How to find postfix logs ?

Discussion in 'Server Operation' started by kameleon1er, Jun 2, 2022.

  1. kameleon1er

    kameleon1er Member

    Hello to all,

    For some time now I have had more and more emails rejected or returned for refusal of delivery.

    I don't know what's going on and I would like to know where I can find the logs for postfix to see if it indicates a problem.

    Here is a typical example of a message that has been returned to me lately :
     
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

  3. kameleon1er

    kameleon1er Member

  4. kameleon1er

    kameleon1er Member

    Hi, I did it and open logs, but I see some errors but don"t understand what happent :
    Code:
    Jun  6 13:12:21 srv-b postfix/error[17184]: 8950B81F67: to=<[email protected]>, relay=none, delay=302930, delays=302930/0.25/0/0.05, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to smtp.democrasite.com[2001:bc8:628:1c3f::1]:25: Connection refused)
    
    Code:
    Jun  6 13:23:29 srv-b postfix/submission/smtpd[17882]: warning: unknown[141.98.10.217]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Jun  6 13:23:29 srv-b postfix/submission/smtpd[17882]: disconnect from unknown[141.98.10.217] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
    Jun  6 13:23:53 srv-b postfix/submission/smtpd[17882]: connect from unknown[141.98.10.203]
    Code:
    Jun  6 13:25:03 srv-b dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<NAtbZsfgMIwAAAAAAAAAAAAAAAAAAAAB>
    Jun  6 13:25:03 srv-b postfix/smtpd[17999]: connect from localhost[::1]
    Jun  6 13:25:03 srv-b postfix/smtpd[17999]: lost connection after CONNECT from localhost[::1]
    Jun  6 13:25:03 srv-b postfix/smtpd[17999]: disconnect from localhost[::1] commands=0/0
     
  5. kameleon1er

    kameleon1er Member

    I still try to debug my postfix problem/
    Today I sent a test e-mail from my gmail adress to one of my IspConfig mail boxes and look up logs :
    Code:
    Jun 12 11:41:51 srv-b postfix/smtpd[5753]: NOQUEUE: filter: RCPT from mail-yw1-f171.google.com[209.85.128.171]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-yw1-f171.google.com>
    Jun 12 11:41:51 srv-b postfix/smtpd[5753]: NOQUEUE: filter: RCPT from mail-yw1-f171.google.com[209.85.128.171]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-yw1-f171.google.com>
    Jun 12 11:41:51 srv-b postfix/smtpd[5753]: 54DFE833C1: client=mail-yw1-f171.google.com[209.85.128.171]
    Jun 12 11:41:51 srv-b postfix/cleanup[5796]: 54DFE833C1: message-id=<CALO4E1RdkApevxhqUCQF2n7iJzDN74DOSwjBtXwtE_S4X5jtnA@mail.gmail.com>
    Jun 12 11:41:51 srv-b postfix/qmgr[30407]: 54DFE833C1: from=<[email protected]>, size=2627, nrcpt=1 (queue active)
    Jun 12 11:41:51 srv-b amavis[5497]: (05497-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
    Jun 12 11:41:52 srv-b amavis[5497]: (05497-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
    Jun 12 11:41:52 srv-b amavis[5497]: (05497-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Jun 12 11:41:58 srv-b amavis[5497]: (05497-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
    my amavis status :
    Code:
    /etc/init.d/amavis status
    ● amavis.service - LSB: Starts amavisd-new mailfilter
       Loaded: loaded (/etc/init.d/amavis; generated)
       Active: active (running) since Sun 2022-06-12 11:38:27 UTC; 8min ago
         Docs: man:systemd-sysv-generator(8)
      Process: 5462 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS)
        Tasks: 3 (limit: 4672)
       Memory: 387.8M
       CGroup: /system.slice/amavis.service
               ├─5477 /usr/sbin/amavisd-new (master)
               ├─5496 /usr/sbin/amavisd-new (virgin child)
               └─5497 /usr/sbin/amavisd-new (ch1-avail)
    
    Jun 12 11:38:27 srv-b.democrasite.com amavis[5477]: No decoder for       .zoo
    Jun 12 11:38:27 srv-b.democrasite.com amavis[5477]: Using primary internal av scanner code for ClamAV-clamd
    Jun 12 11:38:27 srv-b.democrasite.com amavis[5477]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
    Jun 12 11:41:51 srv-b.democrasite.com amavis[5497]: (05497-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX …ion refused
    Jun 12 11:41:52 srv-b.democrasite.com amavis[5497]: (05497-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX …ion refused
    Jun 12 11:41:52 srv-b.democrasite.com amavis[5497]: (05497-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Jun 12 11:41:58 srv-b.democrasite.com amavis[5497]: (05497-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX …ion refused
    Jun 12 11:41:58 srv-b.democrasite.com amavis[5497]: (05497-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/ru…line 659.\n
    Jun 12 11:41:58 srv-b.democrasite.com amavis[5497]: (05497-01) (!)WARN: all primary virus scanners failed, considering backups
    Jun 12 11:42:44 srv-b.democrasite.com amavis[5497]: (05497-01) Passed CLEAN {RelayedOpenRelay}, [209.85.128.171]:40347 [209.85.128.171] <[email protected]…
    Hint: Some lines were ellipsized, use -l to show in full.
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Code:
    connect to /var/run/clamav/clamd.ctl failed
    Looks like clamd is not running. Try
    Code:
    systemctl --state=failed
    systemctl status clamav-daemon.service
    
