Hi, I've a Squeeze Perfect Server installation with Bind Dovecot and Apache2. After the above installation I installed Roundcube and everything was working fine. I installed a secure certificate recently with StartSSL using that how-to. It seems my own mail is no longer working, nor is anyone elses. I've noticed that under Monitor I do have several requests in the mail queue for the last several days only. There is nothing in mail.err log. Every hour root gets mail from cron saying ispconfig/server/server.sh with a warning: "There is no public key available for the following key id: xxxxx" I actual have a directory that's gone missing, where I keep my individual daily database backups. Not sure how that happened. I'm the only one with root password, but I haven't changed the password for a while. I would like to get mail working again but not sure where to look. Any help would be greatly appreciated. Thank you.
Please take a look into the mail.log file in /var/log/ folder and post the errors that you get there. Most likely a wrong or no key file is installed for the ssl cert in postfix and /or dovecot.
mail.log errors Till, thank you for your help. I created a mail account for a site that had none. Then sent from my Outlook account an email to it. Also I signed into the new account in Roundcube an saw my welcome message. I sent an email to my outlook account from Roundcube. That was at 10:55 and 10:56 respectively. Since then the mail.log has been ablaze with activity about my email attempts. So far the mail has not been delivered in either direction. Also under /var/mail/ the expected new user record was not created, webnn. Also I did a netstat -tapn and dovecot is listed but not postfix. Here is the output from mail.log, but I don't see "errors". Code: May 20 11:00:01 ns01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:00:01 ns01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:00:01 ns01 postfix/smtpd[21174]: connect from localhost.localdomain[127.0.0.1] May 20 11:00:01 ns01 postfix/smtpd[21174]: lost connection after CONNECT from localhost.localdomain[127.0.0.1] May 20 11:00:01 ns01 postfix/smtpd[21174]: disconnect from localhost.localdomain[127.0.0.1] May 20 11:00:03 ns01 postfix/pickup[19522]: 3597B140086: uid=0 from=<root> May 20 11:00:03 ns01 postfix/cleanup[21209]: 3597B140086: message-id=<[email protected]> May 20 11:00:03 ns01 postfix/qmgr[2270]: 3597B140086: from=<[email protected]>, size=668, nrcpt=1 (queue active) May 20 11:00:03 ns01 postfix/smtpd[21214]: connect from localhost.localdomain[127.0.0.1] May 20 11:00:03 ns01 postfix/smtpd[21214]: AAE95140084: client=localhost.localdomain[127.0.0.1] May 20 11:00:03 ns01 postfix/cleanup[21209]: AAE95140084: message-id=<[email protected]> May 20 11:00:03 ns01 postfix/qmgr[2270]: AAE95140084: from=<[email protected]>, size=1179, nrcpt=1 (queue active) May 20 11:00:03 ns01 postfix/smtpd[21214]: disconnect from localhost.localdomain[127.0.0.1] May 20 11:00:03 ns01 amavis[30509]: (30509-07) Passed CLEAN, <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: sw82TKn3JRmX, Hits: -0.001, size: 668, queued_as: AAE95140084, 485 ms May 20 11:00:03 ns01 postfix/smtp[21211]: 3597B140086: to=<[email protected]>, orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.57, delays=0.08/0/0/0.49, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=30509-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AAE95140084) May 20 11:00:03 ns01 postfix/qmgr[2270]: 3597B140086: removed May 20 11:00:03 ns01 postfix/local[21215]: AAE95140084: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.08, delays=0.04/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION") May 20 11:00:03 ns01 postfix/qmgr[2270]: AAE95140084: removed May 20 11:00:12 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:00:12 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251 May 20 11:01:12 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:01:12 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251 May 20 11:02:12 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:02:12 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251 May 20 11:03:12 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:03:12 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251 May 20 11:04:12 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:04:12 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251 May 20 11:05:01 ns01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:05:01 ns01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:05:01 ns01 postfix/smtpd[21287]: connect from localhost.localdomain[127.0.0.1] May 20 11:05:01 ns01 postfix/smtpd[21287]: lost connection after CONNECT from localhost.localdomain[127.0.0.1] May 20 11:05:01 ns01 postfix/smtpd[21287]: disconnect from localhost.localdomain[127.0.0.1] May 20 11:05:12 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:05:12 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251 May 20 11:06:12 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:06:12 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251 May 20 11:07:12 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:07:12 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251 May 20 11:08:12 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:08:12 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251 May 20 11:09:13 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:09:13 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251 May 20 11:10:01 ns01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:10:01 ns01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:10:01 ns01 postfix/smtpd[21387]: connect from localhost.localdomain[127.0.0.1] May 20 11:10:01 ns01 postfix/smtpd[21387]: lost connection after CONNECT from localhost.localdomain[127.0.0.1] May 20 11:10:01 ns01 postfix/smtpd[21387]: disconnect from localhost.localdomain[127.0.0.1] May 20 11:10:07 ns01 postfix/master[2263]: terminating on signal 15 May 20 11:10:08 ns01 postfix/master[21509]: daemon started -- version 2.7.1, configuration /etc/postfix May 20 11:10:12 ns01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 11:10:12 ns01 dovecot: IMAP([email protected]): Disconnected: Logged out bytes=166/1251
The welcome message indicates that the local mailsystem is working correctly. To test if its a local issue or a remote issue, please login to roundcube, then send a email to the same address that you used for the roundcube login. It should be visible in the inbox within 1-2 minutes.
