SMTP-server seams tob e down within Postfix

Discussion in 'Server Operation' started by Hans, Feb 23, 2006.

  1. Hans

    Hans Moderator Moderator

    My Debian server is located in a datacenter and the system ports for smtp, ssh, ftp, pop3, http are monitored.
    When one of these processes is down, I will receive a sms on my mobile phone.
    According my ISPConfig hosting-controlpanel everything is functioning fine.
    And I do not have any problems with any of the running processes but …
    everytime I receive a message from datacenter that my smtp is down.
    Two minutes later or so, I receive a sms again that all running processes are running and that my server is fine. This happens again and again.

    I have contacted the company in the datacenter, and they told me that when my smtp-server is not showing the initial greeting within 20 seconds, the monitoring system thinks that my smtp-server is down.

    I think it has something to do with a setting within Postfix, I had a look at this problem, but it is not clear to me why this problem occurs.

    Can anyone give me advise?

    I would be very grateful.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    If you connect to your server with telnet on localhost, how much time does it take if you get the server greeting?

    Another possibility might be that your postfix tries to resolve the domain of the monitoring serveice and thsi fails or took longer then 20 seconds.
     
  3. Hans

    Hans Moderator Moderator

    Till,
    I have setup a telnet connection.
    It took 28 seconds to establish the connection,
    which is 8 seconds more then the 20 seconds i mentioned before.

    Hans
     
  4. Hans

    Hans Moderator Moderator

    Till,
    I have setup a telnet connection.
    It took 28 seconds to establish the connection,
    which is 8 seconds more then the 20 seconds i mentioned before.

    To be more precise:

    It took me 28 sec. to reach my server from my pc at home to the server in the datacenter.
    THe command i used was: telnet <ip-address> 25

    On my server itself, it took almost no time.
    I used the command: telnet localhost 25

    Hans
     
  5. falko

    falko Super Moderator Howtoforge Staff

    Anything in the mail log?
     
  6. Hans

    Hans Moderator Moderator

    logfile

    Falko,

    The lines below is a copy of small piece of my /var/log/mail.log file.
    As you can see, the first two lines there is a normal behaviour (connect/disconnect).
    The next lines look strange to me, but i do not know why this accurs.
    I hope you can help me.

    Hans

    ---
    Feb 23 07:15:58 server1 postfix/smtpd[4227]: connect from sms-monitor.transip.nl[80.69.67.10]
    Feb 23 07:15:58 server1 postfix/smtpd[4227]: disconnect from sms-monitor.transip.nl[80.69.67.10]
    Feb 23 07:17:55 server1 courierpop3login: Connection, ip=[::ffff:80.69.67.10]
    Feb 23 07:17:55 server1 postfix/smtpd[4269]: unable to get certificate from '/etc/postfix/ssl/smtpd.crt'
    Feb 23 07:17:55 server1 postfix/smtpd[4269]: 4269:error:02001002:system library:fopen:No such file or directory:bss_file.c:2$
    Feb 23 07:17:55 server1 postfix/smtpd[4269]: 4269:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
    Feb 23 07:17:55 server1 postfix/smtpd[4269]: 4269:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:$
    Feb 23 07:17:55 server1 postfix/smtpd[4269]: TLS engine: cannot load RSA cert/key data
    Feb 23 07:17:55 server1 postfix/smtpd[4269]: connect from sms-monitor.transip.nl[80.69.67.10]
    Feb 23 07:17:55 server1 postfix/smtpd[4269]: disconnect from sms-monitor.transip.nl[80.69.67.10]
    ---
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess the SSL certificates in your postfix configuration where missing. Are there any certificates in /etc/postfix/ssl/
     
  8. Hans

    Hans Moderator Moderator

    directory contents

    Till,

    hereby i send you the directory contents of /etc/postfix/ssl
    server1:/etc/postfix/ssl# dir
    cacert.pem cakey.pem smtpd.csr smtpd.key


    Is this ok or do i miss smtpd.crt ? If so, how can i correct the problem?

    Hans:confused:
     
    Last edited: Feb 23, 2006
  9. falko

    falko Super Moderator Howtoforge Staff

    Run these commands:

    Code:
    cd /etc/postfix/ssl/
    openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
    chmod 600 smtpd.key
    openssl req -new -key smtpd.key -out smtpd.csr
    openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
    openssl rsa -in smtpd.key -out smtpd.key.unencrypted
    mv -f smtpd.key.unencrypted smtpd.key
    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
    Then restart Postfix.
     
  10. Hans

    Hans Moderator Moderator

    Falko,
    Thank you so much!
    It seems to be working now.

    Hans
     

Share This Page