sendgrid cpanel exim failure

sendgrid cpanel exim failure - cpanel

I was following instructions at the below websites
http://sendgrid.com/docs/Integrate/Mail_Servers/exim.html
http://knowledgelayer.softlayer.com/procedure/e-mail-delivery-service-server-side-configuration-centos-cpanel-exim
It seems to be configured correctly, but when I try to send an email via a php script I get the following error:
2013-03-23 17:09:48 cwd=/home/chrism/public_html 3 args: /usr/sbin/sendmail -t -i
2013-03-23 17:09:48 1UJVhE-0008SI-VG <= chrism#host.blastohosting.com U=chrism P=local S=389 T="Test" for blasto333#yahoo.com
2013-03-23 17:09:48 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UJVhE-0008SI-VG
2013-03-23 17:09:49 1UJVhE-0008SI-VG remote host address is the local host: yahoo.com
2013-03-23 17:09:49 1UJVhE-0008SI-VG == blasto333#yahoo.com R=send_via_sendgrid defer (-1): remote host address is the local host
2013-03-23 17:09:49 1UJVhE-0008SI-VG Frozen
I am trying to send to a #yahoo.com address but it fails for some reason.
dig yahoo.com
root#host [~]# dig -t mx yahoo.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> -t mx yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50122
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 7
;; QUESTION SECTION:
;yahoo.com. IN MX
;; ANSWER SECTION:
yahoo.com. 576 IN MX 1 mta5.am0.yahoodns.net.
yahoo.com. 576 IN MX 1 mta6.am0.yahoodns.net.
yahoo.com. 576 IN MX 1 mta7.am0.yahoodns.net.
;; AUTHORITY SECTION:
yahoo.com. 147199 IN NS ns4.yahoo.com.
yahoo.com. 147199 IN NS ns5.yahoo.com.
yahoo.com. 147199 IN NS ns6.yahoo.com.
yahoo.com. 147199 IN NS ns8.yahoo.com.
yahoo.com. 147199 IN NS ns1.yahoo.com.
yahoo.com. 147199 IN NS ns2.yahoo.com.
yahoo.com. 147199 IN NS ns3.yahoo.com.
;; ADDITIONAL SECTION:
ns1.yahoo.com. 8562 IN A 68.180.131.16
ns2.yahoo.com. 8562 IN A 68.142.255.16
ns3.yahoo.com. 147199 IN A 98.138.222.11
ns4.yahoo.com. 8562 IN A 68.142.196.63
ns5.yahoo.com. 8562 IN A 119.160.247.124
ns6.yahoo.com. 8562 IN A 202.43.223.170
ns8.yahoo.com. 8562 IN A 202.165.104.22
;; Query time: 31 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 24 13:48:02 2013
;; MSG SIZE rcvd: 344
exim command:
root#host [~]# exim -d -bt blasto333#yahoo.com
Exim version 4.80 uid=0 gid=0 pid=13408 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (July 12, 2010)
Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning DKIM Old_Demime Experimental_SPF Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz passwd
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Size of off_t: 8
Compiler: GCC [4.1.2 20080704 (Red Hat 4.1.2-52)]
Library version: OpenSSL: Compile: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Runtime: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Library version: PCRE: Compile: 8.12
Runtime: 8.12 2011-01-15
Total 9 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST: "/etc/exim_trusted_configs"
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=13408
auxiliary group list: <none>
seeking password data for user "cpaneleximfilter": cache not available
getpwnam() succeeded uid=508 gid=505
seeking password data for user "root": cache not available
getpwnam() succeeded uid=0 gid=0
changed uid/gid: calling tls_validate_require_cipher
uid=47 gid=12 pid=13409
auxiliary group list: <none>
tls_require_ciphers expands to "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP"
tls_validate_require_cipher child 13409 ended: status=0x0
configuration file is /etc/exim.conf
log selectors = 00001dfc 00293043
trusted user
admin user
seeking password data for user "mailnull": cache not available
getpwnam() succeeded uid=47 gid=47
originator: uid=0 gid=0 login=root name=root
sender address = root#host.blastohosting.com
Address testing: uid=0 gid=12 euid=0 egid=12
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Testing blasto333#yahoo.com
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Considering blasto333#yahoo.com
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing blasto333#yahoo.com
--------> send_via_sendgrid router <--------
local_part=blasto333 domain=yahoo.com
checking domains
search_open: lsearch "/etc/localdomains"
search_find: file="/etc/localdomains"
key="yahoo.com" partial=-1 affix=NULL starflags=0
LRU list:
4/etc/localdomains
End
internal_search_find: file="/etc/localdomains"
type=lsearch key="yahoo.com"
file lookup required for yahoo.com
in /etc/localdomains
lookup failed
