Trying to find where [email protected] is located

Discussion in 'ISPConfig 3 Priority Support' started by 360bladez, Aug 28, 2014.

  1. 360bladez

    360bladez New Member

    Hey

    Finished the The perfect server centos 6.4 guide a few days ago
    Now im trying to configure mail

    On my mail logs it shows

    Code:
    postfix/qmgr[911]: 67BA546E5AAA: from=<[email protected]>, size=4763, nrcpt=1 (queue active)
    Aug 28 21:04:39 www postfix/qmgr[911]: 850E246E5AB9: from=<[email protected]>, size=3372, nrcpt=1 (queue active)
    Aug 28 21:04:39 www postfix/qmgr[911]: 251B946E5ABE: from=<[email protected]>, size=3283, nrcpt=1 (queue active)
    Aug 28 21:04:39 www postfix/qmgr[911]: 05F1646E440B: from=<[email protected]>, size=643, nrcpt=1 (queue active)
    Aug 28 21:04:39 www postfix/qmgr[911]: 461F546E5AB5: from=<[email protected]>, size=3196, nrcpt=1 (queue active)
    Aug 28 21:04:39 www postfix/qmgr[911]: B92C346E5A9A: from=<[email protected]>, size=3441, nrcpt=1 (queue active)
    Code:
    Aug 28 21:05:39 www postfix/smtp[20709]: 05F1646E440B: to=<[email protected]>, relay=none, delay=134664, delays=134603/0.03/60/0, dsn=4.4.1, status=deferred (connect to example.com[93.184.216.119]:25: Connection timed out)
    I have edited the fail2ban configs files to email me on
    ban sasl, ssh
    But I can find where these configs are


    MY /etc/fail2ban/jail.local
    does not have a postfix section other then sasl
    I dont know where else to look

    Anyone have any ideas ?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Check /etc/postfix/main.cf and /etc/mailname
     
  3. 360bladez

    360bladez New Member

    Thanks for the response


    I dont have /etc/mailname

    I am trying to look through my main.cf and I am not seeing what is linking it
    I am going to post my main.cf, could you please take a look
     

    Attached Files:

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Do the command:

    hostname

    or

    hostname -f

    return example.com?
     
  5. 360bladez

    360bladez New Member

    Both return my correct hostname
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    try

    grep -r example.com /etc

    to see if there is any config file that includes that domain name.
     
  7. 360bladez

    360bladez New Member

    Code:
    /etc/httpd/conf.d/webalizer.conf:    # Allow from .example.com
    /etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
    /etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
    /etc/httpd/conf/httpd.conf:# Redirect permanent /foo http://www.example.com/bar
    /etc/httpd/conf/httpd.conf:#ErrorDocument 402 http://www.example.com/subscription_info.html
    /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:#    ServerAdmin [email protected]
    /etc/httpd/conf/httpd.conf:#    DocumentRoot /www/docs/dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    ServerName dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    ErrorLog logs/dummy-host.example.com-error_log
    /etc/httpd/conf/httpd.conf:#    CustomLog logs/dummy-host.example.com-access_log common
    grep: /etc/udev/devices/ptyaf: No such device or address
    grep: /etc/udev/devices/ptyac: No such device or address
    
    This doesnt seem to search all folders only that one
    Trying to look through all the files again to see if I missed something
    Any other ideas please let me know
    Thanks again!
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Nothing related to fail2ban. Then I dont know where else it can come from. Did you restart the server to ensure that all services use the latest settings from conf files?
     
