Mail Has Quit Working

Home » CentOS » Mail Has Quit Working
CentOS 96 Comments

Hello,

Mail has come to an abrupt stop. Running C7, postfix and dovecot. Using Roundcube as the client.

Mail stopped working Saturday and I cannot figure was has happened. I have not touched this server except to upgrade packages. I believe Roundcube was updated maybe a week ago but know I was getting mail since then.

Crond is no longer send mail. I checked /var/spool/mail as well as /Maildir in home directories. Zero byte files.

Checked all logs and the only thing I could find was in /var/log/maillog :
warning hostname localhost does not resolve to address 127.0.0.1

I corrected that by changing inet_interfaces to localhost from all in postfix.cf

When I try to log in with Roundcube, it just times out.

I’m stuck!

TIA for any suggestions!!

96 thoughts on - Mail Has Quit Working

  • has your /etc/hosts ​been modified recently?
    does it contain a “127.0.0.1 localhost” or equivalent entry?
    B

  • Hi, thanks!

    First line of /etc/hosts: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 also a few lines down, ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

  • More information would be helpful to troubleshoot this.  Try sending output from:

    postfix status

    mailq

    Try telnetting to your SMTP server and sending a message like this from the local system:
    substitute a valid user/domain on the mail from line and a valid email address in your domain on the rcpt to line. Do this, logged onto the mailserver.

    telnet localhost 25
    helo mydomain.com (substitute a valid domain here)
    mail from:
    rcpt to:
    data From: someuser@validdomain.com to: youremailaddress@yourdomain.com subject: test

    This is a test mesage
    .

    note: blank line between mail headers and body

    end data with line containing only ‘.’.

    Then check your maillog and send the output to the list.

    Nataraj

  • /Maildir
    :

    Tried following your instructions and got 227 2.7.0 Error: I can break rules, too. Goodbye. Connection closed by foreign host.

  • Simply telnet to mailserver on port 25 and type what I’ve shown, substituting valid email addresses and valid addresses in your domain as indicated. You can use your own domain for the hello command, i.e. “helo mydomain.com”.  Everything between the data command and the ‘.’ is input to the data command.  After you type the ‘.’ the message will be sent and should be delivered to the user on the “rcpt to” line.  You should see logging of successful delivery or errors in the maillog.

    Nataraj

  • If your grabbing text and stuffing it with the mouse, you need to send only 1 line at a time and wait for a reply for each line, except for the data section where you can send multiple lines.  If you get errors, run script before running telnet and post a log of the session or else tell us which line caused the error.

    Nataraj

  • I can’t get past From: I also tried ‘from’, lower case.

    Then get 221 2.7.0 Error: I can break rules, too. Goodbye. Connection closed by foreign host.

    Maybe I took too long? IDK

  • This is pointless because he’s complaining about cron and system emails which use the sendmail command are submitted through the pickup service, not port 25/smtp (in fact, if you’re submitting any mail via port 25
    you’re doing it wrong but that’s another discussion).

    TE Dukes:

    Please do the following (lines that start with # should be run as root, lines that start with $ should be run as a local user):

    Install the mail command which is an easy interface to the sendmail command and thus the pickup service.

    # yum install mailx
    # tail -n0 -f /var/log/maillog

    …then in another window (replace someuser@example.com with your own email address):

    $ mail -s ‘Test Email’ someuser@example.com <<< "This is a test" … wait a minute for postfix to have a chance to process and send the message, then break out of the tail command and copy/paste the output into your reply. Then also copy and paste the output of the following: $ postconf -nf; postconf -Mf If I need any more info after that I’ll let you know. Peter

  • OK, not sure what happened, my response was rejected by CentOS:

    Reason: There was an error while attempting to deliver your message with [Subject: “RE: [CentOS] Mail has quit working”] to CentOS@CentOS.org. MTA p3plwbeout03-06.prod.phx3.secureserver.net received this response from the destination host IP – 208.100.23.70 – 554 , 554 5.7.1 Service unavailable; Client host [72.167.218.218] blocked using ix.dnsbl.manitu.net; Your e-mail service was detected by mail.ixlab.de (NiX Spam) as spamming at Tue, 24 Jul 2018 11:45:20 +0200. Your admin should visit http://www.dnsbl.manitu.net/lookup.php?valuer.167.218.218
    ..

    So, I’m trying a third time:

    This is pointless because he’s complaining about cron and system emails which use the sendmail command are submitted through the pickup service, not port 25/smtp (in fact, if you’re submitting any mail via port 25
    you’re doing it wrong but that’s another discussion).

    TE Dukes:

    Please do the following (lines that start with # should be run as root, lines that start with $ should be run as a local user):

    Install the mail command which is an easy interface to the sendmail command and thus the pickup service.

