1 Topic by daavek

  • daavek
  • Member
  • Offline
  • Registered: 2015-12-10
  • Posts: 11

Topic: Added Let's Encrypt all works, but sendmail from mx server is rejected

============ Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5
- Linux/BSD distribution name and version: CentOS release 6.7 (Final)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====
Hi,
I installed Let's Encrypt about a month ago on my iRedMail server.  I just upgraded today to 0.9.5 to see if that fixed it.  I used this web site as a guide to install Let's Encrypt:  http://www.dsp3.org/integrating-lets-en … -iredmail/

Everything works including sendmail from other servers, with the exception of sending emails (logwatch, sendmail) from the mail server.  Logwatch and sendmail used to work before I installed Let's Encrypt, and I have tried to retrace my steps to fix it, but I can't seem to find the problem.  I have tried changes in /etc/postfix/main.cf (hostname/mydestination), with no luck. 

Below are logs and config files
For this example, (to avoid spam), I have done a search for my domain name and replaced it with "<mydomain>"

parts of /etc/httpd/conf.d/ssl.conf:

SSLCertificateFile /etc/letsencrypt/live/mx.<mydomain>.com/cert.pem

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/letsencrypt/live/mx.<mydomain>.com/privkey.pem

Alias /cluebringer "/usr/share/cluebringer/webui/"
Alias /iredadmin/static "/var/www/iredadmin/static/"
WSGIScriptAlias /iredadmin "/var/www/iredadmin/iredadmin.py/"
Alias /mail "/var/www/roundcubemail/"
Alias /awstats/icon "/usr/share/awstats/wwwroot/icon/"
Alias /awstatsicon "/usr/share/awstats/wwwroot/icon/"
ScriptAlias /awstats "/usr/share/awstats/wwwroot/cgi-bin/"



parts of /etc/postfix/main.cf

readme_directory = /usr/share/doc/postfix-2.11.0/README_FILES
inet_protocols = all
virtual_alias_domains =
myhostname = mx.<mydomain>.com
myorigin = mx.<mydomain>.com
allow_percent_hack = no
swap_bangpath = no
mydomain = <mydomain>.com
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
biff = no
inet_interfaces = all
mynetworks = 127.0.0.0/8, 192.168.1.0/28
mynetworks_style = host
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_tls_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = yes
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, check_sender_access pcre:/etc/postfix/sender_access.pcre
delay_warning_time = 0h
maximal_queue_lifetime = 4h
bounce_queue_lifetime = 4h
recipient_delimiter = +
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_helo_required = yessmtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
queue_run_delay = 300s
minimal_backoff_time = 300s
maximal_backoff_time = 4000s
enable_original_recipient = no
disable_vrfy_command = yes
home_mailbox = Maildir/
allow_min_user = no
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
message_size_limit = 15728640
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_mailbox_base = /home/vmail
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cfvirtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymoussmtpd_tls_auth_only = yessmtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777,
smtpd_tls_security_level = may
smtpd_tls_loglevel = 0smtpd_tls_key_file = /etc/letsencrypt/live/mx.<mydomain>.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mx.<mydomain>.com/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mx.<mydomain>.com/chain.pem
tls_random_source = dev:/dev/urandom
mailbox_command = /usr/libexec/dovecot/deliver
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
content_filter = smtp-amavis:[127.0.0.1]:10024
smtp-amavis_destination_recipient_limit = 1
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_dh1024_param_file = /etc/pki/tls/dhparams.pem
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf

/var/log/maillog:

May  3 13:34:50 mx sendmail[23232]: u43JYjso023232: from=root, size=6, class=0, nrcpts=1, msgid=<201605031934.u43JYjso023232@mx.<mydomain>.com>, relay=root@localhost
May  3 13:34:50 mx postfix/smtpd[22646]: connect from localhost[127.0.0.1]
May  3 13:34:50 mx sendmail[23232]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
May  3 13:34:50 mx postfix/smtpd[22646]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <<myEmail>@mx.<mydomain>.com>: Recipient address rejected: User unknown in local recipient table; from=<root@mx.<mydomain>.com> to=<<myEmail>@mx.<mydomain>.com> proto=ESMTP helo=<mx.<mydomain>.com>
May  3 13:34:50 mx sendmail[23232]: u43JYjso023232: to=<myEmail>@<mydomain>.com, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:00, mailer=relay, pri=30006, relay=[127.0.0.1] [127.0.0.1], dsn=5.1.1, stat=User unknown
May  3 13:34:50 mx sendmail[23232]: u43JYjso023232: u43JYjsp023232: DSN: User unknown
May  3 13:34:50 mx postfix/smtpd[22646]: E28C8120315: client=localhost[127.0.0.1]
May  3 13:34:50 mx postfix/cleanup[22504]: E28C8120315: message-id=<201605031934.u43JYjsp023232@mx.<mydomain>.com>
May  3 13:34:50 mx sendmail[23232]: u43JYjsp023232: to=root, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31030, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as E28C8120315)
May  3 13:34:50 mx postfix/qmgr[1704]: E28C8120315: from=<>, size=2372, nrcpt=1 (queue active)
May  3 13:34:51 mx postfix/smtpd[22646]: disconnect from localhost[127.0.0.1]
May  3 13:35:05 mx postfix/smtpd[22961]: connect from localhost[127.0.0.1]
May  3 13:35:05 mx postfix/smtpd[22961]: C22FE120318: client=localhost[127.0.0.1]
May  3 13:35:05 mx postfix/cleanup[22504]: C22FE120318: message-id=<201605031934.u43JYjsp023232@mx.<mydomain>.com>
May  3 13:35:05 mx postfix/smtpd[22961]: disconnect from localhost[127.0.0.1]
May  3 13:35:05 mx postfix/qmgr[1704]: C22FE120318: from=<>, size=3009, nrcpt=1 (queue active)
May  3 13:35:05 mx postfix/cleanup[22504]: D02C4120428: message-id=<201605031934.u43JYjsp023232@mx.<mydomain>.com>
May  3 13:35:05 mx amavis[1795]: (01795-12) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [127.0.0.1]:39272 [127.0.0.1] <> -> <root@mx.<mydomain>.com>, Queue-ID: E28C8120315, Message-ID: <201605031934.u43JYjsp023232@mx.<mydomain>.com>, mail_id: fP8I6cxiH7qA, Hits: -2.889, size: 2371, queued_as: C22FE120318, 14870 ms
May  3 13:35:05 mx postfix/local[23064]: C22FE120318: to=<root@mx.<mydomain>.com>, relay=local, delay=0.12, delays=0.05/0.01/0/0.07, dsn=2.0.0, status=sent (forwarded as D02C4120428)
May  3 13:35:05 mx postfix/qmgr[1704]: D02C4120428: from=<>, size=3133, nrcpt=1 (queue active)
May  3 13:35:05 mx postfix/qmgr[1704]: C22FE120318: removed
May  3 13:35:05 mx postfix/smtp[22509]: E28C8120315: to=<root@mx.<mydomain>.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=0.06/0/0/15, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as C22FE120318)
May  3 13:35:05 mx postfix/qmgr[1704]: E28C8120315: removed
May  3 13:35:06 mx postfix/pipe[22962]: D02C4120428: to=<<myEmail>@<mydomain>.com>, relay=dovecot, delay=0.29, delays=0.06/0/0/0.23, dsn=2.0.0, status=sent (delivered via dovecot service)
May  3 13:35:06 mx postfix/qmgr[1704]: D02C4120428: removed
May  3 13:35:08 mx postfix/anvil[18962]: statistics: max connection rate 2/60s for (smtp:173.208.164.164) at May  3 13:26:55
May  3 13:35:08 mx postfix/anvil[18962]: statistics: max connection count 2 for (smtp:173.208.164.164) at May  3 13:26:55
May  3 13:35:08 mx postfix/anvil[18962]: statistics: max cache size 3 at May  3 13:33:31

Any help would be appreciated!
Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Added Let's Encrypt all works, but sendmail from mx server is rejected

daavek wrote:

Everything works including sendmail from other servers, with the exception of sending emails (logwatch, sendmail) from the mail server.  Logwatch and sendmail used to work before I installed Let's Encrypt

Please show us related log of logwatch/sendmail failure.

3 Reply by daavek

  • daavek
  • Member
  • Offline
  • Registered: 2015-12-10
  • Posts: 11

Re: Added Let's Encrypt all works, but sendmail from mx server is rejected

Sorry if this is not what you are asking for.  I have tried to include several other things as well, including the email notification (returned mail).