local test results Till, thank you again for your response and help. Yes, you are right the mail was delivered to the same account that sent it in less than 1 minute. I'm quite sure that my system has been hacked and I'm wondering if fail2ban is working properly. I remember, it may have been when I was running Fedora not sure, but I used to get messages to root mail all day long about IP addresses being banned. I don't get them anymore. I'm wondering if fail2ban is working properly? I've copied the log from Monitor and pasted it below. Code: Data from: 2013-05-21 11:45 2013-05-19 06:25:06,756 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN 2013-05-19 06:25:06,941 fail2ban.filter : INFO Log rotation detected for /var/log/syslog 2013-05-19 06:25:07,780 fail2ban.filter : INFO Log rotation detected for /var/log/mail.log 2013-05-19 06:25:07,942 fail2ban.filter : INFO Log rotation detected for /var/log/syslog 2013-05-19 06:25:08,075 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log 2013-05-19 06:26:02,126 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log 2013-05-19 06:26:05,837 fail2ban.filter : INFO Log rotation detected for /var/log/mail.log 2013-05-19 06:51:52,500 fail2ban.actions: WARNING [ssh] Ban 61.156.238.56 2013-05-19 07:01:53,164 fail2ban.actions: WARNING [ssh] Unban 61.156.238.56 2013-05-19 19:35:48,397 fail2ban.actions: WARNING [ssh] Ban 114.80.202.30 2013-05-19 19:45:49,062 fail2ban.actions: WARNING [ssh] Unban 114.80.202.30 2013-05-19 21:53:11,384 fail2ban.actions: WARNING [ssh] Ban 210.6.26.45 2013-05-19 22:03:12,050 fail2ban.actions: WARNING [ssh] Unban 210.6.26.45 2013-05-20 06:25:06,061 fail2ban.filter : INFO Log rotation detected for /var/log/syslog 2013-05-20 08:46:45,089 fail2ban.actions: WARNING [ssh] Ban 31.3.245.178 2013-05-20 08:56:45,751 fail2ban.actions: WARNING [ssh] Unban 31.3.245.178 2013-05-20 10:52:42,341 fail2ban.actions: WARNING [ssh] Ban 61.35.191.245 2013-05-20 11:02:43,002 fail2ban.actions: WARNING [ssh] Unban 61.35.191.245 2013-05-20 17:04:08,649 fail2ban.actions: WARNING [ssh] Ban 61.35.191.245 2013-05-20 17:14:09,314 fail2ban.actions: WARNING [ssh] Unban 61.35.191.245 2013-05-21 01:58:28,699 fail2ban.actions: WARNING [ssh] Ban 103.3.79.83 2013-05-21 02:08:29,362 fail2ban.actions: WARNING [ssh] Unban 103.3.79.83 2013-05-21 06:25:05,813 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
Ok, thats good. So the eror might be one of the following problems: - Your server blocks external mail connections: Please post the output of: iptables -L and netstat -tap - Your internet access provider which provides the internet connection to yourserver blocks port 25 or there is a router between the server and the internet whcih blocks port 25. - There is a dns problem, e.g. the MX record does not point to the server. Test the dns record(s) of the domain with e.g. intodns: http://www.intodns.com/ The Ban / Unban messages indicate that fail2ban is working correctly, at least for SSH. If you wnat to test it for other services you will have to use e.g. a mail client (not webmail) or a external FTP client and enter a wrong password more then 5 times. If you think that the system has been hacked, then you should check it with rkhunter: rkhunter --update and then rkhunter -c The most important part is if there are any rootkits found. In the first part which checks the binaries you will most likely see some false positives.