     
  7. kameleon1er

    kameleon1er Member

    Hi @Taleman, how you doing ? Thanks for your help, I follow this way >> clamav :)
     
  8. kameleon1er

    kameleon1er Member

    yes, something is not working good, may I manually "rm-r /run/clamav" directory after stoping deamon?:
    Code:
    /run/clamav# service amavis status
    ● amavis.service - LSB: Starts amavisd-new mailfilter
       Loaded: loaded (/etc/init.d/amavis; generated)
       Active: active (running) since Sun 2022-06-12 11:50:53 UTC; 4h 57min ago
         Docs: man:systemd-sysv-generator(8)
      Process: 6288 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS)
        Tasks: 3 (limit: 4672)
       Memory: 208.7M
       CGroup: /system.slice/amavis.service
               ├─6306 /usr/sbin/amavisd-new (master)
               ├─6308 /usr/sbin/amavisd-new (ch12-avail)
               └─6309 /usr/sbin/amavisd-new (ch11-avail)
    
    Jun 12 16:21:22 srv-b.democrasite.com amavis[6309]: (06309-11) Passed CLEAN {RelayedOpenRelay}, [157.52.235.146]:54312 [157.52.235.146] <groundpowergenerator@g
    Jun 12 16:36:56 srv-b.democrasite.com amavis[6308]: (06308-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/
    Jun 12 16:36:57 srv-b.democrasite.com amavis[6308]: (06308-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/
    Jun 12 16:36:57 srv-b.democrasite.com amavis[6308]: (06308-12) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Jun 12 16:37:03 srv-b.democrasite.com amavis[6308]: (06308-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/
    Jun 12 16:37:03 srv-b.democrasite.com amavis[6308]: (06308-12) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/cla
    Jun 12 16:37:03 srv-b.democrasite.com amavis[6308]: (06308-12) (!)WARN: all primary virus scanners failed, considering backups
    Jun 12 16:37:25 srv-b.democrasite.com amavis[6308]: (06308-12) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan KILLED, signal 9 (0009) at (eval 113) li
    Jun 12 16:37:25 srv-b.democrasite.com amavis[6308]: (06308-12) (!!)AV: ALL VIRUS SCANNERS FAILED
    Jun 12 16:37:41 srv-b.democrasite.com amavis[6308]: (06308-12) Passed UNCHECKED {RelayedOpenRelay}, [37.60.55.5]:40377 [37.60.55.5] <[email protected]
    
    +-----------------------------+
    Code:
    systemctl status clamav-daemon
    ● clamav-daemon.service - Clam AntiVirus userspace daemon
       Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
      Drop-In: /etc/systemd/system/clamav-daemon.service.d
               └─extend.conf
       Active: active (running) since Sun 2022-06-12 16:37:12 UTC; 7s ago
         Docs: man:clamd(8)
               man:clamd.conf(5)
               https://docs.clamav.net/
      Process: 24516 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=1/FAILURE)
      Process: 24517 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
     Main PID: 24518 (clamd)
        Tasks: 1 (limit: 4672)
       Memory: 504.4M
       CGroup: /system.slice/clamav-daemon.service
               └─24518 /usr/sbin/clamd --foreground=true
    
    Jun 12 16:37:12 srv-b.democrasite.com systemd[1]: Starting Clam AntiVirus userspace daemon...
    Jun 12 16:37:12 srv-b.democrasite.com mkdir[24516]: /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
    Jun 12 16:37:12 srv-b.democrasite.com systemd[1]: Started Clam AntiVirus userspace daemon.
     
  9. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I believe you can, but it would only be useful if the directory now has wrong owners or permissions.
    Code:
    ls -lhaR /var/run/clamav/
    /var/run/clamav/:
    yhteensä 0
    drwxr-xr-x  2 clamav root    60 touko  30 11:53 .
    drwxr-xr-x 24 root   root   740 kesä   12 20:08 ..
    srw-rw-rw-  1 clamav clamav   0 touko  30 11:53 clamd.ctl
    
     
  10. kameleon1er

    kameleon1er Member

    permissions seems to be ok :
    Code:
    /var/run/clamav/:
    total 0
    drwxr-xr-x  2 clamav root    60 Jun 12 16:37 .
    drwxr-xr-x 30 root   root   960 Jun 12 16:39 ..
    srw-rw-rw-  1 clamav clamav   0 Jun 12 16:37 clamd.ctl
     
