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  6 12:40:29 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
Jan  6 12:40:29 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  6 12:40:29 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  6 12:40:29 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
Jan  6 12:40:30 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=1
Jan  6 12:40:30 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  6 12:40:30 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
Jan  6 12:40:30 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  6 13:10:39 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  6 13:10:39 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
Jan  6 13:10:39 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  6 13:10:39 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  6 13:10:39 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
Jan  6 13:10:39 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  6 13:10:39 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  6 13:10:39 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
Jan  6 13:10:39 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  6 13:16:52 dcs-server postfix/master[18012]: terminating on signal 15
Jan  6 13:16:53 dcs-server postfix/master[30790]: daemon started -- version 2.3.3, configuration /etc/postfix

 

Do you have network connectivity? Can you resolve DNS names? What's in /etc/resolv.conf?

 

In my /etc/resolv.conf

Code:

nameserver 192.168.1.1

Its the routers IP adress

 

Please try this instead:

Code:

nameserver 145.253.2.75
nameserver 193.174.32.18

 

Done that now and no go.

But they are just name servers right?
So I can put more of my own in then? Like 213.51.129.37 for example that one is from my isp.

 

Okee, Its little bit better now but I can't see any emails.

I know that the mail is deliverd to my server I can see that in my rollernet logs

Code:

Message from mail.rollernet.us accepted by 84.31.***.** (www.***-online.nl) after 3 seconds.
	From: Queue F4060582F79D
To: info@d******-violence.nl
Date: 2008-01-08 21:48:58 	sent (250 2.0.0 Ok: queued as 8CBF97F4041)

Also in my webmail (roundcube) no email is ariving

 

Here it is I Have noticed 2 warnings One from clamav that its outdated and needs to update.

And the most related one I think are the last few lines. If I read correctly the mail server sees all the email as dangerous or unknown and removes them.

Code:

Jan  9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 21:24:23 dcs-server courierpop3login: Connection, ip=[::ffff:84.198.59.205]
Jan  9 21:24:23 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_toon, ip=[::ffff:84.198.59.205]
Jan  9 21:24:23 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_toon, ip=[::ffff:84.198.59.205], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 21:39:05 dcs-server freshclam[4376]: Received signal: wake up 
Jan  9 21:39:05 dcs-server freshclam[4376]: ClamAV update process started at Wed Jan  9 21:39:05 2008 
Jan  9 21:39:05 dcs-server freshclam[4376]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES 
Jan  9 21:39:05 dcs-server freshclam[4376]: See the FAQ at http://www.clamav.net/support/faq for an explanation. 
Jan  9 21:39:05 dcs-server freshclam[4376]: Your ClamAV installation is OUTDATED! 
Jan  9 21:39:05 dcs-server freshclam[4376]: Local version: 0.91.2 Recommended version: 0.92 
Jan  9 21:39:05 dcs-server freshclam[4376]: DON'T PANIC! Read http://www.clamav.net/support/faq 
Jan  9 21:39:05 dcs-server freshclam[4376]: main.inc is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven) 
Jan  9 21:39:05 dcs-server freshclam[4376]: daily.inc is up to date (version: 5459, sigs: 21320, f-level: 21, builder: ccordes) 
Jan  9 21:39:05 dcs-server freshclam[4376]: -------------------------------------- 
Jan  9 22:01:15 dcs-server courierpop3login: Connection, ip=[::ffff:90.128.161.215]
Jan  9 22:01:15 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215]
Jan  9 22:01:15 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 22:31:21 dcs-server courierpop3login: Connection, ip=[::ffff:90.128.161.215]
Jan  9 22:31:21 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215]
Jan  9 22:31:21 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 22:46:37 dcs-server postfix/smtpd[13672]: connect from unknown[208.11.75.2]
Jan  9 22:46:38 dcs-server postfix/smtpd[13672]: setting up TLS connection from unknown[208.11.75.2]
Jan  9 22:46:38 dcs-server postfix/smtpd[13672]: TLS connection established from unknown[208.11.75.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Jan  9 22:46:38 dcs-server postfix/smtpd[13672]: F095C7F4041: client=unknown[208.11.75.2]
Jan  9 22:46:39 dcs-server postfix/cleanup[13676]: F095C7F4041: message-id=<[email protected]>
Jan  9 22:46:39 dcs-server postfix/qmgr[23609]: F095C7F4041: from=<[email protected]>, size=3075, nrcpt=1 (queue active)
Jan  9 22:46:39 dcs-server postfix/smtpd[13672]: disconnect from unknown[208.11.75.2]
Jan  9 22:46:39 dcs-server procmail[13678]: Suspicious rcfile "/var/www/web5/user/domestic-violence.nl_info/.procmailrc"
Jan  9 22:46:39 dcs-server postfix/local[13677]: F095C7F4041: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.3, delays=0.26/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
Jan  9 22:46:39 dcs-server postfix/qmgr[23609]: F095C7F4041: removed