/var/log/maillog:
May  2 03:42:34 mx sendmail[14466]: u429flcx014466: from=root, size=36641, class=0, nrcpts=1, msgid=<201605020941.u429flcx014466@mx.<mydomain>.com>, relay=root@localhost
May  2 03:42:34 mx postfix/smtpd[14403]: connect from localhost[127.0.0.1]
May  2 03:42:34 mx sendmail[14466]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
May  2 03:42:34 mx postfix/smtpd[14403]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <<myEmail>@mx.<mydomain>.com>: Recipient address rejected: User unknown in local recipient table; from=<root@mx.<mydomain>.com> to=<<myEmail>@mx.<mydomain>.com> proto=ESMTP helo=<mx.<mydomain>.com>
May  2 03:42:34 mx sendmail[14466]: u429flcx014466: to=<myEmail>@<mydomain>.com, ctladdr=root (0/0), delay=00:00:47, xdelay=00:00:00, mailer=relay, pri=66641, relay=[127.0.0.1] [127.0.0.1], dsn=5.1.1, stat=User unknown
May  2 03:42:34 mx sendmail[14466]: u429flcx014466: u429fld0014466: DSN: User unknown
May  2 03:42:34 mx postfix/smtpd[14403]: AFB2C121077: client=localhost[127.0.0.1]
May  2 03:42:34 mx postfix/cleanup[14868]: AFB2C121077: message-id=<201605020942.u429fld0014466@mx.<mydomain>.com>
May  2 03:42:34 mx postfix/qmgr[1689]: AFB2C121077: from=<>, size=39306, nrcpt=1 (queue active)
May  2 03:42:34 mx sendmail[14466]: u429fld0014466: to=root, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=67665, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as AFB2C121077)
May  2 03:42:35 mx postfix/smtpd[14403]: disconnect from localhost[127.0.0.1]
May  2 03:42:50 mx postfix/smtpd[14926]: connect from localhost[127.0.0.1]
May  2 03:42:50 mx postfix/smtpd[14926]: 7D91B120318: client=localhost[127.0.0.1]
May  2 03:42:50 mx postfix/cleanup[14868]: 7D91B120318: message-id=<201605020942.u429fld0014466@mx.<mydomain>.com>
May  2 03:42:50 mx postfix/qmgr[1689]: 7D91B120318: from=<>, size=39983, nrcpt=1 (queue active)
May  2 03:42:50 mx postfix/smtpd[14926]: disconnect from localhost[127.0.0.1]
May  2 03:42:50 mx amavis[13513]: (13513-10) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [127.0.0.1]:37589 [127.0.0.1] <> -> <root@mx.<mydomain>.com>, Queue-ID: AFB2C121077, Message-ID: <201605020942.u429fld0014466@mx.<mydomain>.com>, mail_id: JKescWgdv_Az, Hits: 0.02, size: 39219, queued_as: 7D91B120318, 15848 ms
May  2 03:42:50 mx postfix/smtp[14871]: AFB2C121077: to=<root@mx.<mydomain>.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=0.11/0.01/0.01/16, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7D91B120318)
May  2 03:42:50 mx postfix/qmgr[1689]: AFB2C121077: removed
May  2 03:42:51 mx postfix/local[14928]: warning: database /etc/postfix/aliases.db is older than source file /etc/postfix/aliases
May  2 03:42:51 mx postfix/cleanup[14868]: 35B15121028: message-id=<201605020942.u429fld0014466@mx.<mydomain>.com>
May  2 03:42:51 mx postfix/local[14928]: 7D91B120318: to=<root@mx.<mydomain>.com>, relay=local, delay=1.1, delays=0.16/0.51/0/0.43, dsn=2.0.0, status=sent (forwarded as 35B15121028)
May  2 03:42:51 mx postfix/qmgr[1689]: 35B15121028: from=<>, size=40107, nrcpt=1 (queue active)
May  2 03:42:51 mx postfix/qmgr[1689]: 7D91B120318: removed
May  2 03:42:53 mx postfix/pipe[14932]: 35B15121028: to=<<myEmail>@<mydomain>.com>, relay=dovecot, delay=2.3, delays=0.33/0.84/0/1.1, dsn=2.0.0, status=sent (delivered via dovecot service)
May  2 03:42:53 mx postfix/qmgr[1689]: 35B15121028: removed
May  2 03:45:55 mx postfix/anvil[14436]: statistics: max connection rate 1/60s for (smtp:191.96.111.97) at May  2 03:41:43
May  2 03:45:55 mx postfix/anvil[14436]: statistics: max connection count 1 for (smtp:191.96.111.97) at May  2 03:41:43
May  2 03:45:55 mx postfix/anvil[14436]: statistics: max cache size 1 at May  2 03:41:43


/etc/logwatch/conf/logfiles directory is empty. 

cd /var/log
cat * | grep logwatch

shows entries (cron logs) back to April 4:
Apr 28 03:40:51 mx run-parts(/etc/cron.daily)[3067]: finished 0logwatch
Apr 29 03:18:03 mx run-parts(/etc/cron.daily)[5936]: starting 0logwatch
Apr 29 03:18:52 mx run-parts(/etc/cron.daily)[6385]: finished 0logwatch
Apr 30 03:50:02 mx run-parts(/etc/cron.daily)[10127]: starting 0logwatch
Apr 30 03:50:49 mx run-parts(/etc/cron.daily)[10550]: finished 0logwatch
May  1 03:13:02 mx run-parts(/etc/cron.daily)[7677]: starting 0logwatch
May  1 03:13:52 mx run-parts(/etc/cron.daily)[8106]: finished 0logwatch
May  2 03:41:02 mx run-parts(/etc/cron.daily)[14309]: starting 0logwatch
May  2 03:42:35 mx run-parts(/etc/cron.daily)[14875]: finished 0logwatch
May  3 03:28:02 mx run-parts(/etc/cron.daily)[22766]: starting 0logwatch
May  3 03:28:55 mx run-parts(/etc/cron.daily)[23255]: finished 0logwatch


The emails I get daily are (from logwatch on the mx server), show from: Mail Delivery Subsystem, Subject: Returned mail: see transcript for details.
Email message:

The original message was received at Tue, 3 May 2016 03:28:09 -0600 from root@localhost

   ----- The following addresses had permanent fatal errors ----- <myEmail>@<mydomain>.com
    (reason: 550 5.1.1 <<myEmail>@mx.<mydomain>.com>: Recipient address rejected: User unknown in local recipient table)
    (expanded from: <myEmail>@<mydomain>.com)

   ----- Transcript of session follows ----- ... while talking to [127.0.0.1]:
>>> DATA
<<< 550 5.1.1 <<myEmail>@mx.<mydomain>.com>: Recipient address rejected: User unknown in local recipient table
550 5.1.1 <myEmail>@<mydomain>.com... User unknown <<< 554 5.5.1 Error: no valid recipients



With 2 attachments
1).  details.txt:

Reporting-MTA: dns; mx.<mydomain>.com
Arrival-Date: Tue, 3 May 2016 03:28:09 -0600

Final-Recipient: RFC822; <myEmail>@<mydomain>.com
X-Actual-Recipient: RFC822; <myEmail>@mx.<mydomain>.com
Action: failed
Status: 5.1.1
Remote-MTA: DNS; [127.0.0.1]
Diagnostic-Code: SMTP; 550 5.1.1 <<myEmail>@mx.<mydomain>.com>: Recipient address rejected: User unknown in local recipient table
Last-Attempt-Date: Tue, 3 May 2016 03:28:54 -0600



and 2) Logwatch from mx.<mydomain>.com (linux) (47.6KM (192 KB)

################### Logwatch 7.3.6 (05/19/07) ####################
        Processing Initiated: Tue May  3 03:28:09 2016
        Date Range Processed: yesterday
                              ( 2016-May-02 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: mx.<mydomain>.com
  ##################################################################

--------------------- Amavisd-new Begin ------------------------

**Unmatched Entries**
< 164 lines of these emails:
        1   (01776-01) Passed CLEAN {RelayedInternal}, MYUSERS LOCAL ... (IP Addresses and email addresses)
        1   (11728-02) Passed CLEAN {RelayedInternal}, MYUSERS LOCAL ...
        1   (13667-15) Passed SPAM {RelayedTaggedInternal,Quarantined}, MYUSERS LOCAL [89.163.129.66]:58738 [89.163.129.66] <Eduardo_High@sidreois.com> -> <<myEmail>@<mydomain>.com>, quarantine: GPmabJVsSOMA, Queue-ID: BB23B12013F, Message-ID: <537619097.7108679432312269964@hundr.sidreois.com>, mail_id: GPmabJVsSOMA, Hits: 10.17, size: 20740, queued_as: 1F65912104F, 15122 ms
        1   No ext program for   .lzma, tried: lzmadec, xz -dc --format=lzma, lzma -dc, unlzma -c, lzcat, lzmadec
        1   (11728-05) Passed SPAM {RelayedTaggedInternal,Quarantined},
        1   (24179-14) Passed CLEAN {RelayedInternal}, MYUSERS LOCAL ...
        1   (01779-09) Passed CLEAN {RelayedInternal}, MYUSERS LOCAL ...
...       
        1   (24179-17) Passed SPAM {RelayedTaggedInternal,Quarantined}, MYUSERS LOCAL ...
        1   No ext program for   .xz, tried: xzdec, xz -dc, unxz -c, xzcat
        1   (24179-08) Passed CLEAN {RelayedInternal}, MYUSERS LOCAL ...

---------------------- Amavisd-new End -------------------------


--------------------- Selinux Audit Begin ------------------------


  Number of audit daemon stops: 1

---------------------- Selinux Audit End -------------------------


--------------------- clam-update Begin ------------------------


Last ClamAV update process started at Mon May  2 04:33:47 2016

Last Status:
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.98.7 Recommended version: 0.99.1
    DON'T PANIC! Read http://www.clamav.net/support/faq
    main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
    Downloading daily-21512.cdiff [100%]
    daily.cld updated (version: 21512, sigs: 89716, f-level: 63, builder: neo)
    bytecode.cld is up to date (version: 277, sigs: 47, f-level: 63, builder: neo)
    Database updated (4308553 signatures) from db.us.clamav.net (IP: 155.98.64.87)

---------------------- clam-update End -------------------------


--------------------- Clamav Begin ------------------------


**Unmatched Entries**
Not loading PUA signatures.
Only loading official signatures.
Bytecode: Security mode set to "TrustSigned".
LOCAL: Removing stale socket file /tmp/clamd.socket
LOCAL: Unix socket file /tmp/clamd.socket
LOCAL: Setting connection queue length to 30
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 16.
Limits: Files limit set to 10000.
Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Limits: MaxScriptNormalize limit set to 5242880 bytes.
Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Limits: MaxPartitions limit set to 50.
Limits: MaxIconsPE limit set to 100.

