I recently purchased a cloud VPS service.
I've configured my website everything on that front is fine and well, however I noticed email isn't always being received.
Having inspected the log at: /var/log/maillog
I can see the following:
Sep 10 21:59:01 mail sendmail[2615]: u8AKx0ZK002614: to=root, ctladdr=<apache#mywebsitedomain.co.uk> (48/48), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=41036, dsn=2.0.0, stat=Sent
Sep 10 22:03:16 mail sendmail[2656]: u8AL3G7U002656: from=apache, size=10690, class=0, nrcpts=1, msgid=<015be58bc4d8990a25ba7895538ea4db#mywebsitedomain.co.uk>, relay=apache#localhost
Sep 10 22:03:16 mail sendmail[2657]: u8AL3G7h002657: from=<apache#mywebsitedomain.co.uk>, size=10783, class=0, nrcpts=1, msgid=<015be58bc4d8990a25ba7895538ea4db#mywebsitedomain.co.uk>, proto=ESMTP, daemon=MTA, relay=mywebsitedomain.co.uk [127.0.0.1]
Sep 10 22:03:16 mail sendmail[2656]: u8AL3G7U002656: to=info#mywebsitedomain.co.uk, ctladdr=apache (48/48), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=40690, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u8AL3G7h002657 Message accepted for delivery)
Sep 10 22:03:16 mail sendmail[2658]: u8AL3G7h002657: to=root, ctladdr=<apache#mywebsitedomain.co.uk> (48/48), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=40996, dsn=2.0.0, stat=Sent
Sep 10 22:03:16 mail sendmail[2660]: u8AL3GQp002660: from=apache, size=10914, class=0, nrcpts=1, msgid=<d148a9c441d201d8a24c64c517050ede#mywebsitedomain.co.uk>, relay=apache#localhost
Sep 10 22:03:16 mail sendmail[2661]: u8AL3GB4002661: from=<apache#mywebsitedomain.co.uk>, size=11007, class=0, nrcpts=1, msgid=<d148a9c441d201d8a24c64c517050ede#mywebsitedomain.co.uk>, proto=ESMTP, daemon=MTA, relay=mywebsitedomain.co.uk [127.0.0.1]
Sep 10 22:03:16 mail sendmail[2660]: u8AL3GQp002660: to=mypersonalemail#googlemail.com, ctladdr=apache (48/48), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=40914, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u8AL3GB4002661 Message accepted for delivery)
Sep 10 22:03:16 mail sendmail[2663]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Sep 10 22:03:17 mail sendmail[2663]: u8AL3GB4002661: to=<mypersonalemail#googlemail.com>, ctladdr=<apache#mywebsitedomain.co.uk> (48/48), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=131007, relay=gmail-smtp-in.l.google.com. [64.233.166.26], dsn=2.0.0, stat=Sent (OK 1473541397 f23si8646501wmh.115 - gsmtp)
The email is successfully received on my personal Google email address, but the other order confirmation isn't received on the business email side (which is hosted by Google Apps)
I can also see for some reason the email apache#mywebsitedomain.co.uk is being used... When really I guess this should be info?
Could this be the reason I am not receiving emails or am I missing the plot here?
Any help would be greatly appreciated as always!
EDIT
I tried the contact form again and this now no longer works, I have a feeling because I haven't changed my live DNS of the domain to the new server. Google feels I may be spoofing the email address? But I did alter the SPF record to include the new server IP (would this not be enough?)
This was resolved by simply installing and switching to postfix (Credit to Rocket_Doge_) for helping me with this!
Related
Suddenly my nordvpn through openvpn on my raspberry pi isn't working anymore. Now I get the following error:
Sun Sep 13 12:25:14 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Sep 13 12:25:14 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Sep 13 12:25:14 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]62.112.11.159:443
Sun Sep 13 12:25:14 2020 Socket Buffers: R=[87380->87380] S=[16384->16384]
Sun Sep 13 12:25:14 2020 Attempting to establish TCP connection with [AF_INET]62.112.11.159:443 [nonblock]
Sun Sep 13 12:25:15 2020 TCP connection established with [AF_INET]62.112.11.159:443
Sun Sep 13 12:25:15 2020 TCP_CLIENT link local: (not bound)
Sun Sep 13 12:25:15 2020 TCP_CLIENT link remote: [AF_INET]62.112.11.159:443
Sun Sep 13 12:25:15 2020 Connection reset, restarting [0]
Sun Sep 13 12:25:15 2020 SIGUSR1[soft,connection-reset] received, process restarting
Sun Sep 13 12:25:15 2020 Restart pause, 5 second(s)
No idea what to do. I can't find any server log. Tried removing and reinstalling. Tried updating. I can connect to the internet. It's just when I try to connect to a OVPN file it does this in a loop. I can even give a wrong login information and it won't say anything. Can anyone shine some light on this? Thanks
I setup my EC2 Instance with CentOS and Sendmail via SES over a year ago. All was tested & running fine for almost a year. But now for some reason all emails stopped being delivered.