table results Till, thanks again for your response and help with this. Here are the results: iptables -L Code: Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh fail2ban-pureftpd tcp -- anywhere anywhere multiport dports ftp fail2ban-dovecot-pop3imap tcp -- anywhere anywhere multiport dports pop3,pop3s,imap2,imaps Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-dovecot-pop3imap (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-pureftpd (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere netstat -tap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 1748/mysqld tcp 0 0 *:submission *:* LISTEN 24159/master tcp 0 0 *:pop3 *:* LISTEN 2276/dovecot tcp 0 0 *:imap2 *:* LISTEN 2276/dovecot tcp 0 0 *:sunrpc *:* LISTEN 1059/portmap tcp 0 0 *:ssmtp *:* LISTEN 24159/master tcp 0 0 *:ftp *:* LISTEN 2235/pure-ftpd (SER tcp 0 0 ns01.delcowebhos:domain *:* LISTEN 1331/named tcp 0 0 localhost.locald:domain *:* LISTEN 1331/named tcp 0 0 *:ssh *:* LISTEN 1614/sshd tcp 0 0 *:smtp *:* LISTEN 12427/smtpd tcp 0 0 localhost.localdoma:953 *:* LISTEN 1331/named tcp 0 0 *:imaps *:* LISTEN 2276/dovecot tcp 0 0 *:pop3s *:* LISTEN 2276/dovecot tcp 0 0 *:56707 *:* LISTEN 1071/rpc.statd tcp 0 0 localhost.localdo:10024 *:* LISTEN 1863/amavisd (maste tcp 0 0 localhost.localdo:10025 *:* LISTEN 24159/master tcp 0 0 localhost.localdo:41798 localhost.localdo:mysql ESTABLISHED 30509/amavisd (ch10 tcp 0 0 localhost.localdo:41895 localhost.localdo:mysql ESTABLISHED 31544/amavisd (ch8- tcp 0 0 localhost.localdo:mysql localhost.localdo:41895 ESTABLISHED 1748/mysqld tcp 0 0 localhost.localdo:51627 localhost.localdoma:www TIME_WAIT - tcp 0 0 localhost.localdo:56649 localhost.localdoma:ftp TIME_WAIT - tcp 0 52 ns01.delcowebhostin:ssh 192.168.1.1:1643 ESTABLISHED 12365/0 tcp 0 0 localhost.localdo:mysql localhost.localdo:41798 ESTABLISHED 1748/mysqld tcp6 0 0 [::]:http-alt [::]:* LISTEN 2023/apache2 tcp6 0 0 [::]:www [::]:* LISTEN 2023/apache2 tcp6 0 0 [::]:tproxy [::]:* LISTEN 2023/apache2 tcp6 0 0 [::]:ftp [::]:* LISTEN 2235/pure-ftpd (SER tcp6 0 0 [::]:domain [::]:* LISTEN 1331/named tcp6 0 0 [::]:ssh [::]:* LISTEN 1614/sshd tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 1331/named tcp6 0 0 [::]:https [::]:* LISTEN 2023/apache2 intodns (which looks OK. a few informational messages, but mail had been working on the server but no longer works and dns hasn't changed) Code: Category Status Test name Information send feedback Parent Info Domain NS records Nameserver records returned by the parent servers are: ns01.delcowebhosting.com. ['71.225.4.213'] [TTL=172800] ns02.delcowebhosting.com. ['71.225.4.213'] [TTL=172800] g.gtld-servers.net was kind enough to give us that information. Pass TLD Parent Check Good. g.gtld-servers.net, the parent server I interrogated, has information for your TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check. Pass Your nameservers are listed Good. The parent server g.gtld-servers.net has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers. Pass DNS Parent sent Glue Good. The parent nameserver sent GLUE, meaning he sent your nameservers as well as the IPs of your nameservers. Glue records are A records that are associated with NS records to provide "bootstrapping" information to the nameserver.(see RFC 1912 section 2.3) Pass Nameservers A records Good. Every nameserver listed has A records. This is a must if you want to be found. NS Info NS records from your nameservers NS records got from your nameservers listed at the parent NS are: ns02.delcowebhosting.com ['71.225.4.213'] [TTL=86400] ns01.delcowebhosting.com ['71.225.4.213'] [TTL=86400] Pass Recursive Queries Good. