1

Topic: My new iRedMail 0.7.1 problems

Dear Teams,

Currently I've install new CentOS 5.5 with iRedMail-0.7.1. It's handle 700++ user using mostly pop and few webmail. The problems are:
1. temporary lookup failure
2. queue file write error
3. without any notification, user cannot load webmail, access pop and smtp.

here is my 'postconf -n' (hv change value of mydomain)
----
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 5500000
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = mydomain.co.id
myhostname = mail.mydomain.co.id
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = mail.mydomain.co.id
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.5.9/README_FILES
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sample_directory = /usr/share/doc/postfix-2.5.9/samples
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:501
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 501
virtual_transport = dovecot
virtual_uid_maps = static:501
----------

and here's my "my.cf"
-----------
#---------------------------------------------------------------------
# This file is part of iRedMail, which is an open source mail server
# solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu.
#
# iRedMail is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# iRedMail is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with iRedMail.  If not, see <http://www.gnu.org/licenses/>.
#---------------------------------------------------------------------

#
# Sample MySQL configuration file. It should be localted at:
#
#   - RHEL/CentOS:  /etc/my.cnf
#
# Shipped within iRedMail project:
#   http://www.iredmail.org/
#

[mysqld]
#bind-address            = 127.0.0.1
port                    = 3306
default-character-set   = utf8
datadir                 = /var/lib/mysql
socket                  = /var/lib/mysql/mysql.sock
user                    = mysql

#log = /var/log/mysql.log
#log-slow-queries

# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1

skip-locking
#skip-bdb
#skip-networking

query-cache-type    = 1
# Use up to 64Mb of RAM to store query results.
query-cache-size    = 64M
query_cache_limit   = 10M

thread_cache_size   = 8

set-variable = max_connections=1024
#set-variable = max_connect_errors=150

# If you got error message like "The total number of locks exceeds the lock table size",
# please try to increase 'innodb_buffer_pool_size' to a reasonable value.
# Restarting MySQL server is required to make new value work.
# You can get current value with SQL command:
#
#   mysql> SHOW ENGINE INNODB STATUS \G
#          [...]
#          Buffer pool size   512
#          [...]
#
#set-variable=innodb_buffer_pool_size=512M

#ssl-ca =
ssl-cert = /etc/pki/tls/certs/iRedMail_CA.pem
ssl-key = /etc/pki/tls/private/iRedMail.key
ssl-cipher = ALL

[client]
default-character-set=utf8

[mysql.server]
user        = mysql
basedir     = /var/lib

[mysqld_safe]
log-error   = /var/log/mysqld.log
pid-file    = /var/run/mysqld/mysqld.pid
----------

and if i restart the server, it'll start again with no problem for some times. until it'll down again.
What should i do about this?

2

Re: My new iRedMail 0.7.1 problems

Any error log in log files under /var/log/? e.g. maillog, dovecot.log, iredapd.log.

3

Re: My new iRedMail 0.7.1 problems

ZhangHuangbin wrote:

Any error log in log files under /var/log/? e.g. maillog, dovecot.log, iredapd.log.

this is 10 line from dovecot log
---
May 03 21:37:46 pop3-login: Info: Disconnected (no auth attempts): rip=125.160.213.22, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
May 04 08:22:48 imap-login: Info: Disconnected (no auth attempts): rip=122.144.4.158, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
May 04 08:32:04 pop3-login: Info: Disconnected (no auth attempts): rip=122.144.4.250, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
May 04 09:27:21 imap-login: Info: Disconnected (no auth attempts): rip=122.144.4.250, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
May 04 09:27:21 pop3-login: Info: Disconnected (no auth attempts): rip=122.144.4.250, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
May 04 09:27:37 imap-login: Info: Disconnected (no auth attempts): rip=122.144.4.250, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
May 04 09:30:58 pop3-login: Info: Disconnected (no auth attempts): rip=122.144.4.250, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
May 04 09:35:39 pop3-login: Info: Disconnected (no auth attempts): rip=122.144.4.250, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired
May 04 09:35:46 pop3-login: Info: Disconnected (no auth attempts): rip=122.144.4.250, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired
May 04 09:35:52 pop3-login: Info: Disconnected (no auth attempts): rip=122.144.4.250, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired
----

this is from maillog log
----
May  4 10:19:23 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:24 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:24 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:24 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:29 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:29 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:29 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:31 mail amavis[9247]: (09247-19) (!)Requesting process rundown after fatal error
May  4 10:19:31 mail amavis[10399]: (10399-01-2) (!)Requesting process rundown after fatal error
May  4 10:19:31 mail amavis[10400]: (10400-01-2) (!)Requesting process rundown after fatal error
May  4 10:19:31 mail amavis[10401]: (10401-01-2) (!)Requesting process rundown after fatal error
May  4 10:19:34 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:34 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:34 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:37 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:37 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:37 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:42 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:42 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
May  4 10:19:42 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]
----

this is from mysqld log
----
110504 09:39:34  mysqld started
110504  9:39:34  InnoDB: Started; log sequence number 0 39341688
110504  9:39:35 [Note] /usr/libexec/mysqld: ready for connections.
Version: '5.0.77'  socket: '/var/lib/mysql/mysql.sock'  port: 3306  Source distribution
110504 10:25:32 [Note] /usr/libexec/mysqld: Normal shutdown