  11. kameleon1er

    kameleon1er Member

    clamV is ok now I think but server still refuse to deliver e-mail from one of my domain to my gmail adress but I don't know where is the problem :( :
    /////////// For ClamV ///////////////////
    Code:
    ystemctl status clamav-daemon
    ● clamav-daemon.service - Clam AntiVirus userspace daemon
       Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
      Drop-In: /etc/systemd/system/clamav-daemon.service.d
               └─extend.conf
       Active: active (running) since Sun 2022-06-12 19:26:49 UTC; 15s ago
         Docs: man:clamd(8)
               man:clamd.conf(5)
               https://docs.clamav.net/
      Process: 2769 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=0/SUCCESS)
      Process: 2770 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
     Main PID: 2771 (clamd)
        Tasks: 1 (limit: 4672)
       Memory: 1.1G
       CGroup: /system.slice/clamav-daemon.service
               └─2771 /usr/sbin/clamd --foreground=true
    
    Jun 12 19:26:49 srv-b.democrasite.com systemd[1]: Starting Clam AntiVirus userspace daemon...
    Jun 12 19:26:49 srv-b.democrasite.com systemd[1]: Started Clam AntiVirus userspace daemon.
    ////////// From my postfix logs ///////////////////
    Code:
     tail -f /var/log/mail.log
    Jun 12 19:34:14 srv-b postfix/smtpd[3341]: connect from unknown[87.246.7.230]
    Jun 12 19:34:18 srv-b postfix/smtpd[3319]: warning: unknown[87.246.7.230]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Jun 12 19:35:04 srv-b dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Zd2rREXhBKoAAAAAAAAAAAAAAAAAAAAB>
    Jun 12 19:35:04 srv-b dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<SlqsREXhlu0AAAAAAAAAAAAAAAAAAAAB>
    Jun 12 19:35:04 srv-b postfix/smtpd[3425]: connect from localhost[::1]
    Jun 12 19:35:04 srv-b postfix/smtpd[3425]: lost connection after CONNECT from localhost[::1]
    Jun 12 19:35:04 srv-b postfix/smtpd[3425]: disconnect from localhost[::1] commands=0/0
    Jun 12 19:35:46 srv-b postfix/scache[3270]: statistics: start interval Jun 12 19:32:26
    Jun 12 19:35:46 srv-b postfix/scache[3270]: statistics: domain lookup hits=0 miss=3 success=0%
    Jun 12 19:35:46 srv-b postfix/scache[3270]: statistics: address lookup hits=0 miss=3 success=0%
    Jun 12 19:35:56 srv-b postfix/submission/smtpd[3441]: connect from lneuilly-657-1-64-178.w80-11.abo.wanadoo.fr[80.11.30.178]
    Jun 12 19:35:56 srv-b postfix/submission/smtpd[3441]: NOQUEUE: filter: RCPT from lneuilly-657-1-64-178.w80-11.abo.wanadoo.fr[80.11.30.178]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[192.168.1.37]>
    Jun 12 19:35:56 srv-b postfix/submission/smtpd[3441]: 9BB39833D1: client=lneuilly-657-1-64-178.w80-11.abo.wanadoo.fr[80.11.30.178], sasl_method=PLAIN, [email protected]
    Jun 12 19:35:56 srv-b postfix/cleanup[3444]: 9BB39833D1: message-id=<[email protected]>
    Jun 12 19:35:56 srv-b postfix/qmgr[30407]: 9BB39833D1: from=<[email protected]>, size=8206, nrcpt=1 (queue active)
    Jun 12 19:35:56 srv-b postfix/submission/smtpd[3441]: disconnect from lneuilly-657-1-64-178.w80-11.abo.wanadoo.fr[80.11.30.178] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
    Jun 12 19:35:56 srv-b amavis[6309]: (06309-18) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
    Jun 12 19:35:57 srv-b dovecot: imap([email protected])<3173><Xk3rNEXhrNBQCx6y>: Connection closed (IDLE running for 0.001 + waiting input for 0.007 secs, 2 B in + 10 B out, state=wait-input) in=8683 out=21431 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=354 body_count=0 body_bytes=0
    Jun 12 19:35:57 srv-b amavis[6309]: (06309-18) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
    Jun 12 19:35:57 srv-b amavis[6309]: (06309-18) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Jun 12 19:35:59 srv-b postfix/submission/smtpd[3441]: warning: hostname bland-plusqu.riddlecamera.net does not resolve to address 141.98.11.14
    Jun 12 19:35:59 srv-b postfix/submission/smtpd[3441]: connect from unknown[141.98.11.14]
    Jun 12 19:36:03 srv-b amavis[6309]: (06309-18) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
    Jun 12 19:36:03 srv-b amavis[6309]: (06309-18) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 113) line 659.\n
    Jun 12 19:36:03 srv-b amavis[6309]: (06309-18) (!)WARN: all primary virus scanners failed, considering backups
    Jun 12 19:36:04 srv-b postfix/submission/smtpd[3441]: warning: unknown[141.98.11.14]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Jun 12 19:36:04 srv-b postfix/submission/smtpd[3441]: disconnect from unknown[141.98.11.14] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
    Jun 12 19:36:15 srv-b dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=80.11.30.178, lip=10.65.110.21, mpid=3474, TLS, session=<D3PnSEXh59BQCx6y>
    