    # yum install mailx
    # tail -n0 -f /var/log/maillog

    ….then in another window (replace someuser@example.com with your own email address):

    $ mail -s ‘Test Email’ someuser@example.com <<< "This is a test" …. wait a minute for postfix to have a chance to process and send the message, then break out of the tail command and copy/paste the output into your reply. Then also copy and paste the output of the following: $ postconf -nf; postconf -Mf If I need any more info after that I’ll let you know. Peter

  • Your IP address is flagged as spam in Real Time Block Lists. Are you using a dynamic IP address? You may have a mis-configured server that is allowing spammers to relay through your server. Another possibility is your system is compromised with a spambot.

    Mike

  • Mike McCarthy, W1NR wrote:
    Why are you top-posting?

    And another reason it may be blocked is the same reason *I* get blocked a few times a year: those spam blockers that block mailhosts. 20 years ago, sure. But when you have a domain hosted, as I do, at Hostmonster, and since I’m not paying for a business account, there are literally tens or hundreds of thousands of domains whose email is going through them, I
    don’t care how many admins you have, you can’t keep up with the scum… and so EVERY SINGLE BLOODY DOMAIN’S EMAIL in all those is blocked.

    They don’t seem to look for “spam from many domains from the same mailserver”, just “is a lot of spam coming from that mailhost”.

    I first ran into that in the early oghts, when one of them blocked ALL
    EMAIL from Chicago roadrunner.. which was most of the folks online in the entire city of Chicago.

    mark

  • In one terminal: “tail -f /var/log/maillog” or “journalctl -f”

    In another, “echo test | mail -s test your@email.address

    What do you see in the maillog at that time?  What does the “df” command output?

  • There is one brain dead commercial spam blocker that analyzes percentage of spam vs ham comping from particular IP. On the basis of what all or any of their customers get from that IP. Barracuda. Many have heard “we have been barracuded”.

    We were barracuded once. Someone got his address into many spammers databases. When he moved to different institution, we set his mail forwarded there. Our spam filter back then worked this way: we analyze, and label what is spam, and upon delivery it is sorted away into spam box. (But all is delivered to recipient, that’s the user’s right to see all coming to one’s address). That other place used barracuda.com. And our Dept mail server was “barracuded”. On the day of deadline of email based grant submission to their institution. I got in touch with their admins and they “un-barracuded” us. But ever since I do not forward email of people who left Department for that particular institution.

    The only other exemption we have: I don’t forward mail of people who left the Department to that one very popular mail provider. You will easily guess it once I describe the incident which it is based on. When email is being delivered to us after RCPT TO: <****> SMTP command we know if we have to forward that message, before we continue this session we open new session with destination, and once we know from them it is deliverable, we accept messages, and immediately pass it over to next server. And that one provider always accepts messages even addressed to existent addresses on their side, but for addresses that do not exist they come back later with undeliverable. And that last puts my mail server in a position of the source of backscatter. By this point in the story my sysadmins friends whom I described the incident we had guessed the provider: gmail.com. Some of them laughed: of course, they first collect information, then do actual mail service job ;-) Anyway, people who are here do set forwarding wherever they want, people who left the department can forward wherever but two exemptions.

    As always, on can have a lot of fun troubleshooting email service.

    Valeri

  • Happens frequently to me and I’m no open relay.

    CentOS uses spamhaus and spamhaus blocks entire subnets if someone on the subnet spams.

    So unless you can afford your own subnet or pay to be on a whitelist, blacklists are a common thing for the little guy.

    So much for net neutrality.

  • [Thomas E Dukes]

    Apparently I can send mail to the list via Outlook but not from webmail. Go figure?

  • Am 24.07.2018 um 21:07 schrieb TE Dukes:

    That looks totally broken: <http://paalmettodomains.com>
    Where does that come from? An HTTP adddress has no valid function in SMTP communication. Even the domain seems to be a typo.

    mailto:root@ts130.palmettodomains.com <- What is the purpose to send yourself a mail locally? Did you even specify a valid, fully qualified recipient address? Mail got delivered locally after passing amavis at the mailbox tdukes@palmettodomains.com.

    Alexander

  • It’s a typo.

    A previous person instructed to do so.

    I am unable to read my system’s mail. Cannot read it from roundcube or usermin. Roundcube times out on login attemps. In usermin there is no mail in the mailbox. There is no mail in /Maildir.

    This just started this past Saturday morning. Everything was fine up to then.

  • TE Dukes wrote:
    1. Have you checked /var/log/yum.log?
    2. Is everything correct in /cron.*?
    3. Have you considered running yum reinstall crony?

    mark

  • Thanks!

    Everything seems to be OK.

    I did find where the mail is going. I found it in /Maildir/new/

    Postfix is set to home_mailbox = Maildir/ Changing it doesn’t help.

    Still can’t login to roundcube.

  • Postfix only handles the outgoing email. What IMAP/POP server are you using? Verify that is running, and check for errors in the logs.
    Additionally, check your Roundcube config to make sure that the settings didn’t get clobbered as part of an upgrade (if installed using yum).