110504 10:25:34  InnoDB: Starting shutdown...
110504 10:25:36  InnoDB: Shutdown completed; log sequence number 0 40428046
110504 10:25:36 [Note] /usr/libexec/mysqld: Shutdown complete

110504 10:25:36  mysqld ended

110504 10:25:37  mysqld started
110504 10:25:37  InnoDB: Started; log sequence number 0 40428046
110504 10:25:37 [Note] /usr/libexec/mysqld: ready for connections.
Version: '5.0.77'  socket: '/var/lib/mysql/mysql.sock'  port: 3306  Source distribution
----

this is from iredapd log
----
2011-05-04 10:35:50 INFO user1@mydomain.co.id -> user2@mydomain.co.id, DUNNO
2011-05-04 10:35:51 INFO user3@mydomain.co.id -> user4@mydomain.co.id, DUNNO
2011-05-04 10:35:51 INFO handono_putro@yahoo.com -> user5@mydomain.co.id, DUNNO
2011-05-04 10:35:51 INFO user1@mydomain.co.id -> user6@mydomain.co.id, DUNNO
2011-05-04 10:35:52 INFO user3@mydomain.co.id -> user7@mydomain.co.id, DUNNO
2011-05-04 10:35:52 INFO user1@mydomain.co.id -> user5@mydomain.co.id, DUNNO
2011-05-04 10:35:53 INFO user1@mydomain.co.id -> user8@mydomain.co.id, DUNNO
2011-05-04 10:35:54 INFO mifta@chingluh-jv.co.id -> user9@mydomain.co.id, DUNNO
2011-05-04 10:35:57 INFO user4@mydomain.co.id -> user2@mydomain.co.id, DUNNO
----

I've to restart the dovecot, postfix, mysql, iptables and fail2ban for make it all normal again. but mostly it wont help so i have to restart the server. but it won't less long before it going to problem again. sad

4

Re: My new iRedMail 0.7.1 problems

Error in dovecot log:

wysint wrote:

May 04 09:35:46 pop3-login: Info: Disconnected (no auth attempts): rip=122.144.4.250, lip=175.103.49.226, TLS handshaking: SSL_accept() failed: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired

Error in maillog:

wysint wrote:

May  4 10:19:34 mail roundcube: MDB2 Error: unknown error (-1): _doConnect: [Error message: Too many connections] [Native code: 1040] [Native message: Too many connections]

What's the setting in your /etc/my.cnf:

set-variable = max_connections=1024                                                                 

You can try to increase it.

5

Re: My new iRedMail 0.7.1 problems

I'll change the value to 2048.

will update the result later. thQ.

6

Re: My new iRedMail 0.7.1 problems

now this is what i've got from my maillog.
-------
May  4 17:44:31 mail postfix/smtpd[6478]: disconnect from unknown[xxx.xxx.xxx.xxx]
May  4 17:44:33 mail postfix/smtpd[6320]: connect from unknown[xxx.xxx.xxx.xxx]
May  4 17:44:33 mail postfix/smtpd[6320]: warning: connect to 127.0.0.1:7777: Connection refused
May  4 17:44:33 mail postfix/smtpd[6320]: warning: problem talking to server 127.0.0.1:7777: Connection refused
May  4 17:44:34 mail postfix/smtpd[6320]: warning: connect to 127.0.0.1:7777: Connection refused
May  4 17:44:34 mail postfix/smtpd[6320]: warning: problem talking to server 127.0.0.1:7777: Connection refused
May  4 17:44:34 mail postfix/smtpd[6320]: NOQUEUE: reject: RCPT from unknown[xxx.xxx.xxx.xxx]: 451 4.3.5 Server configuration problem; from=<user13@mydomain.co.id> to=<user14@mydomain.co.id> proto=ESMTP helo=<[xxx.xxx.xxx.xxx]>
--------

and this is from email system administrator:
------
Your message did not reach some or all of the intended recipients.

      Subject:    test
      Sent:    5/4/2011 17:44

The following recipient(s) cannot be reached:
      'user13@mydomain.co.id' on 5/4/2011 17:44
            451 4.3.5 Server configuration problem

      'user14@mydomain.co.id' on 5/4/2011 17:44
            451 4.3.5 Server configuration problem

7

Re: My new iRedMail 0.7.1 problems

wysint wrote:

May  4 17:44:33 mail postfix/smtpd[6320]: warning: connect to 127.0.0.1:7777: Connection refused

You have to restart iredapd service manually.

Also, could you please try this solution to fix it?
http://www.iredmail.org/forum/post9059.html#p9059

8

Re: My new iRedMail 0.7.1 problems

Thq...

I've install DBUtils for centos as instructed. And hv restart all services.

I'll update the result later.

9

Re: My new iRedMail 0.7.1 problems

PERFECT...

After few days monitoring the mailserver activity, all working as I expect. I've edit fail2ban also and now my mailserver running smoothly.

Thank you Zhang for your supports.

10

Re: My new iRedMail 0.7.1 problems

Here's new fix:
http://www.iredmail.org/forum/topic1972 … denly.html

11

Re: My new iRedMail 0.7.1 problems

Done. thanks