     
  12. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    At 19:26 clamav was started and was running, including the clamd process. Is it still running at 19:36 when mail.log shows those errors?
    You should edit the log you post to remove lines not relevant to the problem at hand. Those connect from unknown are probably spammers trying to log in by guessing passwords.
    Have you modified clamav configuration? Or uninstalled and reinstalled it messing up the configuration?
    I now realize you are using ISPConfig despite posting on Linux Forum. Do this to rule out the usual suspects:
    https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
     
  13. kameleon1er

    kameleon1er Member

    @tilman
    Thank you for your your reply.

    I did wonder about posting here rather than on the ispConfig forum. But since I thought it was an e-mail problem (postfix and its companions)...

    Should I move my topic?

    For your questions :
    Code:
    
    root@srv-b:~# service amavis status
    ● amavis.service - LSB: Starts amavisd-new mailfilter
       Loaded: loaded (/etc/init.d/amavis; generated)
       Active: active (running) since Mon 2022-06-13 01:34:32 UTC; 10min ago
         Docs: man:systemd-sysv-generator(8)
      Process: 28154 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS)
        Tasks: 3 (limit: 4672)
       Memory: 331.2M
       CGroup: /system.slice/amavis.service
               ├─28171 /usr/sbin/amavisd-new (master)
               ├─28189 /usr/sbin/amavisd-new (ch1-avail)
               └─28190 /usr/sbin/amavisd-new (virgin child)
    
    Jun 13 01:34:32 srv-b.democrasite.com amavis[28171]: No decoder for       .zoo
    Jun 13 01:34:32 srv-b.democrasite.com amavis[28171]: Using primary internal av scanner code for ClamAV-clamd
    Jun 13 01:34:32 srv-b.democrasite.com amavis[28171]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
    Jun 13 01:36:49 srv-b.democrasite.com amavis[28189]: (28189-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd
    Jun 13 01:36:50 srv-b.democrasite.com amavis[28189]: (28189-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd
    Jun 13 01:36:50 srv-b.democrasite.com amavis[28189]: (28189-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Jun 13 01:36:56 srv-b.democrasite.com amavis[28189]: (28189-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd
    Jun 13 01:36:56 srv-b.democrasite.com amavis[28189]: (28189-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All atte
    Jun 13 01:36:56 srv-b.democrasite.com amavis[28189]: (28189-01) (!)WARN: all primary virus scanners failed, considering backups
    Jun 13 01:37:31 srv-b.democrasite.com amavis[28189]: (28189-01) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [127.0.0.1] [91.173.88.232] <[email protected]> -> <kameleon
    And I tried also this and see an error too :
    Code:
    while read command percent rss; do if [[ "${command}" != "COMMAND" ]]; then rss="$(bc <<< "scale=2;${rss}/1024")"; fi; printf "%-26s%-8s%s\n" "${command}" "${percent}" "${rss}"; done < <(ps -A --sort -rss -o comm,pmem,rss|head -31)
    COMMAND                   %MEM    RSS
    clamd                     30.9    1219.29
    mysqld                    12.6    498.19
    php-cgi                   4.6     181.84
    php-cgi                   4.5     178.55
    php-cgi                   3.7     148.65
    /usr/sbin/amavi           3.5     138.66
    php-cgi                   3.5     138.19
    /usr/sbin/amavi           3.3     131.28
    /usr/sbin/amavi           3.2     129.82
    systemd-journal           1.7     70.46
    php-cgi                   0.9     39.10
    apache2                   0.7     29.38
    apache2                   0.7     28.66
    apache2                   0.6     26.50
    php-cgi                   0.6     25.65
    php-cgi                   0.5     23.24
    apache2                   0.5     22.64
    apache2                   0.5     22.16
    apache2                   0.5     22.12
    apache2                   0.5     22.07
    php-cgi                   0.5     22.07
    apache2                   0.5     21.97
    apache2                   0.5     21.95
    apache2                   0.5     21.53
    apache2                   0.5     20.76
    fail2ban-server           0.4     18.07
    (standard_in) 1: syntax error
    postgrey                  --pidf 
    smtpd                     0.3     13.85
    smtpd                     0.3     13.82
    smtpd                     0.3     13.82
     