    James

  • Based on that I can see pickup receives the message from the sendmail command (which in turn receives it from the mail command). The message is then passed off to amavisd-new which scans it, passes the scan and re-injects it back into postfix. Postfix then passes the message off to dovecot-lda for delivery. There is no indication in the logs of what dovecot is doing with the message at this stage. So it appears that postfix and amavisd-new are working correctly and if there’s a problem it’s in dovecot.

    For whatever reason dovecot is not logging to maillog (it may be logging somewhere else). You need to find your dovecot logs and trace the message through there to see what happens next. I am not so much of a dovecot expert myself (I use it but I don’t know it in as much detail as I know postfix, for example). I would suggest posting to the dovecot mailing list, or you can join the freenode IRC network and ask in the
    #dovecot channel where you should get some relevant help.

    Good Luck,

    Peter

  • This is new information. It points to the issue being in dovecot or roundcube.

    This indicates that dovecot is working.

    It won’t, this setting only applies when you’re using the postfix local(8) delivery agent, but you have postfix configured to use dovecot so this setting does not actually do anything.

    Check roundcube settings, check dovecot logs. See my previous email for where to get more help with dovecot.

    Peter

  • Yes, that’s how Maildir mail works – delivery to a Maildir folder means that the mail is put in Maildir/new until it is seen, when it is moved to Maildir/cur via Maildir/tmp – it’s complicated, but it’s necessary in order to maintain appropriate locks on the files when multiple clients are accessing them.

    When you say “can’t login” – what is the error?

    What do the dovecot logs say? You can see where dovecot logs to by looking in /etc/dovecot/conf.d/10-logging.conf – can you see your roundcube install attempting to authenticate?

    P.

  • Geeeez!! Its working again. All I did was restart the system.

    I stopped and restarted postfix, dovecot, mariadb several times over the past couple days. Pretty sure I did a system reboot a time or two.

    Decided to do one a few minutes ago and now its working. Hate I never found the problem that caused this issue!

    Thanks for all the help!!

  • Another kernel update and things are broken again!

    YEARS with no problems. About tired of messing with this!

  • Earlier in this thread, you indicated that you saw “warning hostname localhost does not resolve to address 127.0.0.1” in /var/log/maillog, and some other logs indicated that postfix was timing out connecting to its locally hosted domains.  Both of those suggest that you have DNS or network related problems, and not something resulting from package updates.

    You might consider posting /etc/resolv.conf, /etc/hosts,
    /etc/sysconfig/network-scripts/ifcfg-, and
    /etc/postfix/main.cfg on https://paste.fedoraproject.org/ for review. 
    It would also be useful to see the output of “ip addr show”, “ip route show”, and “ip -6 route show”.  If the system starts working suddenly, as it did earlier, compare the output of those commands when the system is working to the output when it is not.

  • I think the error may be here:

    /etc/hosts:
    multi on

    If that is the /etc/hosts file then something is changing it somewhere
    (and the kernel rpms do not touch this file unless someone wrote over it.) The file should be:

    127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

    The second problem may be in whatever created that ifcfg-eno1 file. I
    have resorted and cleaned it up so it is easier to look at

    DEVICE=eno1
    NAME=eth0
    BOOTPROTO=none BROADCAST2.168.1.255
    DNS16.102.165.13
    DNS2 7.91.5.20
    DNS37.0.0.1
    GATEWAY2.168.1.1
    IPADDR2.168.1.110
    NETMASK%5.255.255.0
    NETWORK2.168.1.0
    DEFROUTE=yes DOMAIN=palmettodomains.com IPV4_FAILURE_FATAL=no IPV6INIT=no ONBOOT=yes TYPE=Ethernet UUID

  • had

    I caught it after I did it, that’s the /etc/host.conf

    /etc/host should be:

    127.0.0.1 localhost localhost.localdomain localhost4
    localhost4.localdomain4
    192.168.1.110 ts130.palmettodomains.com ts130
    192.168.1.110 mail.palmettodomains.com mail

    # ::1 localhost localhost.localdomain localhost6
    localhost6.localdomain6
    192.168.1.102 edukes1.palmettodomains.com edukes1
    192.168.1.105 hp8200.palmettodomains.com hp8200

    localhost4.localdomain4
    localhost6.localdomain6

    CentOS created the file

    I do have named running but I can remove the 127.0.0.1

    Thanks!!

  • ip route show:
    default via 192.168.1.1 dev eno1 proto static metric 101
    192.168.1.0/24 dev enp1s0 proto kernel scope link src 192.168.1.111
    metric 100
    192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.110 metric
    101

    You have two physical devices using the same IPv4 subnet.  Disable the one you aren’t using.  Set ONBOOT=no in
    /etc/sysconfig/network-scripts/ifcfg-enp1s0 or remove the file entirely.

  • Thanks,

    I have removed DNS3 from ifcfg-eno1 and set ONBOOT=no in ifcfg-enp1so0, reboot and still can’t read mail. Logging into roundcube either times out or if I get in, the inbox is empty.

    TIA

  • So, again, what do the dovecot logs say?