yahoo.com in "lsearch;/etc/localdomains"? no (end of list)
yahoo.com in "! +local_domains"? yes (end of list)
calling send_via_sendgrid router
send_via_sendgrid router called for blasto333#yahoo.com
domain = yahoo.com
route_item = * smtp.sendgrid.net::587 byname
yahoo.com in "*"? yes (matched "*")
original list of hosts = "smtp.sendgrid.net::587" options = byname
expanded list of hosts = "smtp.sendgrid.net::587" options = byname
set transport sendgrid_smtp
finding IP address for smtp.sendgrid.net:587
host=smtp.sendgrid.net port=587
calling host_find_byname
gethostbyname2(af=inet6) returned 4 (NO_DATA)
local host found for non-MX address
fully qualified name = host.blastohosting.com
gethostbyname2 looked up these IP addresses:
name=host.blastohosting.com address=67.222.16.43
LOG: MAIN
remote host address is the local host: yahoo.com (while routing <blasto333#yahoo.com>)
send_via_sendgrid router: defer for blasto333#yahoo.com
message: remote host address is the local host
blasto333#yahoo.com cannot be resolved at this time: remote host address is the local host
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=13408 terminating with rc=1 >>>>>>>>>>>>>>>>
exim command with default settings:
root#host [~]# exim -d -bt blasto333#yahoo.com
Exim version 4.80 uid=0 gid=0 pid=13681 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (July 12, 2010)
Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning DKIM Old_Demime Experimental_SPF Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz passwd
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Size of off_t: 8
Compiler: GCC [4.1.2 20080704 (Red Hat 4.1.2-52)]
Library version: OpenSSL: Compile: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Runtime: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Library version: PCRE: Compile: 8.12
Runtime: 8.12 2011-01-15
Total 9 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST: "/etc/exim_trusted_configs"
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=13681
auxiliary group list: <none>
seeking password data for user "cpaneleximfilter": cache not available
getpwnam() succeeded uid=508 gid=505
seeking password data for user "root": cache not available
getpwnam() succeeded uid=0 gid=0
changed uid/gid: calling tls_validate_require_cipher
uid=47 gid=12 pid=13682
auxiliary group list: <none>
tls_require_ciphers expands to "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP"
tls_validate_require_cipher child 13682 ended: status=0x0
configuration file is /etc/exim.conf
log selectors = 00001dfc 00293043
trusted user
admin user
seeking password data for user "mailnull": cache not available
getpwnam() succeeded uid=47 gid=47
originator: uid=0 gid=0 login=root name=root
sender address = root#host.blastohosting.com
Address testing: uid=0 gid=12 euid=0 egid=12
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Testing blasto333#yahoo.com
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Considering blasto333#yahoo.com
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing blasto333#yahoo.com
--------> democheck router <--------
local_part=blasto333 domain=yahoo.com
checking require_files
file check: +/etc/demouids
expanded file: /etc/demouids
stat() yielded 0
checking "condition"
search_open: lsearch "/etc/demouids"
search_find: file="/etc/demouids"
key="0" partial=-1 affix=NULL starflags=0
LRU list:
4/etc/demouids
End
internal_search_find: file="/etc/demouids"
type=lsearch key="0"
file lookup required for 0
in /etc/demouids
lookup failed
democheck router skipped: condition failure
--------> check_mail_permissions router <--------
local_part=blasto333 domain=yahoo.com
checking domains
search_open: lsearch "/etc/localdomains"
search_find: file="/etc/localdomains"
key="yahoo.com" partial=-1 affix=NULL starflags=0
LRU list:
4/etc/localdomains
4/etc/demouids
End
internal_search_find: file="/etc/localdomains"
type=lsearch key="yahoo.com"
file lookup required for yahoo.com
in /etc/localdomains
lookup failed
yahoo.com in "lsearch;/etc/localdomains"? no (end of list)
yahoo.com in "! +local_domains"? yes (end of list)
checking "condition"
Starting Perl interpreter
search_open: passwd "NULL"
search_find: file="NULL"
key="nobody" partial=-1 affix=NULL starflags=0
LRU list:
4/etc/localdomains
4/etc/demouids
End
internal_search_find: file="NULL"
type=passwd key="nobody"
database lookup required for nobody
seeking password data for user "nobody": cache not available
getpwnam() succeeded uid=99 gid=99