  14. kameleon1er

    kameleon1er Member

    After this done
    Code:
    # freshclam
    # /etc/init.d/clamav-daemon restart
    # /etc/init.d/amavis restart
    Status is ok :
    Code:
    service amavis status
    ● amavis.service - LSB: Starts amavisd-new mailfilter
       Loaded: loaded (/etc/init.d/amavis; generated)
       Active: active (running) since Mon 2022-06-13 02:20:34 UTC; 3min 31s ago
         Docs: man:systemd-sysv-generator(8)
      Process: 31873 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS)
        Tasks: 3 (limit: 4672)
       Memory: 180.2M
       CGroup: /system.slice/amavis.service
               ├─31888 /usr/sbin/amavisd-new (master)
               ├─31906 /usr/sbin/amavisd-new (ch1-avail)
               └─31907 /usr/sbin/amavisd-new (virgin child)
    
    Jun 13 02:20:34 srv-b.democrasite.com amavis[31888]: No ext program for   .doc, tried: ripole
    Jun 13 02:20:34 srv-b.democrasite.com amavis[31888]: No decoder for       .F
    Jun 13 02:20:34 srv-b.democrasite.com amavis[31888]: No decoder for       .doc
    Jun 13 02:20:34 srv-b.democrasite.com amavis[31888]: No decoder for       .lz4
    Jun 13 02:20:34 srv-b.democrasite.com amavis[31888]: No decoder for       .zoo
    Jun 13 02:20:34 srv-b.democrasite.com amavis[31888]: Using primary internal av scanner code for ClamAV-clamd
    Jun 13 02:20:34 srv-b.democrasite.com amavis[31888]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
    Jun 13 02:20:34 srv-b.democrasite.com amavis[31873]: Starting amavisd: amavisd-new.
    Jun 13 02:20:34 srv-b.democrasite.com systemd[1]: Started LSB: Starts amavisd-new mailfilter.
    Jun 13 02:22:56 srv-b.democrasite.com amavis[31906]: (31906-01) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [127.0.0.1] [91.173.88.232] <[email protected]> -> <kameleon1e
    lines 1-22/22 (END)
    
    but… if I try to send an email to my gmail :
    Code:
    Jun 13 02:22:56 srv-b dovecot: imap([email protected])<31821><9TcH7krhUUJbrVjo>: Logged out in=1037 out=1539 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
    Jun 13 02:22:56 srv-b postfix/smtpd[31984]: connect from srv-b.democrasite.com.democrasite.com[127.0.0.1]
    Jun 13 02:22:56 srv-b postfix/smtpd[31984]: 8F2008340B: client=srv-b.democrasite.com.democrasite.com[127.0.0.1]
    Jun 13 02:22:56 srv-b postfix/cleanup[31980]: 8F2008340B: message-id=<[email protected]>
    Jun 13 02:22:56 srv-b postfix/qmgr[5383]: 8F2008340B: from=<[email protected]>, size=1730, nrcpt=1 (queue active)
    Jun 13 02:22:56 srv-b amavis[31906]: (31906-01) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [127.0.0.1] [91.173.88.232] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: MjsNo7wHh6QO, Hits: -1, size: 727, queued_as: 8F2008340B, dkim_new=default:kameleon.fr, 454 ms
    Jun 13 02:22:56 srv-b postfix/lmtp[31981]: 1F5C9833E6: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.55, delays=0.06/0.02/0.01/0.45, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 8F2008340B)
    Jun 13 02:22:56 srv-b postfix/error[31958]: 8F2008340B: to=<[email protected]>, relay=none, delay=0.07, delays=0.04/0.02/0/0.01, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to smtp.democrasite.com[2001:bc8:628:1c3f::1]:25: Connection refused)
    Jun 13 02:22:56 srv-b postfix/qmgr[5383]: 1F5C9833E6: removed
    Jun 13 02:23:03 srv-b dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=91.173.88.232, lip=10.65.110.21, mpid=32002, TLS, session=<qaW190rhnl1brVjo>
     
  15. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What show commands
    Code:
    uptime
    free -h
    df -hT
    Looks like sending to GMail was successful?
    You can not move topic yourself. Needs admin rights.
     
  16. kameleon1er

    kameleon1er Member

    Hi @Taleman

    Code:
    srv-b:~# uptime
     11:41:06 up 77 days,  2:27,  1 user,  load average: 0.10, 0.17, 0.26
    
    root@srv-b:~# free -h
                  total        used        free      shared  buff/cache   available
    Mem:          3.9Gi       1.5Gi       1.1Gi       785Mi       1.3Gi       1.4Gi
    Swap:            0B          0B          0B
    
    root@srv-b:~# df -hT
    Filesystem     Type      Size  Used Avail Use% Mounted on
    udev           devtmpfs  2.0G     0  2.0G   0% /dev
    tmpfs          tmpfs     395M   40M  355M  11% /run
    /dev/vda1      ext4       37G   25G   11G  71% /
    tmpfs          tmpfs     2.0G     0  2.0G   0% /dev/shm
    tmpfs          tmpfs     5.0M  4.0K  5.0M   1% /run/lock
    tmpfs          tmpfs     2.0G     0  2.0G   0% /sys/fs/cgroup
    /dev/vda15     vfat       99M  258K   99M   1% /boot/efi
    tmpfs          tmpfs     395M     0  395M   0% /run/user/0
    Don't you think my host file is weird? Thanks

