postfix/master[2776]: fatal: bind 0.0.0.0 port 25: Address already in use

Discussion in 'Server Operation' started by dynamind, Jun 27, 2011.

  1. dynamind

    dynamind Member

    over night the SMTP server can't be used anymore. with netstat -tap I see:


    Aktive Internetverbindungen (Server und stehende Verbindungen)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:sunrpc *:* LISTEN 795/portmap
    tcp 0 0 *:ftp *:* LISTEN 2758/pure-ftpd (SER
    tcp 0 0 server2.local:domain *:* LISTEN 1506/named
    tcp 0 0 server2.semseoag:domain *:* LISTEN 1506/named
    tcp 0 0 server2.semseoagenc:ipp *:* LISTEN 1662/cupsd
    tcp 0 0 server2.semseoagen:smtp *:* LISTEN 2826/exim4
    tcp 0 0 server2.semseoagenc:953 *:* LISTEN 1506/named
    tcp 0 0 *:58810 *:* LISTEN 808/rpc.statd
    tcp 0 0 *:8612 *:* LISTEN 2269/sshd
    tcp 0 0 server2.semseoage:10024 *:* LISTEN 1937/amavisd (maste
    tcp 0 0 *:mysql *:* LISTEN 2425/mysqld
    tcp 0 0 server2.semseoage:11211 *:* LISTEN 2177/memcached
    tcp 0 52 server2.local:8612 ACER-PC:50205 VERBUNDEN 3348/0
    tcp6 0 0 [::]:imap2 [::]:* LISTEN 1199/couriertcpd
    tcp6 0 0 [::]:www [::]:* LISTEN 2012/apache2
    tcp6 0 0 [::]:tproxy [::]:* LISTEN 2012/apache2
    tcp6 0 0 [::]:ftp [::]:* LISTEN 2758/pure-ftpd (SER
    tcp6 0 0 [::]:domain [::]:* LISTEN 1506/named
    tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN 1662/cupsd
    tcp6 0 0 ip6-localhost:smtp [::]:* LISTEN 2826/exim4
    tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 1506/named
    tcp6 0 0 [::]:https [::]:* LISTEN 2012/apache2
    tcp6 0 0 [::]:imaps [::]:* LISTEN 1197/couriertcpd
    tcp6 0 0 [::]:pop3s [::]:* LISTEN 1198/couriertcpd
    tcp6 0 0 [::]:8612 [::]:* LISTEN 2269/sshd
    tcp6 0 0 [::]:2340 [::]:* LISTEN 2012/apache2
    tcp6 0 0 [::]:pop3 [::]:* LISTEN 1196/couriertcpd

    I guess the problems comes from exim4 but I did not install this package.


    root@server2:~# apt-get remove exim4
    Paketlisten werden gelesen... Fertig
    Abhängigkeitsbaum wird aufgebaut
    Statusinformationen werden eingelesen... Fertig
    Paket exim4 ist nicht installiert, wird also auch nicht entfernt.
    0 aktualisiert, 0 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
    root@server2:~# apt-get remove exim
    Paketlisten werden gelesen... Fertig
    Abhängigkeitsbaum wird aufgebaut
    Statusinformationen werden eingelesen... Fertig
    Virtuelle Pakete wie »exim« können nicht entfernt werden
    0 aktualisiert, 0 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
    root@server2:~#
     
    dynamind, Jun 27, 2011
    #1
  2. falko

    falko Super Moderator Howtoforge Staff

    Have you tried to stop exim and start Postfix?
     
    falko, Jun 28, 2011
    #2
  3. dynamind

    dynamind Member

    Yes, I removed exim4 with:

    apt-get -y remove --purge exim4
    aptitude purge ~c

    Then the ports don't collide anymore, but there seems to be another issue, maybe with IPfire. I'll try to play back my backup from a definetely running server and try it again.

    You can imagine my setup like that:

    Hyper-V Server 2008 R2 with

    IPFire interfaces
    red (bridged)
    green (vlan)

    behind that:

    Debian Squeeze ISPConfig3 single server setup with interface
    green (vlan)

    Everything except the mailserver works flawlessly.
     
    dynamind, Jun 28, 2011
    #3
  4. dynamind

    dynamind Member

    issues fixed

    I used this guide to remove exim4 completely, now it works again : )

    thank you very much! ISPConfig ist strictly awesome. :D
     
    dynamind, Jun 28, 2011
    #4
  5. dynamind

    dynamind Member

    IPFire shows me someone is trying to hack my mailserver

    Datum: 06/29 10:59:16 Name: ET SCAN Tomcat admin-blank login credentials
    Priorität: 1 Typ: Attempted Administrator Privilege Gain
    IP-Info: 61.143.210.230:53829 -> 10.0.0.95:80
    Referenzen: http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Tomcat_Brute
    http://doc.emergingthreats.net/2009218
    http://tomcat.apache.org
    SID: 2009218
    Datum: 06/29 10:59:19 Name: ET SCAN Tomcat admin-admin login credentials
    Priorität: 1 Typ: Attempted Administrator Privilege Gain
    IP-Info: 61.143.210.230:57027 -> 10.0.0.95:80
    Referenzen: http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Tomcat_Brute
    http://doc.emergingthreats.net/2009217
    http://tomcat.apache.org
    SID: 2009217
    Datum: 06/29 10:59:19 Name: ET SCAN Tomcat admin-blank login credentials
    Priorität: 1 Typ: Attempted Administrator Privilege Gain
    IP-Info: 61.143.210.230:57027 -> 10.0.0.95:80
    Referenzen: http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Tomcat_Brute
    http://doc.emergingthreats.net/2009218
    http://tomcat.apache.org

    *LOL* but it blocks all ticked threats : )
     
    dynamind, Jun 29, 2011
    #5

Share This Page