    How is roundcube setup? Specifically what is the IMAP server set to?
    Remember, if you have changed the server definition in the config, the individual accounts that were already defined in the database will still have the old server definition.

    P.

  • It sounds to me like you just have a broken apache httpd or roundcube setup. Try ignoring that for now.

    Can you verify that mail is getting to where you’ve got it set up using other tools, such as mutt or just looking at the spool files?

  • OK. There are a couple of things:

    Aug 23 21:47:18 ts130 postfix/smtpd[3750]: warning: hostname localhost does not resolve to address 127.0.0.1
    Aug 23 21:47:18 ts130 postfix/smtpd[3750]: connect from unknown[127.0.0.1]

    That needs to be fixed. What does the entry for 127.0.0.1 look like in
    /etc/hosts? Have you also defined ::1 to be localhost in /etc/hosts?

    Aug 23 21:47:21 ts130 dovecot: imap-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid754, secured, session=<9W1yjiR08AAAAAAAAAAAAAAAAAAAAAAB>

    So you are connecting over TCPv6 from roundcube to dovecot? Is that what you want?

    What is the IMAP hostname in the roundcube configuration?

    P.

  • 127.0.0.1 localhost localhost.localdomain localhost4
    localhost4.localdomain4
    192.168.1.110 ts130.palmettodomains.com ts130
    192.168.1.110 mail.palmettodomains.com mail

    # ::1 localhost localhost.localdomain localhost6
    localhost6.localdomain6
    192.168.1.102 edukes1.palmettodomains.com edukes1
    192.168.1.105 hp8200.palmettodomains.com hp8200

    I have IPV6 disabled (I think).

    // IMAP
    // ——————————–

  • You have it disabled in the configs you have shown.. but roundcube is configured to expect it to work. You are going to need to figure out where that is in the dovecot (possibly a

    find /etc -type f -print | xargs grep -l “::1”

    might give you some ideas unless this is in the database where you will be needing to play with that. It may be just easier to just turn on ipv6 and get that working again as that seems to be what ‘broke’
    mail versus the kernel upgrade. [The kernel reboot probably just brought to light a ‘oh I have ipv6 required somewhere but it is deeply hidden’]

  • In the file /etc/nsswitch.conf there is a line that starts hosts: what does that say?

    Well it’s certainly trying to connect via v6 – that’s what the ::1 on that line is.

    I think part of the problem is that ‘localhost’ is being interpreted as the IPv6 loopback device ::1 and not the v4 127.0.0.1 – it may be that roundcube has got a wrong mailhost stored. Try running the following SQL command on your roundcube database:

    mysql –user=rc -p roundcubemail -e “select username,mail_host from users;”

    It will prompt for the password. (Obviously use a different user if it’s not ‘rc’ and a different databasename if it’s not ’roundcubemail’
    – they are the defaults and are defined in the roundcube config file.)

    It will come back with a list of the users defined and the mailhost it will attempt to connect to for that user.

    P.

  • localhost

    #
    # /etc/nsswitch.conf
    #
    # An example Name Service Switch config file. This file should be
    # sorted with the most-used services at the beginning.
    #
    # The entry ‘[NOTFOUND=return]’ means that the search for an
    # entry should stop if the search in the previous entry turned
    # up nothing. Note that if the search failed due to some other reason
    # (like no NIS server responding) then the search continues with the
    # next entry.
    #
    # Valid entries include:
    #
    # nisplus Use NIS+ (NIS version 3)
    # nis Use NIS (NIS version 2), also called YP
    # dns Use DNS (Domain Name Service)
    # files Use the local files
    # db Use the local database (.db) files
    # compat Use NIS on compat mode
    # hesiod Use Hesiod for user lookups
    # [NOTFOUND=return] Stop searching if not found so far
    #

    # To use db, put the “db” in front of “files” for entries you want to be
    # looked up first in the databases
    #
    # Example:
    #passwd: db files nisplus nis
    #shadow: db files nisplus nis
    #group: db files nisplus nis

    passwd: files sss shadow: files sss group: files sss
    #initgroups: files

    #hosts: db files nisplus nis dns hosts: dns files myhostname

    # Example – obey only what nisplus tells us…
    #services: nisplus [NOTFOUND=return] files
    #networks: nisplus [NOTFOUND=return] files
    #protocols: nisplus [NOTFOUND=return] files
    #rpc: nisplus [NOTFOUND=return] files
    #ethers: nisplus [NOTFOUND=return] files
    #netmasks: nisplus [NOTFOUND=return] files

    bootparams: nisplus [NOTFOUND=return] files

    ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss

    netgroup: files sss

    publickey: nisplus

    automount: files aliases: files nisplus

    I seem to have forgotten the password I used. Have tried everything. I may have to re-install roundcube.

    TIA

  • ^^^ that’s probably broke also. hosts: files dns

    That should be it. Putting dns first works if you can guarentee that DNS works fine all the time but if your DNS caches that localhost doesn’t exist then /etc/hosts isn’t used.

    since you are doing email

    aliases: files

  • A bit further up in the roundcube config file there’s a line defining the database connection. The username, password and database name are all in the definition – something like

    $config[‘db_dsnw’] = ‘mysql://username:password@host/database’;

    P.