lookup yielded: *:99:99:Nobody:/:/sbin/nologin
search_open: lsearch "/etc/domainusers"
search_find: file="/etc/domainusers"
key="root" partial=-1 affix=NULL starflags=0
LRU list:
4/etc/domainusers
4/etc/localdomains
4/etc/demouids
End
internal_search_find: file="/etc/domainusers"
type=lsearch key="root"
file lookup required for root
in /etc/domainusers
lookup failed
search_open: lsearch "/etc/userdomains"
search_find: file="/etc/userdomains"
key="" partial=-1 affix=NULL starflags=0
LRU list:
4/etc/userdomains
4/etc/domainusers
4/etc/localdomains
4/etc/demouids
End
internal_search_find: file="/etc/userdomains"
type=lsearch key=""
search_open: lsearch "/etc/userdomains"
cached open
search_find: file="/etc/userdomains"
key="host.blastohosting.com" partial=-1 affix=NULL starflags=0
LRU list:
4/etc/userdomains
4/etc/domainusers
4/etc/localdomains
4/etc/demouids
End
internal_search_find: file="/etc/userdomains"
type=lsearch key="host.blastohosting.com"
file lookup required for host.blastohosting.com
in /etc/userdomains
lookup failed
check_mail_permissions router skipped: condition failure
--------> enforce_mail_permissions router <--------
local_part=blasto333 domain=yahoo.com
checking domains
cached no match for +local_domains
cached lookup data = NULL
yahoo.com in "! +local_domains"? yes (end of list)
checking "condition"
enforce_mail_permissions router skipped: condition failure
--------> increment_max_emails_per_hour_if_needed router <--------
local_part=blasto333 domain=yahoo.com
checking domains
cached no match for +local_domains
cached lookup data = NULL
yahoo.com in "! +local_domains"? yes (end of list)
checking "condition"
increment_max_emails_per_hour_if_needed router skipped: condition failure
--------> dkim_lookuphost router <--------
local_part=blasto333 domain=yahoo.com
checking domains
cached no match for +local_domains
cached lookup data = NULL
yahoo.com in "! +local_domains"? yes (end of list)
checking require_files
file check: +/var/cpanel/domain_keys/private/${sender_address_domain}
expanded file: /var/cpanel/domain_keys/private/host.blastohosting.com
stat() yielded -1
errno = 2
dkim_lookuphost router skipped: file check
--------> lookuphost router <--------
local_part=blasto333 domain=yahoo.com
checking domains
cached no match for +local_domains
cached lookup data = NULL
yahoo.com in "! +local_domains"? yes (end of list)
calling lookuphost router
lookuphost router called for blasto333#yahoo.com
domain = yahoo.com
DNS lookup of yahoo.com (MX) succeeded
DNS lookup of mta5.am0.yahoodns.net (AAAA) gave NO_DATA
returning DNS_NODATA
DNS lookup of mta5.am0.yahoodns.net (A) succeeded
66.196.118.34 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
66.196.118.34 in "+loopback : 64.94.110.0/24"? no (end of list)
66.196.118.36 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
66.196.118.36 in "+loopback : 64.94.110.0/24"? no (end of list)
67.195.168.230 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
67.195.168.230 in "+loopback : 64.94.110.0/24"? no (end of list)
74.6.136.244 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
74.6.136.244 in "+loopback : 64.94.110.0/24"? no (end of list)
98.136.216.25 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
98.136.216.25 in "+loopback : 64.94.110.0/24"? no (end of list)
98.136.217.202 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
98.136.217.202 in "+loopback : 64.94.110.0/24"? no (end of list)
98.138.112.37 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
98.138.112.37 in "+loopback : 64.94.110.0/24"? no (end of list)
66.196.118.33 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
66.196.118.33 in "+loopback : 64.94.110.0/24"? no (end of list)
DNS lookup of mta6.am0.yahoodns.net (AAAA) gave NO_DATA
returning DNS_NODATA
DNS lookup of mta6.am0.yahoodns.net (A) succeeded
98.139.54.60 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
98.139.54.60 in "+loopback : 64.94.110.0/24"? no (end of list)
66.196.118.34 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
66.196.118.34 in "+loopback : 64.94.110.0/24"? no (end of list)
66.196.118.35 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
66.196.118.35 in "+loopback : 64.94.110.0/24"? no (end of list)
66.196.118.36 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
66.196.118.36 in "+loopback : 64.94.110.0/24"? no (end of list)
67.195.168.230 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