---------------------- Clamav End -------------------------


--------------------- Cron Begin ------------------------


**Unmatched Entries**
INFO (Shutting down)
INFO (RANDOM_DELAY will be scaled with factor 62% if used.)
bad username (/etc/crontab)

---------------------- Cron End -------------------------


--------------------- httpd Begin ------------------------


Connection attempts using mod_proxy:
    60.161.145.243 -> search.yahoo.com:443: 1 Time(s)

Requests with error response codes
    401 Unauthorized
       /Microsoft-Server-ActiveSync: 1 Time(s)
       /Microsoft-Server-ActiveSync?User=<myEmail>e%20K ... ype=WindowsMail: 1 Time(s)
    404 Not Found
       /info.php: 1 Time(s)
       /phpinfo.php: 1 Time(s)
    405 Method Not Allowed
       search.yahoo.com:443: 1 Time(s)
    502 Bad Gateway
       /Microsoft-Server-ActiveSync?Cmd=MoveItems ... indowsOutlook15: 7513 Time(s)

---------------------- httpd End -------------------------


--------------------- Postfix Begin ------------------------

      258   *Warning: Database file needs update
       38   *Warning: Pre-queue content-filter connection overload
      122   Miscellaneous warnings

   17.444M  Bytes accepted                        18,291,050
   17.508M  Bytes delivered                       18,357,947
========   ================================================

      309   Accepted                                  92.51%
       25   Rejected                                   7.49%
--------   ------------------------------------------------
      334   Total                                    100.00%
========   ================================================

       21   Reject HELO/EHLO                          84.00%
        4   Reject unknown user                       16.00%
--------   ------------------------------------------------
       25   Total Rejects                            100.00%
========   ================================================

        1   4xx Reject relay denied                    0.18%
      542   4xx Reject recipient address              98.19%
        9   4xx Reject sender address                  1.63%
--------   ------------------------------------------------
      552   Total 4xx Rejects                        100.00%
========   ================================================

      882   Connections made     
        5   Connections lost     
      882   Disconnections       
      309   Removed from queue   
      136   Delivered             
      185   Sent via SMTP         
        5   Forwarded             
        2   Deferred             
        2   Deferrals             
        1   Bounce (remote)       
        1   DSNs undeliverable   

        5   Connection failure (outbound)
        5   Timeout (inbound)     
        2   Illegal address syntax in SMTP command
        2   Hostname validation error

        1   Postfix start         
        1   Postfix stop         



**Unmatched Entries**
        1   May  2 13:40:05 mx postfix/postfix-script[1679]: warning: /var/spool/postfix/etc/hosts and /etc/hosts differ

---------------------- Postfix End -------------------------


--------------------- Connections (secure-log) Begin ------------------------


Root logins on tty's: 1 Time(s).

---------------------- Connections (secure-log) End -------------------------


--------------------- sendmail Begin (detail=3) ------------------------



STATISTICS
----------

Messages To Recipients:  5
Addressed Recipients:    5
Bytes Transferred:       47253
Messages No Valid Rcpts: 0

SMTP SESSION, MESSAGE, OR RECIPIENT ERRORS
------------------------------------------

Mail Rejected:
    Total:  1

Total SMTP Session, Message, and Recipient Errors handled by Sendmail:  1

---------------------- sendmail End -------------------------


--------------------- SSHD Begin ------------------------


SSHD Killed: 1 Time(s)

SSHD Started: 2 Time(s)

---------------------- SSHD End -------------------------


--------------------- Disk Space Begin ------------------------

Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_mx-lv_root
                        50G  6.9G   40G  15% /
/dev/sda1             477M  143M  310M  32% /boot
/dev/mapper/vg_mx-lv_home
                       1.4T  2.4G  1.4T   1% /home


---------------------- Disk Space End -------------------------


###################### Logwatch End #########################






This is the header of the returned email:
Return-Path: <root>
Received: (from root@localhost)
    by mx.<mydomain>.com (8.14.4/8.14.4/Submit) id u439S9Pv022847;
    Tue, 3 May 2016 03:28:09 -0600
Date: Tue, 3 May 2016 03:28:09 -0600
Message-Id: <201605030928.u439S9Pv022847@mx.<mydomain>.com>
To: <myEmail>@<mydomain>.com
From: logwatch
Subject: Logwatch for mx.<mydomain>.com (Linux)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"


Thank you again for your help!

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Added Let's Encrypt all works, but sendmail from mx server is rejected

Are you running 'sendmail' daemon/service or just run the command used to send email?

5 Reply by daavek

  • daavek
  • Member
  • Offline
  • Registered: 2015-12-10
  • Posts: 11

Re: Added Let's Encrypt all works, but sendmail from mx server is rejected

It doesn't look like sendmail daemon is running.  I installed iRedMail on a new server about a year ago, April 2015.  It should be a fairly generic installation.