  • as may Thanks!!

    I ran the query. Got something like this

    +—————————+————————-+
    | username | mail_host |
    +—————————+————————-+
    | tdukes | localhost |
    +—————————|————————-+

  • What do you get from this command?

        getent hosts localhost

    Can you reach localhost by “normal” means?

        telnet localhost 25

  • Can’t say that’s what I expected.  What about “getent hosts 127.0.0.1”?

    Also, uncomment the ::1 line in /etc/hosts.

    Can you share the specific output of the command?  It might help. From what you’ve told us, localhost resolves to the IPv6 local address, and that address is present on your “lo” device.  You *should* be able to connect.  The type of error might indicate what is still wrong with the system.

  • 127.0.0.1 localhost

    OK
    Trying 71.28.79… telnet: connect to address 71.28.79.87: Connection timed out

    TIA

  • So are you saying that if you do ‘telnet localhost 25’ it actually tries to connect to ‘71.28.79.87’?

    If so, then that seems to indicate that host lookups are still being done primarily through DNS and it isn’t looking in your /etc/hosts file.

    What happens if you do

    telnet 127.0.0.1 25

    what about

    telnet ::1 25

    P.

  • OK.  /etc/hosts isn’t being used.  You indicated earlier that you had more hostnames in that file.  They should show up there.

    Let’s go back to pastebin.  What are the contents of /etc/nsswitch.conf and /etc/hosts, now?

    Are you running nscd, nslcd, or sssd?  If so, you may need to stop them or flush their cache.

    What do you get if you “dig @localhost localhost +short”.  If that doesn’t return a “localhost” address, then the name server that you’re running has a broken configuration.

    Do you get any output from “echo $HOSTALIASES”?

  • You are multiply defining localhost and localhost.localdomain. All there should be is:

    127.0.0.1 localhost.localdomain localhost
    ::1 localhost6.localdomain6 localhost6

    But that’s not the underlying issue, it’s just a complication. What the ‘getent hosts 127.0.0.1’ is showing is that the system is either not retrieving host information from the /etc/hosts file or not retrieving it all. That same command on my system returns

    127.0.0.1 localhost.localdomain localhost

    i.e. the line identical to the one in /etc/hosts. Yours doesn’t. What does /etc/host.conf contain – does it have the line ‘multi on’ in it?

    Your nsswitch.conf files shows that you are retrieving information from sssd for users. (But not for hosts, so it’s not relevant here)

    Are you running your own named? (I thought you said you were – this output says you aren’t.)

    P.

  • OK in that case something is really taking your system for a ride. I
    would check to see if that 71.28.79.87 is your ‘public’ ip address with

    curl -4 icanhazip.com

    if it is then something from named or some other utility is translating localhost for you. host -v localhost might give you more information on what is giving lookups crazy answers

    [smooge@linode01 ~]$ host -v localhost Trying “localhost.members.linode.com”
    Trying “localhost.smoogespace.com”
    Trying “localhost”
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10855 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;localhost. IN A ;; ANSWER SECTION: localhost. 10800 IN A 127.0.0.1 Received 55 bytes from 66.228.53.5#53 in 0 ms Trying “localhost” ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2461 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;localhost. IN MX ;; AUTHORITY SECTION: localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800

  • My ip has changed since I ran telnet localhost 25 as I rebooted my router. But it is correctly reporting the IP.

    10800

    Results from host -v localhost:

    Trying “localhost.palmettodomains.com”
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12975 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;localhost.palmettodomains.com. IN A ;; ANSWER SECTION: localhost.palmettodomains.com. 60 IN A 162.40.201.5 Received 63 bytes from 166.102.165.13#53 in 35 ms Trying “localhost.palmettodomains.com” ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60995 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;localhost.palmettodomains.com. IN AAAA ;; AUTHORITY SECTION: palmettodomains.com. 628 IN SOA ns2.no-ip.com. hostmaster.no-ip.com. 2015063193 10800 1800 604800 1800 Received 104 bytes from 166.102.165.13#53 in 28 ms Trying “localhost.palmettodomains.com” ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62881 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;localhost.palmettodomains.com. IN MX ;; ANSWER SECTION: localhost.palmettodomains.com. 1720 IN MX 5 mail.palmettodomains.com. Received 68 bytes from 166.102.165.13#53 in 29 ms Looks like my domainname has been appended unless you left your off. Thanks!!

  • Thanks!

    Made the change above in nsswitch, rebooted, ran dig @localhost localhost +short Got: dig: couldn’t get address for ‘localhost’: failure

    Checked maillog:

    Aug 26 09:12:31 ts130 postfix/qmgr[2194]: E5B948331053: from=, sizeF9, nrcpt=1 (queue active)
    Aug 26 09:12:31 ts130 postfix/smtp[2307]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused Aug 26 09:12:32 ts130 postfix/smtp[2307]: E5B948331053: to=, orig_to=, relay=none, delayw, delaysw/0.39/0/0, dsn=4.4.1, status

  • I haven’t read through all of this, but is this a CentOS 7 machine? If so .. I believe that systemd has some name resolution facility in it. Has that been looked into?