    Code:
    127.0.0.1         srv-b.democrasite.com.democrasite.com srv-b.democrasite.com
    # 127.0.1.1       srv-b.democrasite.com.democrasite.com.democrasite.com  srv-b.dem$
    
    ::1             localhost ip6-localhost ip6-loopback
    ff02::1         ip6-allnodes
    ff02::2         ip6-allrouters
    
    
     
  17. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Hosts file is indeed weird. That can not work.
    You have large uptime, try if reboot solves the problems.
    Host has no swap, is clamav failing because it is out of memory? Check logs if processes are killed by oomd.
     
  18. kameleon1er

    kameleon1er Member

    Hi back
    Maybe port 25 blocked for outgoing mails ?
    Code:
    srv-b:~# mailq
    -Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
    
    1A6DC833FE     1603 Mon Jun 13 11:13:00  [email protected]
    (delivery temporarily suspended: connect to smtp.democrasite.com[2001:bc8:628:1c3f::1]:25: Connection refused)
                                             [email protected]
    
    15671815A1     2302 Fri Jun 10 00:35:56  [email protected]
    (delivery temporarily suspended: connect to smtp.democrasite.com[2001:bc8:628:1c3f::1]:25: Connection refused)
                                             [email protected]
    
    118BB8196A     2217 Thu Jun  9 16:39:18  [email protected]
    (connect to smtp.democrasite.com[2001:bc8:628:1c3f::1]:25: Connection refused)
                                             [email protected]
    
    I fixed first my host :
    Code:
    127.0.0.1       localhost
    127.0.1.1       srv-b.democrasite.com srv-b
    163.172.143.149 srv-b.democrasite.com srv-b
    
    
    ::1             localhost ip6-localhost ip6-loopback
    ff02::1         ip6-allnodes
    ff02::2         ip6-allrouters
    I rebooted…
    I started by sending an email from one of my addresses to my gmail address = connection refused :
    Code:
    Jun 13 19:48:30 srv-b postfix/submission/smtpd[11785]: connect from lneuilly-657-1-64-178.w80-11.abo.wanadoo.fr[80.11.30.178]
    Jun 13 19:48:30 srv-b postfix/submission/smtpd[11785]: NOQUEUE: filter: RCPT from lneuilly-657-1-64-178.w80-11.abo.wanadoo.fr[80.11.30.178]: <[email protected]>: Sender address triggers FILTER lmtp:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[192.168.1.37]>
    Jun 13 19:48:30 srv-b postfix/submission/smtpd[11785]: A41A683403: client=lneuilly-657-1-64-178.w80-11.abo.wanadoo.fr[80.11.30.178], sasl_method=PLAIN, [email protected]
    Jun 13 19:48:30 srv-b postfix/cleanup[11919]: A41A683403: message-id=<[email protected]>
    Jun 13 19:48:30 srv-b postfix/qmgr[2932]: A41A683403: from=<[email protected]>, size=8200, nrcpt=1 (queue active)
    Jun 13 19:48:31 srv-b postfix/submission/smtpd[11785]: disconnect from lneuilly-657-1-64-178.w80-11.abo.wanadoo.fr[80.11.30.178] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
    Jun 13 19:48:31 srv-b postfix/smtpd[6696]: connect from localhost[127.0.0.1]
    Jun 13 19:48:31 srv-b postfix/smtpd[6696]: C33AA8341D: client=localhost[127.0.0.1]
    Jun 13 19:48:31 srv-b postfix/cleanup[11919]: C33AA8341D: message-id=<[email protected]>
    Jun 13 19:48:31 srv-b dovecot: imap([email protected])<32468></71DfVnh4cxQCx6y>: Connection closed (IDLE running for 0.001 + waiting input for 0.009 secs, 2 B in + 10 B out, state=wait-input) in=8545 out=21484 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=465 body_count=0 body_bytes=0
    Jun 13 19:48:31 srv-b postfix/qmgr[2932]: C33AA8341D: from=<[email protected]>, size=9139, nrcpt=1 (queue active)
    Jun 13 19:48:31 srv-b postfix/smtpd[6696]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Jun 13 19:48:31 srv-b amavis[1410]: (01410-02) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [127.0.0.1] [80.11.30.178] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: Eqoky5iyG0VT, Hits: -0.656, size: 8200, queued_as: C33AA8341D, dkim_new=default:opaz-ateliers.com, 912 ms
    Jun 13 19:48:31 srv-b postfix/lmtp[11958]: A41A683403: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.5, delays=0.58/0/0.09/0.83, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as C33AA8341D)
    Jun 13 19:48:31 srv-b postfix/qmgr[2932]: A41A683403: removed
    Jun 13 19:48:31 srv-b postfix/error[28004]: C33AA8341D: to=<[email protected]>, relay=none, delay=0.1, delays=0.05/0.01/0/0.03, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to smtp.democrasite.com[2001:bc8:628:1c3f::1]:25: Connection refused)
    then I send a message from one of my addresses to another of my addresses managed by my ispConfig, and there it goes :
    Code:
    Jun 13 19:52:25 srv-b postfix/smtpd[1256]: 08C1B83422: client=localhost[127.0.0.1]
    Jun 13 19:52:25 srv-b postfix/cleanup[992]: 08C1B83422: message-id=<[email protected]>
    Jun 13 19:52:25 srv-b postfix/qmgr[2932]: 08C1B83422: from=<[email protected]>, size=1706, nrcpt=1 (queue active)
    Jun 13 19:52:25 srv-b postfix/smtpd[1256]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Jun 13 19:52:25 srv-b amavis[1411]: (01411-03) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [127.0.0.1] [80.11.30.178] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: e74Qld9734HE, Hits: -0.999, size: 747, queued_as: 08C1B83422, dkim_new=default:democrasite.com, 1065 ms
    Jun 13 19:52:25 srv-b postfix/lmtp[1071]: C980583403: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.7, delays=0.52/0.05/0.02/1.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 08C1B83422)
    Jun 13 19:52:25 srv-b postfix/qmgr[2932]: C980583403: removed
    Jun 13 19:52:25 srv-b dovecot: lmtp(1308): Connect from local
    Jun 13 19:52:25 srv-b dovecot: lmtp([email protected])<1308><+AXVCnmVp2IcBQAADlvl9Q>: msgid=<[email protected]>: saved mail to INBOX
    Jun 13 19:52:25 srv-b postfix/lmtp[1295]: 08C1B83422: to=<[email protected]>, relay=srv-b.democrasite.com[private/dovecot-lmtp], delay=0.24, delays=0.03/0.08/0.03/0.09, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> +AXVCnmVp2IcBQAADlvl9Q Saved)
    Jun 13 19:52:25 srv-b postfix/qmgr[2932]: 08C1B83422: removed
    Jun 13 19:52:25 srv-b dovecot: lmtp(1308): Disconnect from local: Client has quit the connection (state=READY)
    where can I check that port 25 is the smtp port for postfix, and if it is open for the addresses created in my ispConfig?