[root@mx ~]# ps -ef | grep sendmail
root     26357 25670  0 09:10 pts/0    00:00:00 grep sendmail
[root@mx ~]#

6 Reply by daavek

  • daavek
  • Member
  • Offline
  • Registered: 2015-12-10
  • Posts: 11

Re: Added Let's Encrypt all works, but sendmail from mx server is rejected

I just realized that some cron emails come through without getting returned. 

backup_mysql.sh gets sent daily without error.
From: Cron Daemon <root@mx.<mydomain>.com>
Subject:  Cron <root@mx> /bin/bash /home/vmail/backup/backup_mysql.sh
Email header:

Return-Path: <root@mx.<mydomain>.com>
Delivered-To: <myEmail>@<mydomain>.com
Received: by mx.<mydomain>.com (Postfix)
    id 9B692120FDD; Tue,  3 May 2016 03:30:21 -0600 (MDT)
Delivered-To: root@mx.<mydomain>.com
Received: from localhost (localhost [127.0.0.1])
    by mx.<mydomain>.com (Postfix) with ESMTP id 7B485120FDA
    for <root@mx.<mydomain>.com>; Tue,  3 May 2016 03:30:21 -0600 (MDT)
X-Virus-Scanned: amavisd-new at mx.<mydomain>.com
X-Spam-Flag: NO
X-Spam-Score: -2.899
X-Spam-Level:
X-Spam-Status: No, score=-2.899 tagged_above=-999 required=6.2
    tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, TVD_SPACE_RATIO=0.001]
    autolearn=ham
Received: from mx.<mydomain>.com ([127.0.0.1])
    by localhost (mx.<mydomain>.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id 564uDs4r1Hw8 for <root@mx.<mydomain>.com>;
    Tue,  3 May 2016 03:30:06 -0600 (MDT)
Received: from mx.<mydomain>.com (localhost [127.0.0.1])
    by mx.<mydomain>.com (Postfix) with ESMTPS id 4066E120134
    for <root@mx.<mydomain>.com>; Tue,  3 May 2016 03:30:06 -0600 (MDT)
Received: (from root@localhost)
    by mx.<mydomain>.com (8.14.4/8.14.4/Submit) id u439U5En023566;
    Tue, 3 May 2016 03:30:05 -0600
Date: Tue, 3 May 2016 03:30:05 -0600
Message-Id: <201605030930.u439U5En023566@mx.<mydomain>.com>
From: root@mx.<mydomain>.com (Cron Daemon)
To: root@mx.<mydomain>.com
Subject: Cron <root@mx> /bin/bash /home/vmail/backup/backup_mysql.sh
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <LANG=en_US.UTF-8>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>

Body:
==> Backup completed successfully.
==> Detailed log (/var/vmail/backup/mysql/2016/05/03/2016-05-03-03:30:01.log):
=========================
* Starting backup: 2016-05-03-03:30:01.
* Backup directory: /var/vmail/backup/mysql/2016/05/03.
* Backing up databases: mysql vmail roundcubemail policyd amavisd iredadmin sogo cluebringer iredapd.
* File size:
----
1.4M    amavisd-2016-05-03-03:30:01.sql.bz2
44K    cluebringer-2016-05-03-03:30:01.sql.bz2
72K    iredadmin-2016-05-03-03:30:01.sql.bz2
76K    iredapd-2016-05-03-03:30:01.sql.bz2
100K    mysql-2016-05-03-03:30:01.sql.bz2
52K    roundcubemail-2016-05-03-03:30:01.sql.bz2
924K    sogo-2016-05-03-03:30:01.sql.bz2
8.0K    vmail-2016-05-03-03:30:01.sql.bz2
----
* Backup completed (Success? YES).
* Delete old backup: /var/vmail/backup/mysql/2016/02/03.



So, it appears my main problem is with logwatch (I really don't used sendmail except to test.


[root@mx ~]# cd /etc/logwatch
[root@mx logwatch]# ll
total 8
drwxr-xr-x. 4 root root 4096 Apr 17 09:25 conf
drwxr-xr-x. 3 root root 4096 Apr  9  2015 scripts
[root@mx logwatch]# ll scripts/
total 4
drwxr-xr-x. 2 root root 4096 Sep 10  2013 services
[root@mx logwatch]# ll scripts/services/
total 0
[root@mx logwatch]# cd conf/
[root@mx conf]# ll
total 20
-rw-r--r--. 1 root root   81 Sep 10  2013 ignore.conf
drwxr-xr-x. 2 root root 4096 Sep 10  2013 logfiles
-rw-r--r--  1 root root  137 Apr  3 10:11 logwatch.conf
-rw-r--r--. 1 root root   77 Sep 10  2013 override.conf
drwxr-xr-x. 2 root root 4096 Sep 10  2013 services
[root@mx conf]# more override.conf
# Configuration overrides for specific logfiles/services may be placed here.
[root@mx conf]# more logwatch.conf
# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)
MailTo = <myEmail>@<mydomain>.com
[root@mx conf]# ll logfiles/
total 0
[root@mx conf]# ll services/
total 0
[root@mx conf]# cd /etc/cron.daily/
[root@mx cron.daily]# ll
total 32
-rwxr-xr-x. 1 root root 265 Sep 10  2013 0logwatch
-rwxr-xr-x  1 root root  40 Mar 20  2013 amavisd
-rwxr-xr-x  1 root root 439 Jul  8  2015 backup.sh
-rwxr-xr-x  1 root root 396 Nov 12 12:40 freshclam
-rwxr-xr-x  1 root root 362 Apr  1 11:59 letsencrypt.cron
-rwx------  1 root root 180 Jul  9  2003 logrotate
-rwxr-xr-x  1 root root 231 Apr  5 11:58 sogo-tmpwatch
-rwxr-xr-x  1 root root 416 Oct 14  2015 tmpwatch
[root@mx cron.daily]# more 0logwatch
#!/bin/bash

