Hello, I hope I'm not boring the support staff but I want my ISPconfig-enabled servers to run as smoothly as possible and I'm fairly new in the Linux world. My Mail-Error - Log (Monitor > Show Mail-Error - Log) is filled with "example.com" references. Right now "example.com" is mentioned 32 on the log page. It looks something like this: Is this normal? Should I be worried?
You must have example.com somewhere in the config files instead of your real domain name. try e.g.: grep -r example.com /etc to find it.
When I executed Code: grep -r example.com /etc the result had 58 lines before it frozen. This is the result: Code: grep: /etc/alternatives/jre_1.7.0/lib/audio/default.sf2: No such file or directory grep: /etc/alternatives/jre_openjdk/lib/audio/default.sf2: No such file or directory grep: /etc/alternatives/jre/lib/audio/default.sf2: No such file or directory /etc/httpd/conf/httpd.conf:#ServerName www.example.com:80 /etc/httpd/conf/httpd.conf:# Redirect permanent /foo http://www.example.com/bar /etc/httpd/conf/httpd.conf:#ErrorDocument 402 http://www.example.com/subscription_info.html /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable. /etc/httpd/conf/httpd.conf:# Allow from .example.com /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable. /etc/httpd/conf/httpd.conf:# Allow from .example.com /etc/httpd/conf/httpd.conf:# Allow from .example.com /etc/httpd/conf/httpd.conf:# ServerAdmin [email protected] /etc/httpd/conf/httpd.conf:# DocumentRoot /www/docs/dummy-host.example.com /etc/httpd/conf/httpd.conf:# ServerName dummy-host.example.com /etc/httpd/conf/httpd.conf:# ErrorLog logs/dummy-host.example.com-error_log /etc/httpd/conf/httpd.conf:# CustomLog logs/dummy-host.example.com-access_log common /etc/httpd/conf.d/webalizer.conf: # Allow from .example.com /etc/postfix/transport:# In order to send mail for example.com and its subdomains /etc/postfix/transport:# example.com uucp:example /etc/postfix/transport:# .example.com uucp:example /etc/postfix/transport:# directs mail for [email protected] via the slow transport /etc/postfix/transport:# to a mail exchanger for example.com. The slow transport /etc/postfix/transport:# example.com slow: /etc/postfix/transport:# above). The following sends all mail for example.com and /etc/postfix/transport:# its subdomains to host gateway.example.com: /etc/postfix/transport:# example.com :[gateway.example.com] /etc/postfix/transport:# .example.com :[gateway.example.com] /etc/postfix/transport:# MX host for example.com. /etc/postfix/transport:# example.com smtp:bar.example:2025 /etc/postfix/transport:# This directs mail for [email protected] to host bar.example /etc/postfix/transport:# .example.com error:mail for *.example.com is not deliverable /etc/postfix/transport:# This causes all mail for [email protected] to be /etc/amavisd/amavisd.conf~:$mydomain = 'example.com'; # a convenient default for other settings /etc/amavisd/amavisd.conf~:# $myhostname = 'host.example.com'; # must be a fully-qualified domain name! /etc/amavisd/amavisd.conf~:# '[email protected]' => [{'[email protected]' => 10.0}], /etc/amavisd/amavisd.conf~:# '[email protected]' => [{'.ebay.com' => -3.0}], /etc/amavisd/amavisd.conf~:# '[email protected]' => [{'[email protected]' => -7.0, /etc/amavisd/amavisd.conf:# $myhostname = 'host.example.com'; # must be a fully-qualified domain name! /etc/amavisd/amavisd.conf:# '[email protected]' => [{'[email protected]' => 10.0}], /etc/amavisd/amavisd.conf:# '[email protected]' => [{'.ebay.com' => -3.0}], /etc/amavisd/amavisd.conf:# '[email protected]' => [{'[email protected]' => -7.0, /etc/dovecot/conf.d/auth-static.conf.ext:# args = proxy=y host=%1Mu.example.com nopassword=y /etc/dovecot/dovecot-sql.conf:# connect = host=sql.example.com dbname=virtual user=virtual password=blarg /etc/krb5.conf: kdc = kerberos.example.com /etc/krb5.conf: admin_server = kerberos.example.com /etc/krb5.conf: .example.com = EXAMPLE.COM /etc/krb5.conf: example.com = EXAMPLE.COM /etc/mail/virtusertable:# @foo.org %[email protected] /etc/mail/virtusertable:# old+*@foo.org new+%[email protected] /etc/mail/virtusertable:# gen+*@foo.org %[email protected] /etc/mail/virtusertable:# +*@foo.org %1%[email protected] /etc/mail/virtusertable:# [email protected] Z%[email protected] /etc/dovecot-sql.conf:# connect = host=sql.example.com dbname=virtual user=virtual password=blarg /etc/php.ini:; following the section heading [HOST=www.example.com] only apply to /etc/php.ini:; PHP files served from www.example.com. Directives set in these /etc/php.ini:;sendmail_from = [email protected] grep: /etc/udev/devices/ttyp7: Input/output error grep: /etc/udev/devices/kmsg: Operation not permitted
Seems a bit as if there was a fifferent controlpanel installed before you installed ISPConfig as there are so many files that dont belong to a ispconfig setup. You should chcek the files in /etc/postfix, /etc/mail and /etc/amavisd/ directory. before you change a file, do a backup.
I swear there was nothing but CentOS before I installed ISPConfig. Thank you. I'll come back with the results.
etc/postfix only Code: /etc/postfix/transport and everything is uncommented etc/mail only Code: /etc/mail/virtusertable and everything is uncommented /etc/amavisd both files Code: /etc/amavisd/amavisd.conf /etc/amavisd/amavisd.conf~ and in both files everything is uncommented exept Code: # soft-blacklisting (positive score) '[email protected]' => 3.0, '.example.net' => 1.0,
Ok, so thats all fine. Do you see these messages in the mailqueue when you run: postqueue -p If yes, then you could take a loo inside the message with the postcat command to see which application has send it.
This is what I get when I run postqueue - p But when I go to Monitor > Show Mail Queue in ISPConfig, there is nothing. It could not fit here in the post so here is the link: http://paste.ofcode.org/xeNUCDqAPMCwGaagZmLNiY Please help.
Ok, there are some mails from fail2ban, in case that you did not check the fail2ban config files in /etc/fail2ban/ yet, then please do that now and replace example.com there. There is a email with the ID 0196531A1FB8 to [email protected], you can check it with the command: postcat /var/spool/postfix/deferred/0/0196531A1FB8
I just checked and ran grep -r example.com /etc/fail2ban There is Code: [email protected] in a lot of places in /etc/fail2ban/jail.conf Should I put my e-mail address instead? There is 'example.com' in other files too, but always uncommented. This is what I get when I execute postcat /var/spool/postfix/deferred/0/0196531A1FB8 http://paste.ofcode.org/HcHNtV2ZnJwAvF2hgBEFzw It looks like Fail2Ban is informing me (or rather informing [email protected]) about it banning the IP address. Am I right?