1 Topic by connor40porter

  • connor40porter
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 6

Topic: Connection to storage server failed and E-mails wait in queue to be se

==== Required information ====
- iRedMail version (check /etc/iredmail-release): latest
- Linux/BSD distribution name and version: CentOS7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): pgsql
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? I'm not a pro in the slightest
- Related log if you're reporting an issue:
====

Hi all! I'm very new and trying to set up a linux server for practice. I've got dns pointed at me and mx keys shared and all that stuff, its just that when I installed and configured ownCloud, my Roundcube stopped being able to connect to it's storage server. I also havn't been able to send or receive any e-mails to outside addresses, only internal ones. Anyone got anytips or something to guide me on my way?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Connection to storage server failed and E-mails wait in queue to be se

Each time you need to report an issue, please do attach related log or error message, so that others can help troubleshoot.

3 Reply by connor40porter

  • connor40porter
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 6

Re: Connection to storage server failed and E-mails wait in queue to be se

ZhangHuangbin wrote:

Each time you need to report an issue, please do attach related log or error message, so that others can help troubleshoot.

I would post a log, but I don't know which one to post.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Connection to storage server failed and E-mails wait in queue to be se

connor40porter wrote:

my Roundcube stopped being able to connect to it's storage server. I also havn't been able to send or receive any e-mails to outside addresses

Any error message of cannot "connect to its storage server" and cannot send email?

Also, any related log in Postfix log file?

5 Reply by connor40porter (edited by connor40porter 2016-05-25 05:45:55)

  • connor40porter
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 6

Re: Connection to storage server failed and E-mails wait in queue to be se

Okay, I managed to fix the "connect to its storage server" error by just restarting the machine. However, I still cannot send e-mail. I'll post logs now.

Here's from /etc/postfix/main.cf

# --------------------
# INSTALL-TIME CONFIGURATION INFORMATION
#
# location of the Postfix queue. Default is /var/spool/postfix.
queue_directory = /var/spool/postfix

# location of all postXXX commands. Default is /usr/sbin.
command_directory = /usr/sbin

# location of all Postfix daemon programs (i.e. programs listed in the
# master.cf file). This directory must be owned by root.
# Default is /usr/libexec/postfix
daemon_directory = /usr/libexec/postfix

# location of Postfix-writable data files (caches, random numbers).
# This directory must be owned by the mail_owner account (see below).
# Default is /var/lib/postfix.
data_directory = /var/lib/postfix

# owner of the Postfix queue and of most Postfix daemon processes.
# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
# Default is postfix.
mail_owner = postfix

# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail.postfix

# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix

# full pathname of the Postfix mailq command.  This is the Sendmail-compatible
# mail queue listing command.
mailq_path = /usr/bin/mailq.postfix

# group for mail submission and queue management commands.
# This must be a group name with a numerical group ID that is not shared with
# other accounts, not even with the Postfix account.
setgid_group = postdrop

# external command that is executed when a Postfix daemon program is run with
# the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5

debug_peer_level = 2

# --------------------
# CUSTOM SETTINGS
#

# SMTP server response code when recipient or domain not found.
unknown_local_recipient_reject_code = 550

# Do not notify local user.
biff = no

# Disable the rewriting of "site!user" into "user@site".
swap_bangpath = no

# Disable the rewriting of the form "user%domain" to "user@domain".
allow_percent_hack = no

# Allow recipient address start with '-'.
allow_min_user = no

# Disable the SMTP VRFY command. This stops some techniques used to
# harvest email addresses.
disable_vrfy_command = yes

# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
inet_protocols = ipv4

# Enable all network interfaces.
inet_interfaces = 10.0.0.36, 127.0.0.1

#
# TLS settings.
#
# SSL key, certificate, CA
#
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail.crt

#
# Disable SSLv2, SSLv3
#
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3

#
# Fix 'The Logjam Attack'.
#
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_dh512_param_file = /etc/pki/tls/dh512_param.pem
smtpd_tls_dh1024_param_file = /etc/pki/tls/dh2048_param.pem

tls_random_source = dev:/dev/urandom

# Log only a summary message on TLS handshake completion — no logging of client
# certificate trust-chain verification errors if client certificate
# verification is not required. With Postfix 2.8 and earlier, log the summary
# message, peer certificate summary information and unconditionally log
# trust-chain verification errors.
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1

# Produce `Received:` message headers that include information about the
# protocol and cipher used, as well as the remote SMTP client CommonName and
# client certificate issuer CommonName.
# This is disabled by default, as the information may be modified in transit
# through other mail servers. Only information that was recorded by the final
# destination can be trusted.
#smtpd_tls_received_header = yes

# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext.
# References:
#   - http://www.postfix.org/TLS_README.html#client_tls_may
#   - http://www.postfix.org/postconf.5.html# … rity_level
smtp_tls_security_level = may

# Use the same CA file as smtpd.
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_note_starttls_offer = yes

# Enable long, non-repeating, queue IDs (queue file names).
# The benefit of non-repeating names is simpler logfile analysis and easier
# queue migration (there is no need to run "postsuper" to change queue file
# names that don't match their message file inode number).
#enable_long_queue_ids = yes

# Reject unlisted sender and recipient
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes

# Header and body checks with PCRE table
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks.pcre

# HELO restriction
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_non_fqdn_helo_hostname
    reject_invalid_helo_hostname
    check_helo_access pcre:/etc/postfix/helo_access.pcre

# Sender restrictions
smtpd_sender_restrictions =
    reject_unknown_sender_domain
    reject_non_fqdn_sender
    reject_unlisted_sender
    permit_mynetworks
    permit_sasl_authenticated
    check_sender_access pcre:/etc/postfix/sender_access.pcre

# Recipient restrictions
smtpd_recipient_restrictions =
    reject_unknown_recipient_domain
    reject_non_fqdn_recipient
    reject_unlisted_recipient
    check_policy_service inet:127.0.0.1:7777
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination

# Data restrictions
smtpd_data_restrictions = reject_unauth_pipelining

# END-OF-MESSAGE restrictions
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777

proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps

# Avoid duplicate recipient messages. Default is 'yes'.
enable_original_recipient = no

# Virtual support.
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail

# Do not set virtual_alias_domains.
virtual_alias_domains =

#
# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
#          be forced to submit email through port 587 instead.
#
smtpd_sasl_auth_enable = yes
#smtpd_tls_auth_only = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_security_level = may

# hostname
myhostname = mx.halo.city
myorigin = mx.halo.city
mydomain = mx.halo.city

# trusted SMTP clients which are allowed to relay mail through Postfix.
#
# Note: additional IP addresses/networks listed in mynetworks should be listed
#       in iRedAPD setting 'MYNETWORKS' too. for example:
#
#       MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
#
mynetworks = 127.0.0.1, 10.0.0.36

# Accepted local emails
mydestination = $myhostname, localhost, localhost.localdomain

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

# Default message_size_limit.
message_size_limit = 15728640

# The set of characters that can separate a user name from its extension
# (example: user+foo), or a .forward file name from its extension (example:
# .forward+foo).
# Postfix 2.11 and later supports multiple characters.
recipient_delimiter = +

#
# Lookup virtual mail accounts
#
transport_maps =
    proxy:pgsql:/etc/postfix/pgsql/transport_maps_user.cf
    proxy:pgsql:/etc/postfix/pgsql/transport_maps_domain.cf

sender_dependent_relayhost_maps =
    proxy:pgsql:/etc/postfix/pgsql/sender_dependent_relayhost_maps.cf

# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
smtpd_sender_login_maps =
    proxy:pgsql:/etc/postfix/pgsql/sender_login_maps.cf

virtual_mailbox_domains =
    proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf

relay_domains =
    $mydestination
    proxy:pgsql:/etc/postfix/pgsql/relay_domains.cf

virtual_mailbox_maps =
    proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf

virtual_alias_maps =
    proxy:pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf
    proxy:pgsql:/etc/postfix/pgsql/domain_alias_maps.cf
    proxy:pgsql:/etc/postfix/pgsql/catchall_maps.cf
    proxy:pgsql:/etc/postfix/pgsql/domain_alias_catchall_maps.cf

sender_bcc_maps =
    proxy:pgsql:/etc/postfix/pgsql/sender_bcc_maps_user.cf
    proxy:pgsql:/etc/postfix/pgsql/sender_bcc_maps_domain.cf

recipient_bcc_maps =
    proxy:pgsql:/etc/postfix/pgsql/recipient_bcc_maps_user.cf
    proxy:pgsql:/etc/postfix/pgsql/recipient_bcc_maps_domain.cf
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
postscreen_greet_action = enforce
postscreen_dnsbl_action = enforce
postscreen_blacklist_action = enforce
#
# Dovecot SASL support.
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
content_filter = amavis:[127.0.0.1]:10024
smtp-amavis_destination_recipient_limit = 1

And here's my /var/log/maillog

May 23 15:12:48 localhost postfix/submission/smtpd[9774]: Anonymous TLS connection established from hermes.h*o.city[127.0.0.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
May 23 15:12:48 localhost postfix/submission/smtpd[9774]: 6F5658265244: client=hermes.h*o.city[127.0.0.1], sasl_method=LOGIN, sasl_username=postmaster@hermes.h*o.city
May 23 15:12:48 localhost postfix/cleanup[9785]: 6F5658265244: message-id=<291d6fef846daf8f458c2b7b0ffc9ef4@hermes.*.city>
May 23 15:12:48 localhost postfix/qmgr[7571]: 6F5658265244: from=<postmaster@hermes.*.city>, size=566, nrcpt=1 (queue active)
May 23 15:12:48 localhost roundcube: <jno5mmj7> User postmaster@hermes.*.city [127.0.0.1]; Message for ta*ar@gmail.com; 250: 2.0.0 Ok: queued as 6F5658265244
May 23 15:12:48 localhost postfix/smtp[9790]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 23 15:12:48 localhost postfix/smtp[9790]: 6F5658265244: to=<ta*ar@gmail.com>, relay=none, delay=0.14, delays=0.13/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 23 15:12:48 localhost postfix/submission/smtpd[9774]: disconnect from hermes.h*o.city[127.0.0.1]
May 23 15:14:30 localhost postfix/qmgr[7571]: 05C1F8265243: from=<demo2@hermes.h*o.city>, size=565, nrcpt=1 (queue active)
May 23 15:14:30 localhost postfix/smtp[10281]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 23 15:14:30 localhost postfix/smtp[10281]: 05C1F8265243: to=<ta*ar@gmail.com>, relay=none, delay=547, delays=547/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 23 15:19:25 localhost clamd[1245]: SelfCheck: Database status OK.
May 23 15:19:30 localhost postfix/qmgr[7571]: 6499882651C8: from=<demo2@hermes.h*o.city>, size=570, nrcpt=1 (queue active)
May 23 15:19:30 localhost postfix/qmgr[7571]: 6F5658265244: from=<postmaster@hermes.h*o.city>, size=566, nrcpt=1 (queue active)
May 23 15:19:30 localhost postfix/smtp[11433]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 23 15:19:30 localhost postfix/smtp[11435]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 23 15:19:30 localhost postfix/smtp[11433]: 6499882651C8: to=<connor40porter@*.com>, relay=none, delay=1038, delays=1038/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 23 15:19:30 localhost postfix/smtp[11435]: 6F5658265244: to=<ta*ar@gmail.com>, relay=none, delay=402, delays=402/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)

*Edited for readability

Before I did these, I also restarted postfix, amavisd, and dovecot. I thank you for being patient with me.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Connection to storage server failed and E-mails wait in queue to be se

connor40porter wrote:

May 23 15:12:48 localhost postfix/smtp[9790]: 6F5658265244: to=<tankingtomawar@gmail.com>, relay=none, delay=0.14, delays=0.13/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)

Amavisd is not running (port 10024, 10026, 9998), please try to start it first.