  • Am 26.08.2018 um 15:25 schrieb TE Dukes:

    That part of the log just indicates that your service which is called inb port 10024 isn’t running. In your setup that is likely the amavisd-new filter service. Make sure it runs or take it out of your Postfix configuration.

    Alexander

  • Thanks. I did open the port but made no difference.

    I found this in the roundcube mail error file:

    [26-Aug-2018 11:48:41 -0400]: IMAP Error: Login failed for tdukes from 192.168.1.102. Could not connect to localhost:143:
    php_network_getaddresses: getaddrinfo failed: System error in
    /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 197
    (POST /?_task=login?_task=login&_action=login)

    There is also a warning about the time zone. It’s set as America/New_York in php.ini

  • That’s a secondary issue.  A properly configured DNS server *should*
    answer correctly for “localhost”.  Yours doesn’t.  It’s broken.  Red Hat ships ISC Bind with a working configuration (/etc/named.rfc1912.zones). 
    I’m not sure whether you’re using something else, or if you’ve removed the RFC1912 zones.  Fix that later.

    “host” and “dig” are both DNS tools, and won’t tell you if your files are being used properly.  While you’re troubleshooting the libc name resolution system, use “getent”.  “getent hosts localhost” and “getent hosts 127.0.0.1” should return something that looks vaguely like the data in /etc/hosts.  You can also verify that it works in practice using
    “telnet localhost 25” to verify that you can reach services running on the local system.

  • Am 26.08.2018 um 18:12 schrieb TE Dukes:

    Sorry to say, but you have to learn to analyze problems systematically and by following simples approaches. At this point it is not useful to get Roundcube involved.

    You see a basic error message “Could not connect to localhost:143”. So test that without using additional software. Foremost consult the maillog, in this case the log content produced by dovecot. And test connectivity on the lowest level.

    echo QUIT | openssl s_client -connect localhost:143 -starttls imap

    That must be successful first. You can too test “lsof -i :143” or “ss
    -tulpen | grep 143”. And tail your maillog.

    Alexander

  • I have all the files shipped with CentOS. I created 2 zone files, domain and reverse from the example in RHEL Documentation https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-BIND#example-bind-zone-examples-basic

    https://paste.fedoraproject.org/paste/9-ZvmUg5vF-UI7lfuAIJjQ

    I did find one typo in the domain zone but correcting that didn’t help

    Getent hosts localhost and getent hosts 127.0.0.1 returned no info.

    Thanks!

  • America/New_York

    I’m getting what appears to be help file with various options when trying to run the above commad

    Running lsof -i :143, I get:

    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    dovecot 1576 root 37u IPv4 32014 0t0 TCP *:imap (LISTEN)
    dovecot 1576 root 38u IPv6 32015 0t0 TCP *:imap (LISTEN)

    Running ss -tulpen | grep 143 :

    tcp LISTEN 0 100 *:143 *:*
    users:((“dovecot”,pid76,fd7)) ino:32014 sk:ffff913e953e2e80 <->
    tcp LISTEN 0 100 :::143 :::*
    users:((“dovecot”,pid76,fd8)) ino:32015 sk:ffff913b2e90a100 v6only:1
    <->

    Thanks!!

  • Am 26.08.2018 um 20:48 schrieb TE Dukes:

    Can we guess that you don’t offer TLS for IMAP connections?

    So port 143 is listening. Are we back to the point that your DNS or NSS
    is broken so that even

    telnet localhost 143

    fails while

    telnet 127.0.0.1 143

    is successful?

    Alexander

  • trying to I added this to /etc/postfix/main.cf from https://access.redhat.com/solutions/120383

    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2, !SSLv3
    smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtp_tls_protocols = !SSLv2, !SSLv3

    v6only:1

    I think so. Everything else work, I don’t get it.

    Yes, that is correct localhost fails but 127.0.0.1 responds.

    Thanks

  • Randomly adding lines to a config file isn’t going to help things. Those lines, which you added to the postfix config (which will have no impact on dovecot), are — as the RH documentation indicates — to turn off weak protocols, they don’t turn anything on, other directives are used for that.

    In your pastebin:

    <https://paste.fedoraproject.org/paste/MMNEJmqIrEzK-A4N3MR0ZA>

    you show three nameservers:

    nameserver 166.102.165.13
    nameserver 207.91.5.20
    nameserver 127.0.0.1

    I can’t tell if that’s what you still have in place, but note that your dns queries will query those DNS servers in that order. Based on that order, the “localhost” (127.0.0.1) server is the last one that will be queried. Unless explicitly queried (e.g., with an
    @ syntax) it will only be queried if the other two fail.