    Thank you.
     
    Last edited: Jun 13, 2022
  19. kameleon1er

    kameleon1er Member

    Code:
    netstat -nlp | grep 25
    tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      1259/master         
    tcp        0      0 127.0.0.1:10027         0.0.0.0:*               LISTEN      1259/master         
    tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      1259/master         
    tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      1259/master         
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      1259/master         
    tcp6       0      0 :::587                  :::*                    LISTEN      1259/master         
    tcp6       0      0 :::465                  :::*                    LISTEN      1259/master         
    tcp6       0      0 :::25                   :::*                    LISTEN      1259/master         
    unix  2      [ ACC ]     STREAM     LISTENING     42390    1259/master          private/smtp
    unix  2      [ ACC ]     STREAM     LISTENING     42393    1259/master          private/relay
    unix  2      [ ACC ]     STREAM     LISTENING     42396    1259/master          public/showq
    unix  2      [ ACC ]     STREAM     LISTENING     42399    1259/master          private/error
    unix  2      [ ACC ]     STREAM     LISTENING     42402    1259/master          private/retry
    unix  2      [ ACC ]     STREAM     LISTENING     42405    1259/master          private/discard
    unix  2      [ ACC ]     STREAM     LISTENING     42408    1259/master          private/local
    unix  2      [ ACC ]     STREAM     LISTENING     42411    1259/master          private/virtual
    unix  2      [ ACC ]     STREAM     LISTENING     42414    1259/master          private/lmtp
    unix  2      [ ACC ]     STREAM     LISTENING     42417    1259/master          private/anvil
    unix  2      [ ACC ]     STREAM     LISTENING     42420    1259/master          private/scache
    unix  2      [ ACC ]     STREAM     LISTENING     42426    1259/master          private/maildrop
    unix  2      [ ACC ]     STREAM     LISTENING     42429    1259/master          private/uucp
    unix  2      [ ACC ]     STREAM     LISTENING     42432    1259/master          private/ifmail
    unix  2      [ ACC ]     STREAM     LISTENING     42435    1259/master          private/bsmtp
    unix  2      [ ACC ]     STREAM     LISTENING     42438    1259/master          private/scalemail-backend
    unix  2      [ ACC ]     STREAM     LISTENING     42441    1259/master          private/mailman
    unix  2      [ ACC ]     STREAM     LISTENING     42444    1259/master          private/dovecot
    unix  2      [ ACC ]     STREAM     LISTENING     42447    1259/master          private/amavis
    unix  2      [ ACC ]     STREAM     LISTENING     5402551  2712/Passenger core  /tmp/passenger.wgxoJAs/agents.s/core
    unix  2      [ ACC ]     STREAM     LISTENING     5402552  2712/Passenger core  /tmp/passenger.wgxoJAs/agents.s/core_api
    unix  2      [ ACC ]     STREAM     LISTENING     46175    725/clamd            /var/run/clamav/clamd.ctl
    unix  2      [ ACC ]     STREAM     LISTENING     42585    1289/amavisd-new (m  /var/lib/amavis/amavisd.sock
    unix  2      [ ACC ]     STREAM     LISTENING     11257951 25450/php-cgi        /var/lib/apache2/fcgid/sock/2696.26
    unix  2      [ ACC ]     STREAM     LISTENING     10045725 2877/php-cgi         /var/lib/apache2/fcgid/sock/2696.19
    unix  2      [ ACC ]     STREAM     LISTENING     25065    672/php-fpm: master  /run/php/php7.4-fpm.sock
    unix  2      [ ACC ]     STREAM     LISTENING     42352    1259/master          public/pickup