67.195.168.230 in "+loopback : 64.94.110.0/24"? no (end of list)
98.136.217.202 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
98.136.217.202 in "+loopback : 64.94.110.0/24"? no (end of list)
98.138.112.33 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
98.138.112.33 in "+loopback : 64.94.110.0/24"? no (end of list)
98.138.112.37 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
98.138.112.37 in "+loopback : 64.94.110.0/24"? no (end of list)
DNS lookup of mta7.am0.yahoodns.net (AAAA) gave NO_DATA
returning DNS_NODATA
DNS lookup of mta7.am0.yahoodns.net (A) succeeded
98.138.112.33 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
98.138.112.33 in "+loopback : 64.94.110.0/24"? no (end of list)
98.138.112.34 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
98.138.112.34 in "+loopback : 64.94.110.0/24"? no (end of list)
98.138.112.38 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
98.138.112.38 in "+loopback : 64.94.110.0/24"? no (end of list)
66.196.118.33 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
66.196.118.33 in "+loopback : 64.94.110.0/24"? no (end of list)
66.196.118.34 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
66.196.118.34 in "+loopback : 64.94.110.0/24"? no (end of list)
66.196.118.36 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
66.196.118.36 in "+loopback : 64.94.110.0/24"? no (end of list)
67.195.168.230 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
67.195.168.230 in "+loopback : 64.94.110.0/24"? no (end of list)
74.6.136.244 in "<; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
74.6.136.244 in "+loopback : 64.94.110.0/24"? no (end of list)
duplicate IP address 66.196.118.33 (MX=1) removed
duplicate IP address 66.196.118.34 (MX=1) removed
duplicate IP address 66.196.118.34 (MX=1) removed
duplicate IP address 74.6.136.244 (MX=1) removed
duplicate IP address 98.138.112.37 (MX=1) removed
duplicate IP address 66.196.118.36 (MX=1) removed
duplicate IP address 66.196.118.36 (MX=1) removed
duplicate IP address 67.195.168.230 (MX=1) removed
duplicate IP address 67.195.168.230 (MX=1) removed
duplicate IP address 98.136.217.202 (MX=1) removed
duplicate IP address 98.138.112.33 (MX=1) removed
fully qualified name = yahoo.com
host_find_bydns yield = HOST_FOUND (2); returned hosts:
mta5.am0.yahoodns.net 66.196.118.33 MX=1
mta5.am0.yahoodns.net 66.196.118.34 MX=1
mta5.am0.yahoodns.net 74.6.136.244 MX=1
mta5.am0.yahoodns.net 98.136.216.25 MX=1
mta5.am0.yahoodns.net 98.138.112.37 MX=1
mta5.am0.yahoodns.net 66.196.118.36 MX=1
mta5.am0.yahoodns.net 67.195.168.230 MX=1
mta5.am0.yahoodns.net 98.136.217.202 MX=1
mta6.am0.yahoodns.net 66.196.118.35 MX=1
mta6.am0.yahoodns.net 98.139.54.60 MX=1
mta6.am0.yahoodns.net 98.138.112.33 MX=1
mta7.am0.yahoodns.net 98.138.112.38 MX=1
mta7.am0.yahoodns.net 98.138.112.34 MX=1
set transport remote_smtp
queued for remote_smtp transport: local_part = blasto333
domain = yahoo.com
errors_to=NULL
domain_data=NULL localpart_data=NULL
routed by lookuphost router
envelope to: blasto333#yahoo.com
transport: remote_smtp
host mta5.am0.yahoodns.net [66.196.118.33] MX=1
host mta5.am0.yahoodns.net [66.196.118.34] MX=1
host mta5.am0.yahoodns.net [74.6.136.244] MX=1
host mta5.am0.yahoodns.net [98.136.216.25] MX=1
host mta5.am0.yahoodns.net [98.138.112.37] MX=1
host mta5.am0.yahoodns.net [66.196.118.36] MX=1
host mta5.am0.yahoodns.net [67.195.168.230] MX=1
host mta5.am0.yahoodns.net [98.136.217.202] MX=1
host mta6.am0.yahoodns.net [66.196.118.35] MX=1
host mta6.am0.yahoodns.net [98.139.54.60] MX=1
host mta6.am0.yahoodns.net [98.138.112.33] MX=1
host mta7.am0.yahoodns.net [98.138.112.38] MX=1
host mta7.am0.yahoodns.net [98.138.112.34] MX=1
blasto333#yahoo.com
router = lookuphost, transport = remote_smtp
host mta5.am0.yahoodns.net [66.196.118.33] MX=1
host mta5.am0.yahoodns.net [66.196.118.34] MX=1
host mta5.am0.yahoodns.net [74.6.136.244] MX=1
host mta5.am0.yahoodns.net [98.136.216.25] MX=1
host mta5.am0.yahoodns.net [98.138.112.37] MX=1
host mta5.am0.yahoodns.net [66.196.118.36] MX=1
host mta5.am0.yahoodns.net [67.195.168.230] MX=1
host mta5.am0.yahoodns.net [98.136.217.202] MX=1
host mta6.am0.yahoodns.net [66.196.118.35] MX=1
host mta6.am0.yahoodns.net [98.139.54.60] MX=1
host mta6.am0.yahoodns.net [98.138.112.33] MX=1
host mta7.am0.yahoodns.net [98.138.112.38] MX=1
host mta7.am0.yahoodns.net [98.138.112.34] MX=1
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=13681 terminating with rc=0 >>>>>>>>>>>>>>>>