    Could you confirm the current order (and perhaps list) the nameservers in your /etc/resolv.conf file – so we are aware of any changes.

    I did a “localhost” query against the first two and they respond correctly, e.g.,

    ;; QUESTION SECTION:
    ;localhost. IN A

    ;; ANSWER SECTION:
    localhost. 86400 IN A 127.0.0.1

    ;; Query time: 100 msec
    ;; SERVER: 166.102.165.13#53(166.102.165.13)

    Somewhat related to the:

    > telnet localhost 143
    >
    > fails [while it works when you try 127.0.0.1]

    In an earlier message (from Sunday, August 26, 2018 14:37:57) you state:

    > I have all the files shipped with CentOS. I created 2 zone files

    could you please enumerate the “named.*” files that you have under your defined directory. Note, if you’ve chrooted named that’s a different location than in a non-chrooted setup.

    Then there’s this:

    > ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @localhost localhost
    > +short
    > ; (1 server found)
    > ;; global options: +cmd
    > ;; connection timed out; no servers could be reached

    do you *really* have a name server running on your local machine?
    Just thought I’d ask.

    While you are at it, could you show the current state of your
    /etc/hosts file (as well as its ownerships and permissions).

  • The first two nameservers belong to my ISP. Should I move 127.0.0.1 to the top?

    They are still in that order.

    Not sure what I have done, but telnet localhost 143 now works but telnet
    127.0.0.1 143 fails.

    total 28
    -rw-r–r– 1 root named 391 Aug 26 17:44 192.168.1.zone drwxrwx— 2 named named 127 Aug 26 03:46 data/
    drwxrwx— 2 named named 31 Aug 26 16:28 dynamic/
    -rw-r–r– 1 root root 0 Aug 26 20:54 named
    -rw-r—– 1 root named 2281 May 22 2017 named.ca
    -rw-r—– 1 root named 152 Dec 15 2009 named.empty
    -rw-r—– 1 root named 152 Jun 21 2007 named.localhost
    -rw-r—– 1 root named 168 Dec 15 2009 named.loopback
    -rw-r–r– 1 root named 793 Aug 26 17:44 palmettodomains.zone
    -rw-r–r– 1 root root 1001 Aug 26 13:29 palmettodomains.zone.082618
    drwxrwx— 2 named named 6 Apr 12 14:48 slaves/

    root 600 0.0 0.0 112704 968 tty2 S+ 21:02 0:00 grep
    –color=auto named named 21096 0.0 0.3 391636 60160 ? Ssl 17:45 0:00
    /usr/sbin/named -u named -c /etc/named.conf

    127.0.0.1 localhost localhost.localdomain localhost4
    localhost4.localdomain4
    #127.0.0.1 localhost.localdomain localhost
    192.168.1.110 ts130.palmettodomains.com ts130
    192.168.1.110 mail.palmettodomains.com mail

    ::1 localhost localhost.localdomain localhost6
    localhost6.localdomain6
    #::1 localhost6.localdomain6 localhost6
    192.168.1.102 edukes1.palmettodomains.com edukes1
    192.168.1.105 hp8200.palmettodomains.com hp8200
    ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

    -rw-r–r– 1 root root 509 Aug 26 14:02 hosts

    Thanks!!

  • Since your:

    dig @localhost localhost

    failed, try:

    dig @127.0.0.1 localhost a

    (in this context, i like the longer output as it reveals more).

    If that fails, then there is, at minimum, a problem with your local dns server. If that works, try:

    dig @localhost4 localhost a

    This will explicitly use the ipv4 127. entry in your /etc/hosts, while “localhost” could use either.

    [by the way, you appear to have redundant ipv6 “localhost” entries in your /etc/hosts file. mostly to have things clean, i’d get rid of the bottom one.]

  • From dig @127.0.0.1 localhost a

    ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @127.0.0.1 localhost a
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36452 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;localhost. IN A ;; ANSWER SECTION: localhost. 86400 IN A 127.0.0.1 ;; AUTHORITY SECTION: localhost. 86400 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 86400 IN AAAA ::1 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Aug 26 22:29:21 EDT 2018 ;; MSG SIZE rcvd: 96 From dig @localhost4 localhost a ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @localhost4 localhost a
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39351 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;localhost. IN A ;; ANSWER SECTION: localhost. 86400 IN A 127.0.0.1 ;; AUTHORITY SECTION: localhost. 86400 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 86400 IN AAAA ::1 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Aug 26 22:30:35 EDT 2018 ;; MSG SIZE rcvd: 96 Thanks! Not sure where that came from but its been removed. Thank!!

  • Since the localhost4 approach worked, commend out the ipv6 localhost entries in your /etc/hosts file, then try:

    dig @localhost localhost a

    again. If that works try:

    telnet localhost 143

    once again. If those work, it would seem that your ipv6 is messed up and your system is trying it first and not falling back to ipv4.