DailyReport=`grep -e "^[[:space:]]*DailyReport[[:space:]]*=[[:space:]]*" /usr/share/logwatch/default.conf/logwatch.conf | head -n1 | sed -e "s|^\s*DailyReport\s*=\s*||"`

if [ "$DailyReport" != "No" ] && [ "$DailyReport" != "no" ]
then
    logwatch
fi
[root@mx cron.daily]# more /usr/share/logwatch/default.conf/logwatch.conf
########################################################
# This was written and is maintained by:
#    Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
#    etc, to kirk@kaybee.org.
#
########################################################

# NOTE:
#   All these options are the defaults if you run logwatch with no
#   command-line arguments.  You can override all of these on the
#   command-line.

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of <name> = <value>.  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the = sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

# Default Log Directory
# All log-files are assumed to be given relative to this directory.
LogDir = /var/log

# You can override the default temp directory (/tmp) here
TmpDir = /var/cache/logwatch

# Default person to mail reports to.  Can be a local account or a
# complete email address.  Variable Print should be set to No to
# enable mail feature.
MailTo = <myEmail>@<mydomain>.com
# WHen using option --multiemail, it is possible to specify a different
# email recipient per host processed.  For example, to send the report
# for hostname host1 to user@example.com, use:
#Mailto_host1 = user@example.com
# Multiple recipients can be specified by separating them with a space.

# Default person to mail reports from.  Can be a local account or a
# complete email address.
MailFrom = Logwatch

# If set to 'Yes', the report will be sent to stdout instead of being
# mailed to above person.
Print =

# if set, the results will be saved in <filename> instead of mailed
# or displayed.
#Save = /tmp/logwatch

# Use archives?  If set to 'Yes', the archives of logfiles
# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
# be searched in addition to the /var/log/messages file.
# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'... it is probably best used with
# By default this is now set to Yes. To turn off Archives uncomment this.
#Archives = No
# Range = All

# The default time range for the report...
# The current choices are All, Today, Yesterday
Range = yesterday

# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = Low


# The 'Service' option expects either the name of a filter
# (in /usr/share/logwatch/scripts/services/*) or 'All'.
# The default service(s) to report on.  This should be left as All for
# most people. 
Service = All
# You can also disable certain services (when specifying all)
Service = "-zz-network"     # Prevents execution of zz-network service, which
                            # prints useful network configuration info.
Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                            # prints useful system configuration info.
Service = "-eximstats"      # Prevents execution of eximstats service, which
                            # is a wrapper for the eximstats program.
# If you only cared about FTP messages, you could use these 2 lines
# instead of the above:
#Service = ftpd-messages   # Processes ftpd messages in /var/log/messages
#Service = ftpd-xferlog    # Processes ftpd messages in /var/log/xferlog
# Maybe you only wanted reports on PAM messages, then you would use:
#Service = pam_pwdb        # PAM_pwdb messages - usually quite a bit
#Service = pam             # General PAM messages... usually not many

# You can also choose to use the 'LogFile' option.  This will cause
# logwatch to only analyze that one logfile.. for example:
#LogFile = messages
# will process /var/log/messages.  This will run all the filters that
# process that logfile.  This option is probably not too useful to
# most people.  Setting 'Service' to 'All' above analyizes all LogFiles
# anyways...

#
# By default we assume that all Unix systems have sendmail or a sendmail-like system.
# The mailer code Prints a header with To: From: and Subject:.
# At this point you can change the mailer to any thing else that can handle that output
# stream. TODO test variables in the mailer string to see if the To/From/Subject can be set
# From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt
mailer = "sendmail -t"

#
# With this option set to 'Yes', only log entries for this particular host
# (as returned by 'hostname' command) will be processed.  The hostname
# can also be overridden on the commandline (with --hostname option).  This
# can allow a log host to process only its own logs, or Logwatch can be
# run once per host included in the logfiles.
#
# The default is to report on all log entries, regardless of its source host.
# Note that some logfiles do not include host information and will not be
# influenced by this setting.
#
#HostLimit = Yes

# By default the cron daemon generates daily logwatch report
# if you want to switch it off uncomment DailyReport tag.
# The implicit value is Yes
#
# DailyReport = No

# vi: shiftwidth=3 tabstop=3 et
[root@mx cron.daily]#


Also, backup.sh gets sent properly.