Check your cPanel email settings - I think it is in Mail >> MX entry section - is "Local mail exchanger" enabled? In that case, I believe, sendmail tries to deliver the email locally but since your server is not yahoo.com, it obviously fails. Unless you have some special requirements, you should probably set it to "Remote mail exchanger".
By the way, if you're using Sendgrid for email and you're sending large volumes of email, I'd suggest using their HTTP API - SMTP is a very verbose protocol and I've had considerable speed improvements when I switched from SMTP to HTTP.

Related

Coturn fails on TURN (allocation timeout)

My coturn server always fails on turn. I've tried much variants of config, but nothing works(
Server is not NATted, and have only public IP.
Using next config:
domain=sip.domain.ru
realm=sip.domain.ru
server-name=sip.domain.ru
#listening-ip=0.0.0.0
#external-ip=0.0.0.0
external-ip=213.232.207.000
external-ip=sip.domain.ru
listening-port=3478
min-port=10000
max-port=20000
fingerprint
log-file=/var/log/coturn/turnserver.log
verbose
user=DavidMaze:Password
lt-cred-mech
#allow-loopback-peers
web-admin
web-admin-ip=213.232.207.000
web-admin-port=8090
cert=/usr/share/coturn/server.crt
pkey=/usr/share/coturn/server.key
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
While calling, there is waiting for 60s, then in logs:
0: log file opened: /var/log/coturn/turnserver_2023-01-13.log
0: pid file created: /run/turnserver/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
0: Wait for relay ports initialization...
0: relay 213.232.207.000 initialization...
0: relay 213.232.207.000 initialization done
0: relay ::1 initialization...
0: relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: turn server id=3 created
0: turn server id=2 created
0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: turn server id=5 created
0: turn server id=4 created
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/SCTP listener opened on : 213.232.207.000:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/SCTP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/SCTP listener opened on : ::1:3478
0: turn server id=6 created
0: turn server id=7 created
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv6. TLS/SCTP listener opened on : ::1:5349
0: IO method (general relay thread): epoll (with changelist)
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: turn server id=9 created
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: turn server id=11 created
0: IO method (general relay thread): epoll (with changelist)
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: turn server id=14 created
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: turn server id=13 created
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: turn server id=10 created
0: turn server id=15 created
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: turn server id=8 created
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: turn server id=12 created
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. DTLS/UDP listener opened on: 213.232.207.000:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. DTLS/UDP listener opened on: 213.232.207.000:5349
0: IPv6. DTLS/UDP listener opened on: ::1:3478
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: Total General servers: 16
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IPv4. TLS/SCTP listener opened on : 213.232.207.000:8090
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:8090
0: IPv4. web-admin listener opened on : 213.232.207.000:8090
0: SQLite DB connection success: /var/lib/turn/turndb
5: handle_udp_packet: New UDP endpoint: local addr 213.232.207.000:3478, remote addr 188.162.5.118:34297
5: session 010000000000000001: realm <sip.domain.ru> user <>: incoming packet BINDING processed, success
5: session 010000000000000001: realm <sip.domain.ru> user <>: incoming packet message processed, error 401: Unauthorized
5: IPv4. Local relay addr: 213.232.207.000:11050
5: session 010000000000000001: new, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=600
5: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet ALLOCATE processed, success
6: session 010000000000000001: peer 213.232.207.000 lifetime updated: 300
6: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet CREATE_PERMISSION processed, success
7: handle_udp_packet: New UDP endpoint: local addr 213.232.207.000:3478, remote addr 87.103.193.000:56186
7: session 006000000000000001: realm <sip.domain.ru> user <>: incoming packet BINDING processed, success
7: session 006000000000000001: realm <sip.domain.ru> user <>: incoming packet message processed, error 401: Unauthorized
7: IPv4. Local relay addr: 213.232.207.000:16236
7: session 006000000000000001: new, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=600
7: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet ALLOCATE processed, success
7: session 006000000000000001: peer 213.232.207.000 lifetime updated: 300
7: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet CREATE_PERMISSION processed, success
15: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
17: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
26: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
27: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
36: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
38: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
46: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
47: handle_udp_packet: New UDP endpoint: local addr 213.232.207.000:3478, remote addr 188.162.5.118:23038
47: session 008000000000000001: realm <sip.domain.ru> user <>: incoming packet BINDING processed, success
48: session 008000000000000001: realm <sip.domain.ru> user <>: incoming packet message processed, error 401: Unauthorized
48: IPv4. Local relay addr: 213.232.207.000:16208
48: session 008000000000000001: new, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=600
48: session 008000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet ALLOCATE processed, success
48: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
48: session 008000000000000001: peer 213.232.207.000 lifetime updated: 300
48: session 008000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet CREATE_PERMISSION processed, success
50: session 010000000000000001: refreshed, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=0
50: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet REFRESH processed, success
50: session 008000000000000001: refreshed, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=0
50: session 008000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet REFRESH processed, success
50: session 006000000000000001: refreshed, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=0
50: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet REFRESH processed, success
51: session 008000000000000001: usage: realm=<sip.domain.ru>, username=<DavidMaze>, rp=5, rb=364, sp=5, sb=508
51: session 008000000000000001: closed (2nd stage), user <DavidMaze> realm <sip.domain.ru> origin <>, local 213.232.207.000:3478, remote 188.162.5.118:23038, reason: allocation timeout
51: session 008000000000000001: delete: realm=<sip.domain.ru>, username=<DavidMaze>
51: session 008000000000000001: peer 213.232.207.000 deleted
51: session 010000000000000001: usage: realm=<sip.domain.ru>, username=<DavidMaze>, rp=10, rb=592, sp=10, sb=1032
51: session 010000000000000001: closed (2nd stage), user <DavidMaze> realm <sip.domain.ru> origin <>, local 213.232.207.000:3478, remote 188.162.5.118:34297, reason: allocation timeout
51: session 010000000000000001: delete: realm=<sip.domain.ru>, username=<DavidMaze>
51: session 010000000000000001: peer 213.232.207.000 deleted
51: session 006000000000000001: usage: realm=<sip.domain.ru>, username=<DavidMaze>, rp=58, rb=7500, sp=9, sb=892
51: session 006000000000000001: closed (2nd stage), user <DavidMaze> realm <sip.domain.ru> origin <>, local 213.232.207.000:3478, remote 87.103.193.000:56186, reason: allocation timeout
51: session 006000000000000001: delete: realm=<sip.domain.ru>, username=<DavidMaze>
51: session 006000000000000001: peer 213.232.207.000 deleted
Also, 2 days ago i was having 403: forbidden IP. But it was fixed by commenting listening-ip

