I have postfix installed and working.
A customer asked to send a file larger than message_size_limit, so I tweaked the value and restarted postfix.
My customer said that the problem wasn't fixed, so I telnetted into the server several times and ran the ehlo command, and the "SIZE" responses were a mix of the original message_size_limit and the new one.
I restated the postfix service again, but got the same results. I thought it was caching the result, so I changed it again, and now I am getting all 3 different "SIZE" responses with several ehlo commands. Apparently, the EHLO response header is cached somewhere, but I don't know how to reset it. I'd prefer to not restart the machine.
Any insight about my experience?
It's been a couple of hours since the switchover - it appears to be consistently sending the correct size n the EHLO response. I would sure have liked it to be correct immediately after the change.
The main.cf of postfix is not refreshing when I type service postfix restart.
To find out what the PID is for the app locking my postfix, I typed:
netstat -tulpn | grep :25
The "25" is the port Postfix is serving on.
The results contain the PID/Name that is keeping postfix restarts from reloading the main.cf.
Then I terminate the program gently with:
kill -15 ####
Where #### is the PID of the program found in step 1.
Then I can perform:
service postfix restart
and the main.cf will be refreshed.
Related
I've been struggling with this issue for 2 days now and it's starting to be a big problem.
we have 2 LB on which HAproxy is installed,
I've tried to change the certificats on the first one and it fell down and couldn't restart it even when getting back the old haproxy.cfg file.
after a while I tried to restart the server and it did the job. I had my Haproxy running on the failed node. and I successfully changed the ssl certificats on that one.
Then, I tried to do the same on the second, and then it went down and nothing seem to be correcting the problem; not restarting haproxy on the old haproxy.cfg file nor restarting the whole server.
the error I get is like this :
Starting frontend PAGEMAINTENANC_GUN: cannot bind socket [10.168.10.16:80]
Can you please give me some little help?
thank you all in advance.
It seems that I've been trying to bind to an IP address that is not local. That's why the HAproxy fails to start. The solution was to set ip_nonlocal_bind to 1.
To get info:
sysctl net.ipv4.ip_nonlocal_bind
Set net.ipv4.ip_nonlocal_bind to 1
sysctl -w net.ipv4.ip_nonlocal_bind=1
Restart HAproxy works
Trying to configure a syslog-ng server to send all of the logs that it receives, to another syslog-ng server over TLS. Both running RHEL 7. Everything seems to be working from an encryption and cert perspective. Not seeing any error messages in the logs, an openssl s_client test connection works successfully, I can see the packets coming in over the port that I'm using for TLS, but nothing is being written to disk on the second syslog-ng server. Here's the summary of the config on the syslog server that I'm trying to send the logs to:
source:
source s_encrypted_syslog {
syslog(ip(0.0.0.0) port(1470) transport("tls")
tls(key-file("/etc/syslog-ng/key.d/privkey.pem")
certfile("/etc/syslog-ng/cert.d/servercert.pem")
peer-verify(optional-untrusted)
}
#changing to trusted once issue is fixed
destination:
destination d_syslog_facility_f {
file("/mnt/syslog/$LOGHOST/log/$R_YEAR-$R_MONTH-$R_DAY/$HOST_FROM/$HOST/$FACILITY.log" dir-owner ("syslogng") dir-group("syslogng") owner("syslogng") group("syslogng"));
log setting:
log { source (s_encrypted_syslog); destination (d_syslog_facility_f); };
syslog-ng is currently running as root to rule out permission issues. selinux is currently set to permissive. Tried increasing the verbosity on syslog-ng logs and turned on debugging, but not seeing anything jumping out at me as far as errors or issues go. Also the odd thing is, I have very similar config on the first syslog-ng server and it's receiving and storing logs just fine.
Also, I should note that there could be some small typo's in the config above as I'm not able to copy and paste it. Syslog-ng allows me to start up the service with no errors with the config that I have loaded currently. It's simply not writing the data that it's receiving to the destination that I have specified.
It happens quite often that the packet filter prevents a connection to the syslog port, or in your case port 1470. In that case the server starts up successfully, you might even be able to connect using openssl s_client on the same host, but the client will not be able to establish a connection to the server.
Please check that you can actually connect to the server from the client computer (e.g. via openssl s_client, or at least with something like netcat or telnet).
If the connection works, another issue might be that the client is not routing messages to this encrypted destination. syslog-ng only performs the SSL handshake as messages are being sent. No messages would result in the connection being open but not really exchanging packets on the TCP level.