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone. Pass Same Glue The A records (the GLUE) got from the parent zone check are the same as the ones got from your nameservers. You have to make sure your parent server has the same NS records for your zone as you do according to the RFC. This tests only nameservers that are common at the parent and at your nameservers. If there are any missing or stealth nameservers you should see them below! Pass Glue for NS records OK. When I asked your nameservers for your NS records they also returned the A records for the NS records. This is a good thing as it will spare an extra A lookup needed to find those A records. Pass Mismatched NS records OK. The NS records at all your nameservers are identical. Pass DNS servers responded Good. All nameservers listed at the parent server responded. Pass Name of nameservers are valid OK. All of the NS records that your nameservers report seem valid. Pass Multiple Nameservers Good. You have multiple nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me. Pass Nameservers are lame OK. All the nameservers listed at the parent servers answer authoritatively for your domain. Pass Missing nameservers reported by parent OK. All NS records are the same at the parent and at your nameservers. Pass Missing nameservers reported by your nameservers OK. All nameservers returned by the parent server g.gtld-servers.net are the same as the ones reported by your nameservers. Pass Domain CNAMEs OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. Pass NSs CNAME check OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. Warn Different subnets WARNING: Not all of your nameservers are in different subnets Pass IPs of nameservers are public Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like Pass DNS servers allow TCP connection OK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default. Warn Different autonomous systems WARNING: Single point of failure Pass Stealth NS records sent Ok. No stealth ns records are sent SOA Info SOA record The SOA record is: Primary nameserver: ns01.delcowebhosting.com Hostmaster E-mail address: webmaster.delcowebhosting.com Serial #: 2013021901 Refresh: 28800 Retry: 7200 Expire: 604800 1 weeks Default TTL: 86400 Pass NSs have same SOA serial OK. All your nameservers agree that your SOA serial number is 2013021901. Pass SOA MNAME entry OK. ns01.delcowebhosting.com That server is listed at the parent servers. Pass SOA Serial Your SOA serial number is: 2013021901. This appears to be in the recommended format of YYYYMMDDnn. Pass SOA REFRESH OK. Your SOA REFRESH interval is: 28800. That is OK Pass SOA RETRY Your SOA RETRY value is: 7200. Looks ok Pass SOA EXPIRE Your SOA EXPIRE number is: 604800.Looks ok Pass SOA MINIMUM TTL Your SOA MINIMUM TTL is: 86400. This value was used to serve as a default TTL for records without a given TTL value and now is used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours. Your value of 86400 is OK. MX Info MX Records Your MX records that were reported by your nameservers are: 10 mail.lightningflatscreenmounting.com 71.225.4.213 [These are all the MX records that I found. If there are some non common MX records at your nameservers you should see them below. ] Pass Different MX records at nameservers Good. Looks like all your nameservers have the same set of MX records. This tests to see if there are any MX records not reported by all your nameservers and also MX records that have the same hostname but different IPs Pass MX name validity Good. I did not detect any invalid hostnames for your MX records. Pass MX IPs are public OK. All of your MX records appear to use public IPs. Pass MX CNAME Check OK. No problems here. Pass MX A request returns CNAME OK. No CNAMEs returned for A records lookups. Pass MX is not IP OK. All of your MX records are host names. Info Number of MX records OK. Looks like you only have one MX record at your nameservers. You should be careful about