The maillog shows the following:
Jul 17 11:11:12 tippingapplications sendmail[3808]: x6HI9YBG003808: from=admin#tippingapplications.com, size=106, class=0, nrcpts=1, msgid=<201907171809.x6HI9YBG003808#tippingapplications.com>, relay=root#localhost
Jul 17 11:11:12 tippingapplications sendmail[3815]: x6HIBCHK003815: from=<admin#tippingapplications.com>, size=372, class=0, nrcpts=1, msgid=<201907171809.x6HI9YBG003808#tippingapplications.com>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Jul 17 11:11:12 tippingapplications sendmail[3808]: x6HI9YBG003808: to=barry.ralphs#gmail.com, delay=00:01:38, xdelay=00:00:00, mailer=relay, pri=30106, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (x6HIBCHK003815 Message accepted for delivery)
Jul 17 11:11:12 tippingapplications sendmail[3817]: STARTTLS=client, relay=mx203.inbound-mx.org., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Jul 17 11:11:13 tippingapplications sendmail[3817]: x6HIBCHK003815: to=<barry.ralphs#gmail.com>, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120372, relay=mx203.inbound-mx.org. [198.133.158.249], dsn=2.0.0, stat=Sent (Queued!)
I don't see any messages being marked as delivered, rejected, bounced in my SES dashboard. My SES reputation dashboard shows healthy.
Any help would be greatly appreciated.
So my issue is like the title suggests. However I have tried the following suggestions from this page (https://documentation.cpanel.net/display/ALD/Installation+Guide+-+Troubleshoot+Your+Installation#InstallationGuide-TroubleshootYourInstallation-Licenseerrors) with no results.
1.) curl -L http://cpanel.net/showip.cgi (shows my ip address on the server for use on the verify.cpanel.net script), this can be verified also here... (http://verify.cpanel.net/index.cgi?ip=xxx.xxx.xxx.xx) (I don't like showing my IP, but trust me it was verified.)
2.) /usr/local/cpanel/cpkeyclt
Updating cPanel license...Done. Update Failed!
Error message:
A License check appears to already be running.
Building global cache for cpanel...Done
So the above didn't work.
I then tried these commands.
3.) /usr/local/cpanel/etc/init/stopcpsrvd and then /usr/local/cpanel/scripts/upcp --sync to attempt to resynchronize.
This appears to successfully run but I still get the same error. Attached below is the error message I get when I attempt to login to WHM.
4.) I then tried running rdate -s rdate.cpanel.net as suggested in some other posts to have the times match up and then when I run (/usr/local/cpanel/cpkeyclt) it seems to time out and nothing ever happens.
Looking at the logs for the cpanel license (/usr/local/cpanel/logs/license_log) I see this.
Tue Jul 26 16:23:30 2016: Trying server 208.74.125.22
Tue Jul 26 16:23:45 2016: Timed out while connecting to port 2089
Tue Jul 26 16:24:00 2016: Timed out while connecting to port 80
Tue Jul 26 16:24:15 2016: Timed out while connecting to port 110
Tue Jul 26 16:24:30 2016: Timed out while connecting to port 143
Tue Jul 26 16:24:45 2016: Timed out while connecting to port 25
Tue Jul 26 16:25:00 2016: Timed out while connecting to port 23
Tue Jul 26 16:25:15 2016: Timed out while connecting to port 993
Tue Jul 26 16:25:30 2016: Timed out while connecting to port 995
Tue Jul 26 16:30:14 2016: License Update Request
Tue Jul 26 16:30:14 2016: Using full manual DNS resolution
Tue Jul 26 16:30:14 2016: Trying server 208.74.121.85
Tue Jul 26 16:30:29 2016: Timed out while connecting to port 2089
Any help is appreciated!
Notes
Results of running /usr/local/cpanel/etc/init/stopcpsrvd
/usr/local/cpanel/etc/init/stopcpsrvd
Waiting for “cpsrvd” to stop ……Gracefully Terminating processes: cpsrvd: with pids 20842 and owner root.......waited 1 second(s) for 1 process(es) to terminate....Done
…finished.