This is the /var/www/web5/user/domestic-violence.nl_info/.procmailrc

Code:

MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR
ORGMAIL=$MAILDIR

INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.mailsize.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.quota.rc
INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.antivirus.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.local-rules.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.html-trap.rc
INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.spamassassin.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.autoresponder.rc

I am currently running the update to version.....19. Mabey that will help.

 

What's the output of

Code:

ls -la /var/www/web5/user/domestic-violence.nl_info

?

 

The output

Code:

total 132
drwxrwxrwx  5 domestic-violence.nl_info  web5  4096 2007-05-11 00:11 .
drwxrwxrwx 10 domestic-violence.nl_appie web5  4096 2007-12-15 16:57 ..
-rw-r--r--  1 root                       root   103 2008-01-09 00:57 .antivirus.                                                                             rc
-rw-r--r--  1 root                       root   816 2008-01-09 00:57 .autorespon                                                                             der.rc
-rw-------  1 domestic-violence.nl_info  web5    24 2008-01-09 00:57 .forward
-rw-r--r--  1 root                       root 67866 2008-01-09 00:57 .html-trap.                                                                             rc
-rw-r--r--  1 root                       root  3889 2008-01-09 00:57 .local-rule                                                                             s.rc
drwx------ 10 domestic-violence.nl_info  web5  4096 2007-06-30 21:23 Maildir
-rw-r--r--  1 root                       root   204 2008-01-09 00:57 .mailsize.r                                                                             c
-rw-r--r--  1 root                       root   556 2008-01-09 00:57 .procmailrc
-rw-r--r--  1 root                       root   656 2008-01-09 00:57 .quota.rc
drwxrwxrwx  2 domestic-violence.nl_info  web5  4096 2007-12-26 13:18 .spamassass                                                                             in
-rw-r--r--  1 root                       root  1161 2008-01-09 00:57 .spamassass                                                                             in.rc
-rw-r--r--  1 root                       root  2039 2008-01-09 00:57 .user_prefs
-rw-r--r--  1 root                       root    32 2008-01-09 00:57 .vacation.m                                                                             sg
drwxrwxrwx  2 domestic-violence.nl_info  web5  4096 2007-04-01 12:34 web

 

/var/www/web5/user/domestic-violence.nl_info and /var/www/web5/user must have 755 permissions.

Code:

chmod 755 /var/www/web5/user/domestic-violence.nl_info
chmod 755 /var/www/web5/user

 

Falco,
That worked for my info account. Is there a simple way to chmod all my accounts? Or must I manually chmod all of them?

edit,
I have used the same chmod code voor my account appie but that doesn't worked for me.

Code:

chmod 755 /var/www/web5/user/domestic-violence.nl_appie
chmod 755 /var/www/web5/user

BTW what has hapend with my server (besides the power failure) that the rights have been chanced? could it be a virus or an hack? And is it better to start with a clean install?

 

I'd do it manually to avoid that you accidentally mess up permissions.

Make sure that none of the directories in the path up to /var/www/web5/user/domestic-violence.nl_appie has 777 permissions. They should be 755.

Did you maybe do a recursive chmod on your directories?

 

I manually changed the directories and at the moment all is working again.

I didn't do anything with my server. I only had 2 times an power failure, can it be that the instant shutdown changed the rights?
I think its saver to start over again. Working already on an older pc to get it to work with ISPconfig, so I can format the server.

Again thanks for you help mabey I will need it again tommorow

 

I don't think so. Maybe you should check your server with chkrootkit and rkhunter.

 

I have checked with the 2 programs. I did get some warnings, but I installed a clean ubuntu server and there I got the same warnings.

So for now its working again. I am going to put the site on my backup server I have just created and will do an clean install of my primary server.

Thanks again.