    unix  2      [ ACC ]     STREAM     LISTENING     42356    1259/master          public/cleanup
    unix  2      [ ACC ]     STREAM     LISTENING     42359    1259/master          public/qmgr
    unix  2      [ ACC ]     STREAM     LISTENING     42363    1259/master          private/tlsmgr
    unix  2      [ ACC ]     STREAM     LISTENING     42366    1259/master          private/rewrite
    unix  2      [ ACC ]     STREAM     LISTENING     42369    1259/master          private/bounce
    unix  2      [ ACC ]     STREAM     LISTENING     42372    1259/master          private/defer
    unix  2      [ ACC ]     STREAM     LISTENING     42375    1259/master          private/trace
    unix  2      [ ACC ]     STREAM     LISTENING     42378    1259/master          private/verify
    unix  2      [ ACC ]     STREAM     LISTENING     42381    1259/master          public/flush
    unix  2      [ ACC ]     STREAM     LISTENING     42384    1259/master          private/proxymap
    unix  2      [ ACC ]     STREAM     LISTENING     42387    1259/master          private/proxywrite
    

    Code:
    srv-b:~#  postconf -n
    address_verify_negative_refresh_time = 60s
    address_verify_sender_ttl = 15686s
    address_verify_transport_maps = static:smtp:[127.0.0.1]:10025
    address_verify_virtual_transport = smtp:[127.0.0.1]:10025
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    append_dot_mydomain = no
    authorized_flush_users =
    authorized_mailq_users = nagios, icinga
    biff = no
    body_checks = regexp:/etc/postfix/body_checks
    broken_sasl_auth_clients = yes
    compatibility_level = 2
    content_filter = lmtp:[127.0.0.1]:10024
    dovecot_destination_recipient_limit = 1
    enable_original_recipient = yes
    greylisting = check_policy_service inet:127.0.0.1:10023
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = /usr/share/doc/postfix/html
    inet_interfaces = all
    inet_protocols = all
    mailbox_size_limit = 0
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    message_size_limit = 0
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    mydestination = srv-b.democrasite.com, localhost, localhost.localdomain,
    myhostname = srv-b.democrasite.com
    mynetworks = 127.0.0.0/8 [::1]/128
    myorigin = /etc/mailname
    
    Test telnet :
    Code:
    ehlo kameleon.fr
    250-srv-b.democrasite.com
    250-PIPELINING
    250-SIZE
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250-DSN
    250-SMTPUTF8
    250 CHUNKING
    mail from:<[email protected]>
    250 2.1.0 Ok
    rcpt to;<[email protected]> Notify=success,failure
    501 5.5.4 Syntax: RCPT TO:<address>
    RCPT TO:<[email protected]> Notify=success,failure
    250 2.1.5 Ok
    DATA
    354 End data with <CR><LF>.<CR><LF>
    Subject: test from Nabil
    
    This is a message
    .
    250 2.0.0 Ok: queued as B49B88342C
    
     
  20. kameleon1er

    kameleon1er Member

    Solved !! What a fight… o_O
    Finally, i reran the postfix configuration "dpkg reconfigure" and i think i got confused between my main domain name, the subdomain to install ispConfig, the localhosts etc... following the Perfect Server Debian-Postfix guide...

    The problem when you are a beginner following the tutorials, is that those who write them think that in the configuration examples, it is obvious for the reader to know exactly what to put in place of the example terms (copy or put your own info)

    Anyway... that's how you learn :rolleyes:

    So I took the opportunity to update my debian 10 and my ispConfig! :cool: I'm The UpdatedMan…

    Merci @Taleman
     

Share This Page