what you are doing since you have a single point of failure that can lead to mail being lost if the server is down for a long time. Pass Mismatched MX A OK. I did not detect differing IPs for your MX records. Pass Duplicate MX A records OK. I have not found duplicate IP(s) for your MX records. This is a good thing. Pass Reverse MX A records (PTR) Your reverse (PTR) record: 213.4.225.71.in-addr.arpa -> c-71-225-4-213.hsd1.nj.comcast.net You have reverse (PTR) records for all your IPs, that is a good thing. WWW Info WWW A Record Your www.lightningflatscreenmounting.com A record is: www.lightningflatscreenmounting.com [71.225.4.213] Pass IPs are public OK. All of your WWW IPs appear to be public IPs. Pass WWW CNAME OK. No CNAME rkhunter Code: rkhunter --update [ Rootkit Hunter version 1.3.6 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat [ No update ] Checking file suspscan.dat [ No update ] Checking file i18n/cn [ No update ] Checking file i18n/de [ No update ] Checking file i18n/en [ No update ] Checking file i18n/zh [ No update ] Checking file i18n/zh.utf8 [ No update ] rkhunter -c [ Rootkit Hunter version 1.3.6 ] Checking system commands... Performing 'strings' command checks Checking 'strings' command [ OK ] Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preloaded libraries [ None found ] Checking LD_LIBRARY_PATH variable [ Not found ] Performing file properties checks Checking for prerequisites [ OK ] /bin/bash [ OK ] /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/cp [ OK ] /bin/date [ OK ] /bin/df [ OK ] /bin/dmesg [ OK ] /bin/echo [ OK ] /bin/egrep [ OK ] /bin/fgrep [ OK ] /bin/fuser [ OK ] /bin/grep [ OK ] /bin/ip [ OK ] /bin/kill [ OK ] /bin/less [ OK ] /bin/login [ OK ] /bin/ls [ OK ] /bin/lsmod [ OK ] /bin/mktemp [ OK ] /bin/more [ OK ] /bin/mount [ OK ] /bin/mv [ OK ] /bin/netstat [ OK ] /bin/ps [ OK ] /bin/pwd [ OK ] /bin/readlink [ OK ] /bin/sed [ OK ] /bin/sh [ OK ] /bin/su [ OK ] /bin/touch [ OK ] /bin/uname [ OK ] /bin/which [ OK ] /usr/bin/awk [ OK ] /usr/bin/basename [ OK ] /usr/bin/chattr [ OK ] /usr/bin/cut [ OK ] /usr/bin/diff [ OK ] /usr/bin/dirname [ OK ] /usr/bin/dpkg [ OK ] /usr/bin/dpkg-query [ OK ] /usr/bin/du [ OK ] /usr/bin/env [ OK ] /usr/bin/file [ OK ] /usr/bin/find [ OK ] /usr/bin/GET [ Warning ] /usr/bin/groups [ OK ] /usr/bin/head [ OK ] /usr/bin/id [ OK ] /usr/bin/killall [ OK ] /usr/bin/last [ OK ] /usr/bin/lastlog [ OK ] /usr/bin/ldd [ OK ] /usr/bin/less [ OK ] /usr/bin/locate [ OK ] /usr/bin/logger [ OK ] /usr/bin/lsattr [ OK ] /usr/bin/lsof [ OK ] /usr/bin/mail [ OK ] /usr/bin/md5sum [ OK ] /usr/bin/mlocate [ OK ] /usr/bin/newgrp [ OK ] /usr/bin/passwd [ OK ] /usr/bin/perl [ Warning ] /usr/bin/pgrep [ OK ] /usr/bin/pstree [ OK ] /usr/bin/rkhunter [ OK ] /usr/bin/runcon [ OK ] /usr/bin/sha1sum [ OK ] /usr/bin/sha224sum [ OK ] /usr/bin/sha256sum [ OK ] /usr/bin/sha384sum [ OK ] /usr/bin/sha512sum [ OK ] /usr/bin/size [ OK ] /usr/bin/sort [ OK ] /usr/bin/stat [ OK ] /usr/bin/strings [ OK ] /usr/bin/tail [ OK ] /usr/bin/test [ OK ] /usr/bin/top [ OK ] /usr/bin/touch [ OK ] /usr/bin/tr [ OK ] /usr/bin/uniq [ OK ] /usr/bin/users [ OK ] /usr/bin/vmstat [ OK ] /usr/bin/w [ OK ] /usr/bin/watch [ OK ] /usr/bin/wc [ OK ] /usr/bin/wget [ OK ] /usr/bin/whatis [ OK ] /usr/bin/whereis [ OK ] /usr/bin/which [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/bin/mawk [ OK ] /usr/bin/lwp-request [ Warning ] /usr/bin/bsd-mailx [ OK ] /usr/bin/w.procps [ OK ] /sbin/depmod [ OK ] /sbin/ifconfig [ OK ] /sbin/ifdown [ OK ] /sbin/ifup [ OK ] /sbin/init [ OK ] /sbin/insmod [ OK ] /sbin/ip [ OK ] /sbin/lsmod [ OK ] /sbin/modinfo [ OK ] /sbin/modprobe [ OK ] /sbin/rmmod [ OK ] /sbin/runlevel [ OK ] /sbin/sulogin [ OK ] /sbin/sysctl [ OK ] /usr/sbin/adduser [ OK ] /usr/sbin/chroot [ OK ] /usr/sbin/cron [ OK ] /usr/sbin/groupadd [ OK ] /usr/sbin/groupdel [ OK ] /usr/sbin/groupmod [ OK ] /usr/sbin/grpck [ OK ] /usr/sbin/inetd [ Warning ] /usr/sbin/nologin [ OK ] /usr/sbin/pwck [ OK ] /usr/sbin/rsyslogd [ OK ] /usr/sbin/tcpd [ OK ] /usr/sbin/useradd [ OK ] /usr/sbin/userdel [ OK ] /usr/sbin/usermod [ OK ] /usr/sbin/vipw [ OK ] /usr/sbin/unhide-linux26 [ OK ]