  9. 360bladez

    360bladez New Member

    I dont know if you seen my edited reply
    That command only seems to be scanning that one folder

    if i do grep -r example.com /etc/fail2ban


    Code:
    /etc/fail2ban/jail.local:           sendmail-whois[name=ProFTPD, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=GSSFTPd, [email protected]]
    /etc/fail2ban/jail.local:              sendmail-whois[name=SSH, [email protected]]
    /etc/fail2ban/jail.local:           sendmail[name=Postfix, [email protected]]
    /etc/fail2ban/jail.local:action   = sendmail-whois[name=VSFTPD, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=VSFTPD, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-buffered[name=BadBots, lines=5, [email protected]]
    /etc/fail2ban/jail.local:           sendmail[name=Postfix, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=openwebmail, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name="SSH,IPFW", [email protected]]
    /etc/fail2ban/jail.local:#            sendmail-whois[name=Named, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Named, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=MySQL, dest=root, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"]
    /etc/fail2ban/jail.local:           blocklist_de[email="[email protected]", apikey="xxxxxx", service=%(filter)s]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Nagios, [email protected], [email protected], sendername="Fail2Ban"]
    /etc/fail2ban/action.d/complain.conf:#              -c [email protected]
    /etc/fail2ban/action.d/complain.conf:#              -- -f [email protected]
    /etc/fail2ban/action.d/mynetwatchman.conf:# mnwlogin = [email protected]
    /etc/fail2ban/action.d/dshield.conf:#              -c [email protected]
    /etc/fail2ban/action.d/dshield.conf:#              -- -f [email protected]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=ProFTPD, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=GSSFTPd, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=sasl, [email protected]]
    /etc/fail2ban/jail.conf:              sendmail-whois[name=SSH, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail[name=Postfix, [email protected]]
    /etc/fail2ban/jail.conf:action   = sendmail-whois[name=VSFTPD, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=VSFTPD, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-buffered[name=BadBots, lines=5, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail[name=Postfix, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=openwebmail, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name="SSH,IPFW", [email protected]]
    /etc/fail2ban/jail.conf:#            sendmail-whois[name=Named, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Named, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=MySQL, dest=root, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"]
    /etc/fail2ban/jail.conf:           blocklist_de[email="[email protected]", apikey="xxxxxx", service=%(filter)s]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Nagios, [email protected], [email protected], sendername="Fail2Ban"]
    
    Now I looked over these 2 files, Only 2 are set 2 true and they have my personal email address set


    hmm restarting might of worked.... I thought i restarted like 10 times since this issue began happening....going to give it a few hours and see
    nvm its back

    Code:
    ug 29 22:40:03 www postfix/smtpd[1146]: connect from localhost[::1]
    Aug 29 22:40:03 www postfix/smtpd[1146]: lost connection after CONNECT from localhost[::1]
    Aug 29 22:40:03 www postfix/smtpd[1146]: disconnect from localhost[::1]
    Aug 29 22:40:03 www dovecot: pop3-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured
    Aug 29 22:40:03 www dovecot: imap-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured
    Aug 29 22:40:22 www postfix/scache[1024]: statistics: start interval Aug 29 22:37:00
    Aug 29 22:40:22 www postfix/scache[1024]: statistics: domain lookup hits=0 miss=1 success=0%
    Aug 29 22:40:22 www postfix/scache[1024]: statistics: address lookup hits=0 miss=1 success=0%
    Aug 29 22:40:22 www postfix/scache[1024]: statistics: max simultaneous domains=1 addresses=1 connection=1
    Aug 29 22:41:50 www postfix/qmgr[908]: 2DC6E46E5AAF: from=<[email protected]>, size=3196, nrcpt=1 (queue active)
    Aug 29 22:41:50 www postfix/qmgr[908]: 464A046E5AA4: from=<[email protected]>, size=2829, nrcpt=1 (queue active)
    Aug 29 22:42:02 www postfix/smtpd[1039]: timeout after END-OF-MESSAGE from unknown[127.0.0.1]
    Aug 29 22:42:02 www postfix/smtpd[1039]: disconnect from unknown[127.0.0.1]
    Aug 29 22:42:05 www postfix/smtpd[1022]: timeout after END-OF-MESSAGE from unknown[127.0.0.1]
    Aug 29 22:42:05 www postfix/smtpd[1022]: disconnect from unknown[127.0.0.1]
    Aug 29 22:42:20 www postfix/smtp[1282]: connect to example.com[2606:2800:220:6d:26bf:1447:1097:aa7]:25: Connection timed out
    Aug 29 22:42:20 www postfix/smtp[1283]: connect to example.com[2606:2800:220:6d:26bf:1447:1097:aa7]:25: Connection timed out
    Aug 29 22:42:50 www postfix/smtp[1282]: connect to example.com[93.184.216.119]:25: Connection timed out
    Aug 29 22:42:50 www postfix/smtp[1283]: connect to example.com[93.184.216.119]:25: Connection timed out
    Aug 29 22:42:50 www postfix/smtp[1282]: 2DC6E46E5AAF: to=<[email protected]>, relay=none, delay=198125, delays=198064/0.01/60/0, dsn=4.4.1, status=deferred (connect to example.com[93.184.216.119]:25: Connection timed out)
    Aug 29 22:42:50 www postfix/smtp[1283]: 464A046E5AA4: to=<[email protected]>, relay=none, delay=203910, delays=203850/0.01/60/0, dsn=4.4.1, status=deferred (connect to example.com[93.184.216.119]:25: Connection timed out)
    Aug 29 22:45:02 www dovecot: imap-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured
    Aug 29 22:45:02 www postfix/smtpd[1385]: connect from localhost[::1]
    Aug 29 22:45:02 www postfix/smtpd[1385]: lost connection after CONNECT from localhost[::1]
    Aug 29 22:45:02 www postfix/smtpd[1385]: disconnect from localhost[::1]
    Aug 29 22:45:02 www dovecot: pop3-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured


    Code:
    /etc/amavisd/amavisd.conf:# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!
    /etc/amavisd/amavisd.conf:# '[email protected]'  => [{'[email protected]' => 10.0}],
    /etc/amavisd/amavisd.conf:# '[email protected]'  => [{'.ebay.com'                 => -3.0}],
    /etc/amavisd/amavisd.conf:# '[email protected]'  => [{'[email protected]' => -7.0,
    /etc/amavisd/amavisd.conf~:$mydomain = 'example.com';   # a convenient default for other settings
    /etc/amavisd/amavisd.conf~:# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!
    /etc/amavisd/amavisd.conf~:# '[email protected]'  => [{'[email protected]' => 10.0}],
    /etc/amavisd/amavisd.conf~:# '[email protected]'  => [{'.ebay.com'                 => -3.0}],
    /etc/amavisd/amavisd.conf~:# '[email protected]'  => [{'[email protected]' => -7.0,
    /etc/dovecot/conf.d/auth-static.conf.ext:#  args = proxy=y host=%1Mu.example.com nopassword=y
    /etc/dovecot/dovecot-sql.conf:#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
    /etc/dovecot-sql.conf:#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
    /etc/fail2ban/jail.local:           sendmail-whois[name=ProFTPD, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=GSSFTPd, [email protected]]
    /etc/fail2ban/jail.local:              sendmail-whois[name=SSH, [email protected]]
    /etc/fail2ban/jail.local:           sendmail[name=Postfix, [email protected]]
    /etc/fail2ban/jail.local:action   = sendmail-whois[name=VSFTPD, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=VSFTPD, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-buffered[name=BadBots, lines=5, [email protected]]
    /etc/fail2ban/jail.local:           sendmail[name=Postfix, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=openwebmail, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name="SSH,IPFW", [email protected]]
    /etc/fail2ban/jail.local:#            sendmail-whois[name=Named, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Named, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=MySQL, dest=root, [email protected]]
    /etc/fail2ban/jail.local:           sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"]
    /etc/fail2ban/jail.local:           blocklist_de[email="[email protected]", apikey="xxxxxx", service=%(filter)s]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Nagios, [email protected], [email protected], sendername="Fail2Ban"]
    /etc/fail2ban/action.d/complain.conf:#              -c [email protected]
    /etc/fail2ban/action.d/complain.conf:#              -- -f [email protected]
    /etc/fail2ban/action.d/mynetwatchman.conf:# mnwlogin = [email protected]
    /etc/fail2ban/action.d/dshield.conf:#              -c [email protected]
    /etc/fail2ban/action.d/dshield.conf:#              -- -f [email protected]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=ProFTPD, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=GSSFTPd, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=sasl, [email protected]]
    /etc/fail2ban/jail.conf:              sendmail-whois[name=SSH, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail[name=Postfix, [email protected]]
    /etc/fail2ban/jail.conf:action   = sendmail-whois[name=VSFTPD, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=VSFTPD, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-buffered[name=BadBots, lines=5, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail[name=Postfix, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=openwebmail, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name="SSH,IPFW", [email protected]]