Couple of troubleshooting tips:
You can check if there is a connection between the client and the server with "netstat -antp | grep syslog-ng" on the server or the client. You should see connections in the ESTABLISHED state on both sides of the connection (with local/remote addresses switched of course).
Check that your packet filter lets port 1470 connections through. You are most likely using iptables, try reviewing your ruleset and see if port 1470 on TCP is allowed to pass in the INPUT chain. You could try adding a "LOG" rule right before the default rule to see if the packets are dropped at that level. If you already have LOG rules, you might check the kernel logs of the server to see if that LOG rule produced any messages.
You can also confirm if there's traffic with tcpdump on the server (e.g. tcpdump -pen port 1470). If you write the traffic dump to a file (e.g. the -w argument to tcpdump, along with -s 0 to avoid truncation), then this dump file can be analyzed with wireshark to see if the negotiation takes place. You should at the very least see a "Client Hello" and a "Server Hello" packet which are not encrypted at the beginning of the handshake.
Ever since upgrading to Exim 4.91, legitimate email notifications are being rejected with an error "T=remote_smtp: message is too big (transport limit = 1)".
This appears to be related to a new ACL in Exim as described here to block messages that contain lines longer than 998 octets :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828801
A macro was supposedly added to v4.88~RC6-2, which disables this ACL named IGNORE_SMTP_LINE_LENGTH_LIMIT and to disable the ACL you can configure it to 1.
In my configuration, I have a server that sends email notifications. This server uses another server as a smarthost. I am running centos and have a config at /etc/exim/exim.conf on both servers.
I can't seem to disable this ACL no matter what I do.
I have added IGNORE_SMTP_LINE_LENGTH_LIMIT=1 to the top of both servers exim.conf files and continue to get errors.
Any suggestions on what to do?
I use "one big config-file" (not split-config), and adding
IGNORE_SMTP_LINE_LENGTH_LIMIT=1
to /etc/exim4/exim4.conf.localmacros works.
My configuration is also splitted in multiple files and uses a smarthost. Following these instructions, it works:
Create a new file in acl directory with nano /etc/exim4/conf.d/acl/00_local and put this:
IGNORE_SMTP_LINE_LENGTH_LIMIT=1
Reload configuration with systemctl reload exim4 or restart the service with systemctl restart exim4
Send an email and check the exim logs from /var/log/exim4/mainlog.
I am trying to use Squid's (its 2.7STABLE8 version) reverse proxy service on Windows 7. When I try to start squid from "cmd" (as administrator) I get an error message such as;
"The Squid service could not be started
A system error has occurred
System error 1067 has occurred message
The process terminated unexpectedly"
To solve it I tried:
setting "http_port" to 80 and 8080
disabling user account control settings.
and followed the instructions on this website: Configuring a Basic Reverse Proxy in Squid on Windows
However, none of the solutions worked. Therefore if there is any other solution you might know it would be great.
Thanks
I checked my cache.log file, and it was reporting to;
"FATAL: ipcache_init: DNS name lookup tests failed"
Therefore, in the squid.conf file I set my dns_testname to;
"dns_testnames 0.0.0.0"
and it solved my problem.
Try this to check:
squid -k check
I had the same issue.
Just in case it helps someone, I got the same problem and was low disk space.
I made some cleanup and went back on in seconds.
Thanks.
when I check logs, I saw there is not "logs" folder under "c:\squid\var". after I create "logs" folder under there, it starts working. please make sure you have "c:\squid\var\logs"
My error it was the same.
My solution was: check the log in C:\squid\var\logs in the file chache, and i found this;
commBind: Cannot bind socket FD 14 to 192.168.3.12:3128: (10049) WSAEADDRNOTAVAIL, Cannot assign requested address.
FATAL: Cannot open HTTP Port
In a last time, i change the dir IP of my server, this was the origin of my trouble. In the file C:\squid\etc\squid.conf i change it again, and it solve of my.
I have developped an application in php. One of its functions is to ping an external server.
However, when this action was fired nothing happened. I checked the SELinux log and generated a policy to allow apache daemon to ping (ping works fine if log in as apache user). After installing that policy, no error is shown on SELinux log, but on the httpd log appears a lot of times:
ping: recvmsg: Permission denied
I know it is a SELinux configuration problem (Socket connection maybe?) because if I disable it, it works nice, but this is not an option for me.
I have redirected the output of the ping command to a text file and, after firing the action, this is the result:
PING myhost (myip) 56(84) bytes of data.
--- myhost ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 13002ms
So I am kind of stuck at this point. Anyone can help me?
Thanks a lot.
After a fresh install it all worked. Don't mess with policies, kids.