Also, how much memory do you have on this server? at least 2 GB is required for a low traffic mail server, so that Amavisd + SA + ClamAV can run well and provide spam/virus scanning.

7 Reply by connor40porter (edited by connor40porter 2016-05-25 05:43:23)

  • connor40porter
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 6

Re: Connection to storage server failed and E-mails wait in queue to be se

Hi Zhang. Thanks for replying and sticking with me. Restarted amavisd and still nothing. I have 16GB of RAM on this server, more than enough to provide for services.

May 23 18:32:53 localhost postfix/submission/smtpd[23932]: connect from hermes.*.city[127.0.0.1]
May 23 18:32:53 localhost postfix/submission/smtpd[23932]: Anonymous TLS connection established from hermes.*.city[127.0.0.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
May 23 18:32:53 localhost postfix/trivial-rewrite[23933]: warning: do not list domain hermes.*.city in BOTH mydestination and virtual_mailbox_domains
May 23 18:32:53 localhost postfix/submission/smtpd[23932]: 619738265246: client=hermes.*.city[127.0.0.1], sasl_method=LOGIN, sasl_username=postmaster@hermes.*.city
May 23 18:32:53 localhost postfix/cleanup[23946]: 619738265246: message-id=<6d56c7865824857d9ce2d6242fd079c9@hermes.*.city>
May 23 18:32:53 localhost postfix/qmgr[7571]: 619738265246: from=<postmaster@hermes.*.city>, size=565, nrcpt=1 (queue active)
May 23 18:32:53 localhost roundcube: <jno5mmj7> User postmaster@hermes.*.city [127.0.0.1]; Message for ta*ar@gmail.com; 250: 2.0.0 Ok: queued as 619738265246
May 23 18:32:53 localhost postfix/smtp[23951]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 23 18:32:53 localhost postfix/smtp[23951]: 619738265246: to=<ta*ar@gmail.com>, relay=none, delay=0.16, delays=0.16/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 23 18:32:53 localhost postfix/submission/smtpd[23932]: disconnect from hermes.*.city[127.0.0.1]

8 Reply by connor40porter

  • connor40porter
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 6

Re: Connection to storage server failed and E-mails wait in queue to be se

connor40porter wrote:

May 23 18:32:53 localhost postfix/trivial-rewrite[23933]: warning: do not list domain hermes.halo.city in BOTH mydestination and virtual_mailbox_domains

Took care of this.

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Connection to storage server failed and E-mails wait in queue to be se

connor40porter wrote:

May 23 18:32:53 localhost postfix/trivial-rewrite[23933]: warning: do not list domain hermes.halo.city in BOTH mydestination and virtual_mailbox_domains

As it clearly says: do not list domain hermes.halo.city in BOTH mydestination and virtual_mailbox_domains.

During iRedMail installation, it reminds you that you cannot use the server hostname as virtual mail domain name. You have to either use a different server hostname, or use a different virtual mail domain name.

10 Reply by connor40porter

  • connor40porter
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 6

Re: Connection to storage server failed and E-mails wait in queue to be se

Hi Zhang! I went through and kept getting this error. I eventually ended up talking to one of my colleagues and he asked me if I was hosting this server from a Comcast Home router, which I was. It turns out that Comcast DISALLOWS any communication to home routers on port 25 in order to prevent their servers from getting bogged down by that sort of information. This explains the "connection refused" error that i've been getting from both the internal domain and any external domain that i've tried to send to my internal domain. I figured I would come back and let you and any future people know that sometimes you may have everything set up correctly, but it's Comcast that's going to hold you back.