router Linksys wireless router: Block Anonymous Internet Requests: ON Filter Multicast: ON Filter IDENT(Port 113): ON Access Restrictions: No blocked services No website blocking Applications: Along with everything Apache and DNS, SMTP, and POP3 all are sent to the local address of my server.
iptables and netstat output are fine, postfix is listening on all network interfaces on port 25 and 587 and it is not blocked by a local firewall. The dns record seems to be fine as well. I then tested if I'am able to connect to your server on port 25 or 587 from outside but that not possible. I then tested the same for port 80 (apache) and this works. So it seems that somehow the email ports are blocked between the internet and the server. As you mentioned that this setup worked before, do you remember anything that happened right before the problems started that might be realted to the issue, e.g. did you configure something in the router or did youraccess provider announced any changes in ther service?
previous activity Till, thanks again for your response and help. Two months ago, I installed a StartSSL class2 certificate. Following that I set up 2 sites in Joomla. Before that I know mail was working because I did a site for a guy and tested that his mail was working. When I got a complaint about mail not working, first I checked root mail, which I should check more frequently. That's when I noticed that my daily MySQL backups had stopped working. Reason: the backup directory was missing. That's why I thought I was hacked. I don't remember any notice from my ISP about changes. Perhaps the next step is to contact them and ask what's going on.
ISP not using 25 due to spam Please could you inform me how to switch smtp to 587. ISP (Comcast) told me due to spamming they are not using 25 any longer. I'm not sure how to go about changing to 587. ROUTER specification was simply SMTP without a port being specified, which routed to my server box. Not sure if default included 25 and 587, so I deactivated it and added a separate line for smtp routed to port 587 going to my server. SERVER /etc/services has process called submission on 587 tcp and udp. Can you tell me how to change this? Eliminate the line for smtp 25, and rename 587 lines smtp? Or what should I do here? I think isptables are OK. Is there anything else that needs to change? Thanks in advance for assistance with this.
The problem is that you cant run a "real" mail server without port 25. The submission port 587 is a alternative port to send out emails if you have a mail server located in a datacenter. I will describe you now how to activte the submission port in case it is not already active, but I fear it wont solve your problem as all external servers will ty to contact your server on port 25. Take a look into the file /etc/postfix/master.cf, there you will find a line that starts with "submission" plus a few additional lines that are indented similar to this: Code: #submission inet n - - - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING to activate the submission port, change it like this: Code: submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING In my opinion, you cant run a normal mailserver with port 25 closed. You should consider to rent a vps server in a datacenter and use that as mailserver or at least as mail relay which acepts and sends mail for your server on port 25 and forwards these emails on the submission port to your local server.