Startup Log
Starting PID 20839: /usr/local/cpanel/libexec/cpsrvd-dormant
Results of running /usr/local/cpanel/scripts/upcp –sync (Couldn't show everything because of text character limitations)
[2016-07-26 15:39:39 -0400] Detected cron=0 (Terminal detected)
----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------
=> Log opened from cPanel Update (upcp) - Slave (21620) at Tue Jul 26 15:41:53 2016
[2016-07-26 15:41:53 -0400] Maintenance completed successfully
[2016-07-26 15:41:54 -0400] 95% complete
[2016-07-26 15:41:54 -0400] Running Standardized hooks
[2016-07-26 15:41:54 -0400] 100% complete
[2016-07-26 15:41:54 -0400]
[2016-07-26 15:41:54 -0400] cPanel update completed
[2016-07-26 15:41:54 -0400] A log of this update is available at /var/cpanel/updatelogs/update.1469561979.log
[2016-07-26 15:41:54 -0400] Removing upcp pidfile
[2016-07-26 15:41:54 -0400]
[2016-07-26 15:41:54 -0400] Completed all updates
=> Log closed Tue Jul 26 15:41:54 2016
It turns out the answer was IPTables. Before that it was the rDate command that was necessary to fix it, but my IPTables was blocking the connections.
To temporarily disable your firewall do this.
iptables-save > /root/current.ipt
iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT
iptables -F INPUT; iptables -F OUTPUT
ping -c 3 google.com
iptables-restore < /root/current.ipt
rm -f /root/current.ipt
The first command saves a copy of your firewall settings.
The next 2 commands make it so all input/output are allowed (for outgoing and incoming connections)
Finally test by pinging the ip address that was giving the issue for cPanel in your log file.
If it works that means the update license command will work.
Simply run:
/usr/local/cpanel/cpkeyclt
and you are good to go.
You can restore back your rules by using the last 2 commands if you want:
iptables-restore < /root/current.ipt
rm -f /root/current.ipt
Be warned that you will be blocked again, unless you fix the firewall.
We have a server with DirectAdmin panel where is exim. It's default configuration like here:
http://files.directadmin.com/services/exim.conf
We get e-mails for example from kontakt#hoseo.pl to kontakt#hoseo.pl it's spoofed:
Examples:
1.
Return-path: <nickedc#gmail.com>
Envelope-to: kontakt#hoseo.pl
Delivery-date: Thu, 12 Sep 2013 03:15:21 +0200
Received: from [200.10.67.162] (helo=gmail.com)
by omega.hoseo.pl with esmtp (Exim 4.80.1)
(envelope-from <nickedc#gmail.com>)
id 1VJvV7-0003OM-UP
for kontakt#hoseo.pl; Thu, 12 Sep 2013 03:15:21 +0200
Received: from [191.7.129.87] (account quadrennial16#gmail.com HELO lyjqnysvr.nfevzzqxeweo.tv)
by (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 125612437 for kontakt#hoseo.pl; Wed, 11 Sep 2013 20:17:47 -0500
Date: Wed, 11 Sep 2013 20:17:47 -0500
From: <kontakt#hoseo.pl>
X-Mailer: The Bat! (v3.5.25) Home
X-Priority: 3 (Normal)
Message-ID: <9925188213.R1G0JAD6616751#hfvnvpdpni.dahsrtr.ru>
To: <kontakt#hoseo.pl>
Subject: Jestem gotow placic Ci 95 euro za spolecznie uzyteczne prace wykonywane w wolnym czasie
MIME-Version: 1.0
Content-Type: text/html;
charset=iso-8859-2
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 130911-1, 2013-09-11), Inbound message
X-Antivirus-Status: Clean
2.
Return-path: <dishwashersd333#google.com>
Envelope-to: kontakt#hoseo.pl
Delivery-date: Thu, 12 Sep 2013 02:14:09 +0200
Received: from [190.235.181.209]
by omega.hoseo.pl with esmtp (Exim 4.80.1)
(envelope-from <dishwashersd333#google.com>)
id 1VJuXw-004BKW-NW
for kontakt#hoseo.pl; Thu, 12 Sep 2013 02:14:09 +0200
Received: from [113.131.148.117] (helo=zczdtmhvqilhrkl.tnksjy.ru)
by with esmtpa (Exim 4.69)
(envelope-from )
id 1MMSEG-7581uu-1R
for kontakt#hoseo.pl; Thu, 12 Sep 2013 12:13:24 +1200
Date: Thu, 12 Sep 2013 12:13:24 +1200
From: <kontakt#hoseo.pl>
X-Mailer: The Bat! (v3.5) Educational
X-Priority: 3 (Normal)
Message-ID: <5655874272.ZBYQ02EL661445#ukcchbjmedjown.tboxgld.tv>
To: <kontakt#hoseo.pl>
Subject: Czy chcialbys (chcialabys) pomagac chorym w wolnym czasie i zarabiac minimum 300 euro w tygodniu?