Fixed issue. For others:
At first, check issue on different browsers. I've detected, that call works on Mozilla Firefox, while don't work on Chromium-based browsers;
You can enable extra-verbose mode by -V flag (uppercase) or --Verbose. This can help, but logs are very annoying and no need to see them in 95% times;
While testing TURN-server via very popular tool WebRTC sample - Trickle ICE, you can see authentication failed? with relay in next line. This might not be problem, check this with other working TURN-server (example)
Check client's firewall for blocking ports of STUN/TURN servers, for port ranges of TURN. That was my case, client's firewall was blocking 24000-64000 ports.

Zookeeper TLS error: Unsuccessful handshake with session 0x0 (org.apache.zookeeper.server.NettyServerCnxnFactory)

Can't start Zookeeper with TSL, help me please!
Zookeeper version: 3.5.8-f439ca583e70862c3068a1f2a7d4d068eec33315, built on 05/04/2020 15:53 GMT
zookeeper.properties:
###################[ MAIN ]###################
dataDir=~/zookeeper_ssl/data/zookeeper-data
clientPort=2185
secureClientPort=2186
maxClientCnxns=0
##############[ AUTHENTICATION ]##############
authProvider.sasl=org.apache.zookeeper.server.auth.SASLAuthenticationProvider # (tried change to authProvider.1 but no success)
jaasLoginRenew=3600000
requireClientAuthScheme=sasl
#############[ SSL ]############ authProvider.x509=org.apache.zookeeper.server.auth.X509AuthenticationProvider # (tried to remove - but no success)
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.keyStore.location=~/zookeeper_ssl/ssl/broker1.jks
ssl.keyStore.password=xxx
ssl.trustStore.location=~/zookeeper_ssl/ssl/broker1.jks
ssl.trustStore.password=xxx
clientAuth=none
tickTime=3000
initLimit=10
syncLimit=5
##############[ OTHER CONFIGS ]#############
4lw.commands.whitelist=*
admin.enableServer=true
admin.serverPort=8181
It is starting well. Then try to connect:
./bin/kafka-run-class \
> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty \
> -Dzookeeper.ssl.client.enable=true \
> -Dzookeeper.ssl.keyStore.location=~/zookeeper_ssl/ssl/dev1.jks \
> -Dzookeeper.ssl.keyStore.password=xxx \
> -Dzookeeper.ssl.trustStore.location=~/zookeeper_ssl/ssl/dev1.jks \
> -Dzookeeper.ssl.trustStore.password=xxx \
> org.apache.zookeeper.ZooKeeperMain -server localhost:2186
Have got:
Connecting to localhost:2186
Welcome to ZooKeeper!
JLine support is disabled
ACTUALLY NOTHING HAPPENS HERE - SO PRESSED CTRL+C
^C
zookeeper.log:
[2020-08-17 18:02:07,667] DEBUG Using Java8 optimized cipher suites for Java version 1.8 (org.apache.zookeeper.common.X509Util)
[2020-08-17 18:02:07,981] DEBUG Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1] (io.netty.handler.ssl.JdkSslContext)
[2020-08-17 18:02:07,981] DEBUG Default cipher suites (JDK): [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA] (io.netty.handler.ssl.JdkSslContext)
[2020-08-17 18:02:08,104] DEBUG SSL handler added for channel: [id: 0x6bcbf86b, L:/x.x.x.x:2186 - R:/x.x.x.x:56620] (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2020-08-17 18:02:08,123] DEBUG -Dio.netty.recycler.maxCapacityPerThread: 4096 (io.netty.util.Recycler)
[2020-08-17 18:02:08,123] DEBUG -Dio.netty.recycler.maxSharedCapacityFactor: 2 (io.netty.util.Recycler)
[2020-08-17 18:02:08,123] DEBUG -Dio.netty.recycler.linkCapacity: 16 (io.netty.util.Recycler)
[2020-08-17 18:02:08,123] DEBUG -Dio.netty.recycler.ratio: 8 (io.netty.util.Recycler)
[2020-08-17 18:02:08,133] DEBUG -Dio.netty.buffer.checkAccessible: true (io.netty.buffer.AbstractByteBuf)
[2020-08-17 18:02:08,133] DEBUG -Dio.netty.buffer.checkBounds: true (io.netty.buffer.AbstractByteBuf)
[2020-08-17 18:02:08,134] DEBUG Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector#3021f880 (io.netty.util.ResourceLeakDetectorFactory)
[2020-08-17 18:02:08,149] ERROR Unsuccessful handshake with session 0x0 (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2020-08-17 18:02:08,149] DEBUG close called for sessionid:0x0 (org.apache.zookeeper.server.NettyServerCnxn)
[2020-08-17 18:02:08,149] DEBUG cnxns size:0 (org.apache.zookeeper.server.NettyServerCnxn)
[2020-08-17 18:02:08,153] WARN Exception caught (org.apache.zookeeper.server.NettyServerCnxnFactory)
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0000002d000000000000000000000000000075300000000000000000000000100000000000000000000000000000000000
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:745)
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0000002d000000000000000000000000000075300000000000000000000000100000000000000000000000000000000000
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1214)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1282)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:498)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:437)
... 17 more
[2020-08-17 18:02:08,153] DEBUG Closing /x.x.x.x:56620[0](queued=0,recved=0,sent=0) (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2020-08-17 18:02:08,153] DEBUG close called for sessionid:0x0 (org.apache.zookeeper.server.NettyServerCnxn)
[2020-08-17 18:02:08,153] DEBUG cnxns size:0 (org.apache.zookeeper.server.NettyServerCnxn)
Inside jks
keystore broker1.jks
Alias name: zserver
Entry type: PrivateKeyEntry
Owner: CN=zserver, C=RU
Alias name: dev1
Entry type: trustedCertEntry
Owner: CN=dev1, C=RU
keystore dev1.jks
Alias name: zserver
Entry type: trustedCertEntry
Owner: CN=zserver, C=RU
Alias name: dev1
Entry type: PrivateKeyEntry
Owner: CN=dev1, C=RU