[root@mx cron.daily]# ll
total 32
-rwxr-xr-x. 1 root root 265 Sep 10  2013 0logwatch
-rwxr-xr-x  1 root root  40 Mar 20  2013 amavisd
-rwxr-xr-x  1 root root 439 Jul  8  2015 backup.sh
-rwxr-xr-x  1 root root 396 Nov 12 12:40 freshclam
-rwxr-xr-x  1 root root 362 Apr  1 11:59 letsencrypt.cron
-rwx------  1 root root 180 Jul  9  2003 logrotate
-rwxr-xr-x  1 root root 231 Apr  5 11:58 sogo-tmpwatch
-rwxr-xr-x  1 root root 416 Oct 14  2015 tmpwatch
[root@mx cron.daily]# more backup.sh
#!/bin/sh

echo `date +"%T"`

/bin/rm -rf /backup/
/bin/mkdir /backup
/bin/mkdir /backup/email

echo "backup - removed and created /backup"
/bin/cp /etc/cron.daily/backup.sh /backup/

echo "calling /usr/sbin/backup.sh"
/usr/sbin/bkup.sh

echo "copying /backup to backupdaily.dev.<mydomain>.com"
/usr/bin/rsync -avz -e  "ssh -o StrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null" /backup/ 192.168.1.225:/home/backup/`hostname`/`date +%a`/


[root@mx cron.daily]# cd ..
[root@mx etc]# more crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=<myEmail>@<mydomain>.com
HOME=/

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed

0  0  *  *  * /sbin/shutdown -r now
[root@mx etc]# crontab -l
# iRedMail: Backup MySQL databases on 03:30 AM
30   3   *   *   *   /bin/bash /home/vmail/backup/backup_mysql.sh

# iRedMail: Cleanup Cluebringer database
#1   3   *   *   *   /usr/sbin/cbpadmin --config=/etc/policyd/cluebringer.conf --cleanup >/dev/null

# iRedMail: Cleanup Amavisd database
1   2   *   *   *   python /var/www/iredadmin/tools/cleanup_amavisd_db.py >/dev/null

# iRedMail: update Awstats statistics for web
1   */1   *   *   *   perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=web -update >/dev/null

# iRedMail: update Awstats statistics for smtp
1   */1   *   *   *   perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=smtp -update >/dev/null

# DKK: Backup daily at 04:30 AM
30   4   *   *   *   /bin/bash /etc/cron.daily/backup.sh

# iRedAPD: Clean up expired tracking records hourly.
1   *   *   *   *   /usr/bin/python /opt/iredapd/tools/cleanup_db.py &>/dev/null
# iRedAPD: Convert specified SPF DNS record of specified domain names to IP
#          addresses/networks every 10 minutes.
*/10   *   *   *   *   /usr/bin/python /opt/iredapd/tools/spf_to_greylist_whitelists.py &>/dev/null

# Cleanup Roundcube SQL database.
2   2   *   *   *   php /var/www/roundcubemail/bin/cleandb.sh >/dev/null
# iRedAPD: Convert specified SPF DNS record of specified domain names to IP
#          addresses/networks every 10 minutes.
*/10   *   *   *   *   /usr/bin/python /opt/iredapd/tools/spf_to_greylist_whitelists.py &>/dev/null
# iRedAdmin: Clean up sql database.
1   *   *   *   *    /var/www/iredadmin/tools/cleanup_db.py &>/dev/null
[root@mx etc]#

7 Reply by dsp3

  • dsp3
  • Member
  • Offline
  • Registered: 2015-12-23
  • Posts: 104

Re: Added Let's Encrypt all works, but sendmail from mx server is rejected

I think your installation of SSL certs and problems with logwatch are coincidence. If you switch back to previous SSL certs, does the problem resolve itself?

8 Reply by daavek

  • daavek
  • Member
  • Offline
  • Registered: 2015-12-10
  • Posts: 11

Re: Added Let's Encrypt all works, but sendmail from mx server is rejected

Ok, it started occurring the second morning after I installed the new certs (I don't remember if I rebooted the server that day or not).  Unfortunately the old certs expired, so I don't think I can switch back. 

Thanks - I will keep messing around, and let you know if I figure something out.

9 Reply by daavek

  • daavek
  • Member
  • Offline
  • Registered: 2015-12-10
  • Posts: 11

Re: Added Let's Encrypt all works, but sendmail from mx server is rejected

I was able to fix it.  Since other cron jobs were sending mail properly, I removed the mailto line in /etc/logwatch/conf/logwatch.conf,
and
/usr/share/logwatch/default.conf/logwatch.conf
changed the line to MailTo = root

It now sends emails to my account