MIME-Version: 1.0
Content-Type: text/html;
charset=Windows-1252
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 130911-1, 2013-09-11), Inbound message
X-Antivirus-Status: Clean
3.
Return-path: <walesg61#gmail.com>
Envelope-to: kontakt#hoseo.pl
Delivery-date: Thu, 12 Sep 2013 00:07:26 +0200
Received: from [181.67.29.61] (helo=gmail.com)
by omega.hoseo.pl with esmtp (Exim 4.80.1)
(envelope-from <walesg61#gmail.com>)
id 1VJsZJ-003a4R-Rp
for kontakt#hoseo.pl; Thu, 12 Sep 2013 00:07:26 +0200
Date: Wed, 11 Sep 2013 23:09:57 +0100
From: <kontakt#hoseo.pl>
To: <kontakt#hoseo.pl>
Subject: Zapraszamy do zarobienia dodatkowo w wolnym czasie minimum 100 euro za godzine.
X-Mailer: vfvlsvltd
MIME-Version: 1.0
Content-Type: text/html;
charset=unicode
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 130911-0, 2013-09-11), Inbound message
X-Antivirus-Status: Clean
In Postfix to prevent this can do:
smtpd_recipient_restrictions = [...]
permit_sasl_authenticated,
check_sender_access proxy:mysql:/etc/postfix/mysql/mysql_virtual_nosasl.cf,
[...]
The first rule lets emails from users who have gone through SASL. The second checks to see if the sender's domain in the MAIL FROM is one of my domains. If so, it will block email from 554 Checking rules * _restrictions ends on the first match. So if the sender from my domain has not completed the permit_sasl_authenticated, it means that it is not my user and another rule should be blocked.
How do this with DirectAdmin exim.conf?
and more about spoofing
When an SMTP email is sent, the initial connection provides two pieces of address information:
MAIL FROM: - generally presented to the recipient as the Return-path: header but not normally visible to the end user,[6] and by default no checks are done that the sending system is authorized to send on behalf of that address.
RCPT TO: - specifies which email address the email is delivered to, is not normally visible to the end user but may be present in the headers as part of the "Received:" header.
Together these are sometimes referred to as the "envelope" addressing, by analogy with a traditional paper envelope.[7]
Once the receiving mail server signals that it accepted these two items, the sending system sends the "DATA" command, and typically sends several header items, including:
From: Joe Q Doe - the address visible to the recipient; but again, by default no checks are done that the sending system is authorized to send on behalf of that address.
Reply-to: Jane Roe - similarly not checked
The result is that the email recipient sees the email as having come from the address in the From: header; they may sometimes be able to find the MAIL FROM address; and if they reply to the email it will go to either the address presented in the MAIL FROM: or Reply-to: header - but none of these addresses are typically reliable.[8]
Furthermore the mail server may not check that these domains have been registered in the DNS and are configured to receive emails. This may generate backscatter if a reply is generated.
Non of my ftp accounts work via ftp since I upgraded to plesk 9.5.4. I get "530 login incorrect." The username and password are correct since I can see them at both at /etc/passwd and /etc/shadow. I have tried changing the information via Domains -> mydomain.com -> Web Hosting Settings -> FTP Login and I still get the error. If I add a user name or password via Web Users, it is added to the password file, but that login does not work either. My root login via SSH works fine. Any suggestions?
Thanks,
-Jonathan
Check your /var/log/messages for errors from proftpd.
Here is my /var/log/messages for simple FTP session:
Jan 16 16:39:15 localhost xinetd[577]: START: ftp pid=9317 from=::ffff:10.50.2.4
Jan 16 16:39:16 localhost proftpd[9317]: 10.52.52.203 (10.50.2.4[10.50.2.4]) - FTP session opened.
Jan 16 16:39:16 localhost proftpd[9317]: 10.52.52.203 (10.50.2.4[10.50.2.4]) - FTP session closed.
Jan 16 16:39:16 localhost xinetd[577]: EXIT: ftp status=0 pid=9317 duration=1(sec)
Jan 16 16:39:16 localhost xinetd[577]: START: ftp pid=9318 from=::ffff:10.50.2.4
Jan 16 16:39:16 localhost proftpd[9318]: 10.52.52.203 (10.50.2.4[10.50.2.4]) - FTP session opened.
Jan 16 16:39:22 localhost proftpd[9318]: 10.52.52.203 (10.50.2.4[10.50.2.4]) - Preparing to chroot to directory '/var/www/vhosts/domain.tld'
Jan 16 16:40:03 localhost xinetd[577]: Exiting...