Have found the problem - correct parameter is:
-Dzookeeper.client.secure=true
(Dzookeeper.ssl.client.enable=true is wrong)

How can I use the SSL in Spring Cloud gateway

The configuration file is as follows：
server:
port: 8080
ssl:
enabled: true
key-store: D:/https/portal.keystore
key-store-password: 222222
http2:
enabled: true
the key-store generated by the java keytool.
the project can start-up normally,and when I request by the gateway,It is wrong.
the message as follows:
io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
474554202f55414d532f75616d737465737420485454502f312e310d0a486f73743a203139322e3136382e302e3131313a383038300d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a43616368652d436f6e74726f6c3a206d61782d6167653d300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b20574f57363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f36392e302e333439372e313030205361666172692f3533372e33360d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e380d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a4163636570742d4c616e67756167653a207a682d434e2c7a683b713d302e392c656e3b713d302e380d0a436f6f6b69653a2053455353494f4e3d61663534343537362d376363342d343832332d383163362d6662343936663165326232370d0a0d0a
at
io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1156)
[netty-handler-4.1.27.Final.jar:4.1.27.Final] at
io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1221)
[netty-handler-4.1.27.Final.jar:4.1.27.Final] at
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489)
[netty-codec-4.1.27.Final.jar:4.1.27.Final] at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428)
[netty-codec-4.1.27.Final.jar:4.1.27.Final] at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
[netty-codec-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:646)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:581)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:460)
[netty-transport-4.1.27.Final.jar:4.1.27.Final] at
io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
[netty-common-4.1.27.Final.jar:4.1.27.Final] at
java.lang.Thread.run(Thread.java:748) [na:1.8.0_171]

I know why i was wrong,I config the spring cloud gateway https,but I request the gateway service without keysturst.store,it works erroneously.
So I req request the service with the keystrust.store,the problem has been solved.