    /etc/fail2ban/jail.conf:#            sendmail-whois[name=Named, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Named, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, [email protected], [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=MySQL, dest=root, [email protected]]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"]
    /etc/fail2ban/jail.conf:           blocklist_de[email="[email protected]", apikey="xxxxxx", service=%(filter)s]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Nagios, [email protected], [email protected], sendername="Fail2Ban"]
    /etc/httpd/conf.d/webalizer.conf:    # Allow from .example.com
    /etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
    /etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
    /etc/httpd/conf/httpd.conf:# Redirect permanent /foo http://www.example.com/bar
    /etc/httpd/conf/httpd.conf:#ErrorDocument 402 http://www.example.com/subscription_info.html
    /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:#    ServerAdmin [email protected]
    /etc/httpd/conf/httpd.conf:#    DocumentRoot /www/docs/dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    ServerName dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    ErrorLog logs/dummy-host.example.com-error_log
    /etc/httpd/conf/httpd.conf:#    CustomLog logs/dummy-host.example.com-access_log common
    /etc/krb5.conf:  kdc = kerberos.example.com
    /etc/krb5.conf:  admin_server = kerberos.example.com
    /etc/krb5.conf: .example.com = EXAMPLE.COM
    /etc/krb5.conf: example.com = EXAMPLE.COM
    /etc/mail/virtusertable:# @foo.org      %[email protected]
    /etc/mail/virtusertable:# old+*@foo.org new+%[email protected]
    /etc/mail/virtusertable:# gen+*@foo.org %[email protected]
    /etc/mail/virtusertable:# +*@foo.org    %1%[email protected]
    /etc/mail/virtusertable:# [email protected]   Z%[email protected]
    /etc/openldap/ldap.conf:#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
    /etc/php.ini:; following the section heading [HOST=www.example.com] only apply to
    /etc/php.ini:; PHP files served from www.example.com.  Directives set in these
    /etc/php.ini:;sendmail_from = [email protected]
    /etc/pki/dovecot/dovecot-openssl.cnf:# Common Name (*.example.com is also possible)
    /etc/pki/dovecot/dovecot-openssl.cnf:CN=imap.example.com
    /etc/pki/dovecot/dovecot-openssl.cnf:[email protected]
    /etc/postfix/transport:#        In order to send mail for example.com and  its  subdomains
    /etc/postfix/transport:#             example.com      uucp:example
    /etc/postfix/transport:#             .example.com     uucp:example
    /etc/postfix/transport:#        directs  mail  for [email protected] via the slow transport
    /etc/postfix/transport:#        to a mail exchanger for example.com.  The  slow  transport
    /etc/postfix/transport:#             example.com      slow:
    /etc/postfix/transport:#        above).  The following sends all mail for example.com  and
    /etc/postfix/transport:#        its subdomains to host gateway.example.com:
    /etc/postfix/transport:#             example.com      :[gateway.example.com]
    /etc/postfix/transport:#             .example.com     :[gateway.example.com]
    /etc/postfix/transport:#        MX host for example.com.
    /etc/postfix/transport:#             example.com      smtp:bar.example:2025
    /etc/postfix/transport:#        This directs mail for [email protected] to host bar.example
    /etc/postfix/transport:#             .example.com     error:mail for *.example.com is not deliverable
    /etc/postfix/transport:#        This  causes  all mail for [email protected] to be
    /etc/pure-ftpd/pureftpd-ldap.conf:LDAPServer ldap.example.com
    grep: /etc/udev/devices/ptyaf: No such device or address
    grep: /etc/udev/devices/ptyac: No such device or address
     
    Last edited: Aug 29, 2014

Share This Page