    Regarding your nameserver list in /etc/resolv.conf. If you have a working 127.0.0.1 nameserver you generally don’t include external nameservers in that list. So, if non-ipv6 things seem to work, I’d remove the two non-127 nameservers from that list.

  • IP6 is commented out

    That works

    This also works Removed the two nameservers. Still can’t access mail. Getting connection to storage server failed on the roundcube login page.

    Thanks, again!

  • That you can now successfully get to “localhost” is good progress. Seems you want to stay away from ipv6 networking issues unless/until you resolve whatever that issue is.

    Roundcube is, potentially, a totally separate issue. I don’t use it, so can only suggest minimal debugging ideas.

    What is the hostname that you use to get to your roundcube instance?
    Can you resolve that:

    dig a

    If you get an answer, is the ipnumber correct?

    Note, if the hostname for your roundcube instance is one of the ipv6
    entries in your /etc/hosts file, I’d remove that – and either put in an ipv4 entry or put an entry for it in your dns.

  • ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> mail.palmettodomains.com a
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40652 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mail.palmettodomains.com. IN A ;; ANSWER SECTION: mail.palmettodomains.com. 86400 IN A 192.169.1.110 ;; AUTHORITY SECTION: palmettodomains.com. 86400 IN NS dns1.palmettodomains.com. ;; ADDITIONAL SECTION: dns1.palmettodomains.com. 86400 IN A 192.168.1.110 dns1.palmettodomains.com. 86400 IN AAAA aaaa:bbbb::110 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Aug 27 09:01:48 EDT 2018 ;; MSG SIZE rcvd: 132 Thanks again! I still think it’s a mail issue. I can’t get mail using usermin either. Think I’m going to remove the TLS stuff from postfix main.cf that I added yesterday and retry.

  • Those TLS lines that you added to your postfix config file yesterday have nothing to do with your ability (or not) to get to your roundcube instance. I believe that the roundcube frontend is an application that runs via httpd/apache. Assuming I am correct on that, debugging your apache setup would be the next set of things to look at. Confirm that it (apache) is running and listening on the port(s) you expect it on (netstat and ps will help there) and then start with the access and error logs.

  • Richard wrote:

    Pardon me if I butt in – I haven’t really been following this thread, but what’s selinux set to – off, permissive, enforcing?

    mark

  • If I missed this further up thread my apologies – is SELinux enabled and are there any relevant exceptions being logged?

  • added

    Pretty sure SELinux is turned off unless it got turned on without my knowledge through an updtate/upgrade.

    I removed the TLS lines from main.cf I added last night and remotely did a reboot from here at work.

    Mail is again working!! I am skeptical to mark this thread solved as I
    thought it was solved back in July.

    I think, removing my ISP’s DNS servers from resolve.conf was the fix, could be removing IPV6 from etc/hosts. Might put it back in just to see.

    Again, many, many thanks!!

    I really want to thank everyone for their help and patience!!

  • As I indicated earlier, removing those lines from your postfix config will have no impact on your ability to reach your roundcube instance.

    Unlike the windowz world, you mostly don’t need to “reboot” a machine after making changes to a service (e.g., your postfix config change). An unnecessary reboot can bring in many issues so makes debugging a problem difficult. Instead, restart the service in question (often a reload is all that’s needed, but a service restart generally doesn’t hurt in a single/lower user environment).

    Unless you are VPN-ing (or equiv) my sense is that you are currently getting to your mail (roundcube) from outside your network. Earlier, when it wasn’t working, my sense was that you were inside. If that’s true you can’t really tell if your issue has been resolved as you are coming at things from different network directions.

  • The mail in question is system mail sent via cron. I access it from both inside the network and outside. Due to being on a dynamic ip, I can’t send mail to the outside but I can receive it.

    Again, really appreciate the help!!

  • Added back the IPV6 to /etc/hosts a couple days ago for grins and giggles. No longer getting IPV6 errors in logwatch for bind. Everything working.

    I think removing my ISP’s nameservers from /etc/resolv.conf was the fix. They have been in there forever so still have my fingers crossed.

    Again, many thanks!!

  • I just caught up on the thread.  It looks like the core issue was never actually resolved:  “getent hosts localhost” still doesn’t return the expected result, right?

        $ getent hosts localhost
        ::1             localhost localhost.localdomain localhost6
    localhost6.localdomain6
        $ grep ^hosts /etc/nsswitch.conf
        hosts:      files dns myhostname

    If you’re not getting the expected result from “getent”, and if your nsswitch.conf lists “files”, then glibc is somehow broken.  “rpm -V
    glibc” might tell you how, or it might not.  Could be that glibc can’t load /lib64/libnss_files.so.2.

    In any case, DNS is now providing you with a result for “localhost”, and that’ll work around most of the problems, but you really should take steps to fix glibc.  With something that low-level broken, I’d urge you to build a new system from scratch, and automate the build with some configuration management tool this time, so that the next time you need to rebuild, you can do it quickly.

  • Its returning exactly as above

    Its returning: files dns

    rpm -V returns nothing.

    Thanks for the follow up!!