called ISP again Till, thank your for your response again. Upon reading your last message I checked the submission and it is already un-commented in roundcube. I called my ISP again with more information and was told to use either 465 or 995. Could I use either of these? Will Roundcube work with 465, which is smpt ssl? On the router I opened 995, 465, and 587, while "SMTP" and whatever assignments it is making is disabled. I tried 995. I changed the /etc/services smtp 25 line to smtp 995 and rebooted the system. Now I get a message when trying to login to roundcube, "Connection to storage server failed". In the longer term I can change service providers, but in the short term hopefully I can come up with something. I think it could take weeks to change the IP address of my dns server records. Apparently roundcube was using port 25? Could either roundcube or squirelmail be assigned another port? Is it easier to use 465 because it's already being used for mail over SSL? I do have a class2 certificate installed.
Hi, roundcube connects to the local server on port 25, this is ok and not related to your problem. Please undo the changes in /etc/services, this change will only break the setup and will not help. The problem is that your server cant be reached from the internet caused by your isp is blocking port 25, it is not a problem of the local server setup or local mail delivery. As long as port 25 is closed, you wont be able to receive any mails on your system that were sent to you over the internet. What your isp suggested to you are settings for running a mail client, not server, with this ISP. To enable your server to send emails again, you have to use a realy server. Most likely your ISP provides one for its customers if they disallow other methods to send email. You should ask them for the hostname and smtp login details of that relay server and enter them in ispconfig under System > Server config > mail (Relayhost, Relay user, relay password). For the email receiving I'am not aware of a solution to circumvent the blocked port except of using a server which is located in the internet. Instead of moving the IP to a new ISP, you might be able to change the dns record of your domain name to a new server / virtual server with new ip which is reachable on port 25.
new IP service Thank you again for your response. Wasn't really sure how to point to a new virtual server so I went with a new ISP and got a new static IP address. The previous IP address was dynamic but it hadn't changed since I first got the service 2 years ago. I figured I don't yet have all that many sites and I would just change them all manually. OK, new ISP service up and running and I obviously can access the internet and I'm doing so thru my same old router. Didn't even need a modem, just ran the rs232 cable straight to the router and I was good to go. But now ISPConfig won't respond @ server.example.tld:8080. Was it because I changed from dynamic to static IP and server network doesn't know? Thank you once again for your assistance.
Please try to use the new ip address insstead of server.example.tld. So if the new ip is e.g. 1.2.3.4, then use: http://1.2.3.4:8080 or https://1.2.3.4:8080 to connect to ispconfig. If this works, then there is most likely a dns problem with server.example.tld subdomain.
got in with local address Till, Thanks again for your response. Couldn't get in with external IP address but switched to internal address and got in. When I got in here's what I did: Changes in ISPConfig: Service was dynamic and now is static. Changed Server Config IP address to new external address (was internal address), Netmask to specification ISP gave me, and Gateway was internal (192.168.0.1) and changed to external specification ISP gave me, Host Name remains the same, Nameservers were changed to new ones for new ISP. Changed all my DNS records for all sites to new IP address as well as template. (Also Changed Router Internet Setup from Auto Configuration DHCP to Static IP and entered all the specification given to me by ISP, same as the ones I entered in Server Config above. But my local network address server setting is still set DHCP Server enable) RESULTS: All native PHP HTML sites working fine. PROBLEMS: WordPress sites work but all take way too long to come up. It wasn't like this before I switched IP address. Do I need to reinstall these WordPress sites? Mail is still not getting out of my system, but still works internally. My server can't send or receive mail to the outside. New ISP assures me that port 25 isn't being blocked. But it was working and now it's not working. Does Debian automatically update itself and could it overlay something? What can be wrong?
correction Correction: I can send mail to my server and receive it in Roundcube from outside, just can't send out. Checked Monitor and it says I'm out of space in root lv partition. Will correct that and see if it fixes mail problem.
postfix startup message Hi, I extended the root partition and rebooted the server. Got this message Code: Starting Postfix Mail Transport agent: postfix. Unexpected first line <localhost.localdomain: timed out, nothing received Not sure if that's a problem. Fixing the out of space error hasn't fixed the mail sending problem. Still can't send mail. Can only receive mail.