Nginx closes connection after the client cert is presented

I am using Nginx to forward my ssl req to some server.
I am trying firefox chrome etc but doesn't help
what should be the correct config, also i am trying to implement this along with SSL as well the http_auth
The config i am using :
server {
listen 443 default_server ssl;
#root /var/www;
#index index.html index.htm index.php;
error_log /var/log/nginx/testconfg.log debug;
ssl on;
ssl_certificate /etc/ssl/testconfig/certs/server.crt;
ssl_certificate_key /etc/ssl/testconfig/private/server.key;
ssl_client_certificate /etc/ssl/testconfig/certs/ca.crt;
ssl_crl /etc/ssl/testconfig/private/ca.crl;
ssl_password_file /etc/ssl/testconfig/global.pass;
ssl_verify_client optional;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://172.16.8.50:5601;
proxy_ssl_server_name on;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
ERROR:
verify:0, error:18, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd", issuer:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd"
2017/01/04 11:08:23 [debug] 19105#19105: *2 verify:0, error:8, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd", issuer:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd"
2017/01/04 11:08:23 [debug] 19105#19105: *2 verify:1, error:8, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd", issuer:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd"
2017/01/04 11:08:23 [debug] 19105#19105: *2 SSL_do_handshake: 1
2017/01/04 11:08:23 [debug] 19105#19105: *2 SSL: TLSv1, cipher: "ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1"
2017/01/04 11:08:23 [debug] 19105#19105: *2 reusable connection: 1
2017/01/04 11:08:23 [debug] 19105#19105: *2 http wait request handler
2017/01/04 11:08:23 [debug] 19105#19105: *2 malloc: 0000556B5D448D50:1024
2017/01/04 11:08:23 [alert] 19105#19105: *2 ignoring stale global SSL error (SSL: error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib) while waiting for request, client: 165.225.106.84, server: 0.0.0.0:443
2017/01/04 11:08:23 [debug] 19105#19105: *2 SSL_read: -1
2017/01/04 11:08:23 [debug] 19105#19105: *2 SSL_get_error: 2
2017/01/04 11:08:23 [debug] 19105#19105: *2 free: 0000556B5D448D50
2017/01/04 11:08:24 [debug] 19105#19105: *2 http wait request handler
2017/01/04 11:08:24 [debug] 19105#19105: *2 malloc: 0000556B5D448D50:1024
2017/01/04 11:08:24 [debug] 19105#19105: *2 SSL_read: 0
2017/01/04 11:08:24 [debug] 19105#19105: *2 SSL_get_error: 5
2017/01/04 11:08:24 [debug] 19105#19105: *2 peer shutdown SSL cleanly
2017/01/04 11:08:24 [info] 19105#19105: *2 client closed connection while waiting for request, client: 165.225.106.84, server: 0.0.0.0:443
2017/01/04 11:08:24 [debug] 19105#19105: *2 close http connection: 3
2017/01/04 11:08:24 [debug] 19105#19105: *2 SSL_shutdown: 1
2017/01/04 11:08:24 [debug] 19105#19105: *2 event timer del: 3: 1483528163104
2017/01/04 11:08:24 [debug] 19105#19105: *2 reusable connection: 0
2017/01/04 11:08:24 [debug] 19105#19105: *2 free: 0000556B5D448D50
2017/01/04 11:08:24 [debug] 19105#19105: *2 free: 0000556B5D46F910, unused: 56
can someone help me out whats the issue

Nginx inputstream ssk offloading

WHen using NginX for ssl offloading things work fine, however when trying to do this for serialized stream over a socket it seems to work incorrectly, and the documentation over using streams http://nginx.org/en/docs/stream/ngx_stream_upstream_module.html makes no sense,
can anyone help me with a working foo bar example of how to ssl offload for a streaming input(made of serialized logging event objects in this case) with nginx
Edit:
we are trying to forward and strip SSL off of log4j socketappender output but cannot even get the forwarding working when the SSL is not enabled.
here is the config file without the ssl offloading portion(when retrieving non https the forwarding still does not work correctly)
events {
worker_connections 1024;
}
http {
server {
listen 4560 ;
server_name logstash.corelims.com;
location / {
proxy_pass_request_headers on;
proxy_pass http://localhost:4561/;
proxy_redirect http://localhost:4561/ http://logstash.corelims.com:4560/;
}
error_log C:/ELK/nginx-1.9.4/logs/debug.log debug;
}
}
which leads us to these debug logs:
2015/08/27 00:54:59 [info] 5052#3716: *45 WSARecv() failed (10054: An existing connection was forcibly closed by the remote host) while reading client request line, client: IP.ADDRESS.HIDDENFOR.POST, server: foo.bar.com, request: "¬í "
2015/08/27 00:54:59 [debug] 5052#3716: *45 lingering read: -1
2015/08/27 00:54:59 [debug] 5052#3716: *45 http request count:1 blk:0
2015/08/27 00:54:59 [debug] 5052#3716: *45 http close request
2015/08/27 00:54:59 [debug] 5052#3716: *45 http log handler
2015/08/27 00:54:59 [debug] 5052#3716: *45 free: 008DE8E8, unused: 1991
2015/08/27 00:54:59 [debug] 5052#3716: *45 close http connection: 300
2015/08/27 00:54:59 [debug] 5052#3716: *45 event timer del: 300: 1822859279
2015/08/27 00:54:59 [debug] 5052#3716: *45 select del event fd:300 ev:0
2015/08/27 00:54:59 [debug] 5052#3716: *45 reusable connection: 0
2015/08/27 00:54:59 [debug] 5052#3716: *45 free: 023BCED0
2015/08/27 00:54:59 [debug] 5052#3716: *45 free: 023BEEA8, unused: 24
2015/08/27 12:27:45 [debug] 5052#3716: select del event fd:316 ev:0

We Keep Coding

sql objective-c vba vb.net react-native apache vue.js tensorflow api pandas

sendgrid cpanel exim failure - cpanel

Related

Coturn fails on TURN (allocation timeout)

Zookeeper TLS error: Unsuccessful handshake with session 0x0 (org.apache.zookeeper.server.NettyServerCnxnFactory)

How can I use the SSL in Spring Cloud gateway

Nginx closes connection after the client cert is presented

Nginx inputstream ssk offloading

Categories

Resources