Help Needed. Server has had problems since day 1

An interactive terminal is the local console or an ssh client, like PuTTY on Windows or ssh on Linux or Mac OS X.

It has nothing to do with Virtualmin. The ssh server is a standard part of any server, and you’ll want to have an ssh client handy if you are the administrator of a server. There are many wonderful things you can do with Webmin and Virtualmin (including looking at logs, searching logs, etc.), but when things get tough, nothing beats hitting the command line.

A 40MB maillog is fine. Mail is a very busy protocol on a world-facing server…there’s a lot going on in a mail system. Ours here at Virtualmin.com is 76MB right now, and it’s still got more than two days before it’s rotated again.

Hi

Thanx for the quick reply.

I have ssh acces and I think I have already installed PuTTY
on my latop.

I downlosded the mailog file, but most amkes no sense to me yet.

Will take another look once I have tried to get mail from the server again and then see what shows up in the mailog.

Thanx

It would never cross my mind to download the maillog.

I look at it while it’s on the server…which is why you want a terminal, and tools like tail.

Sounds like using the Webmin System->System Logs is more your speed for the time being, until you get the hang of using a terminal like PuTTY. You can use the System Logs module to see the last X number of lines of any log managed by syslog (you can also add other logs to look at, but mailllog is already in there).

Hi

I just like to have a copy on the PC to look at, not always near an internet link so allows me to go through it in my own time.

Just viewed the log with putty.

I tried to send an email just before checking.

this is the last few lines in the log.

Apr 10 02:59:41 centos_pristine postfix/smtpd[6610]: fatal: parameter "smtpd_recipient_restrictions": specify at least one wor
king instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

Apr 10 02:59:42 centos_pristine postfix/master[6368]: warning: process /usr/libexec/postfix/smtpd pid 6610 exit status 1

Apr 10 02:59:42 centos_pristine postfix/master[6368]: warning: /usr/libexec/postfix/smtpd: bad command startup – throttling

Apr 10 03:00:48 centos_pristine postfix/smtpd[6627]: fatal: parameter "smtpd_recipient_restrictions": specify at least one wor
king instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

Apr 10 03:00:49 centos_pristine postfix/master[6368]: warning: process /usr/libexec/postfix/smtpd pid 6627 exit status 1

Apr 10 03:00:49 centos_pristine postfix/master[6368]: warning: /usr/libexec/postfix/smtpd: bad command startup – throttling

Apr 10 03:01:49 centos_pristine postfix/smtpd[6653]: fatal: parameter "smtpd_recipient_restrictions": specify at least one wor
king instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

Apr 10 03:01:50 centos_pristine postfix/master[6368]: warning: process /usr/libexec/postfix/smtpd pid 6653 exit status 1

Apr 10 03:01:50 centos_pristine postfix/master[6368]: warning: /usr/libexec/postfix/smtpd: bad command startup – throttling

Apr 10 03:02:50 centos_pristine postfix/smtpd[7198]: fatal: parameter "smtpd_recipient_restrictions": specify at least one wor
king instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

Its seems to be a reap of the same few things.

Any suggestions

There’s your problem. Postfix refuses to operate in an obviously insecure configuration. You configuration would be a completely open relay.

smtpd_recipient_restrictions, as the error states, must end in one of those options. Here’s what it generally looks like on a freshly installed Virtualmin system:

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

Thanx will try fix it.

Okay sort of got it working,
it now atleast forwards some of the mail and allows some user to download.

I guess its a start.

will keep at it.

What doesd this mean

I just got this, looks like someone is tring to use my server.

The user names are not mine and if you notice they seem to be in an order,

any ideas

They are still at it
how do I ban/block their IP address:

71.245.156.5

That usually means there’s some sort of error with the Postfix setup, perhaps a bad config file, and that’s Postfix’s way of complaining

I’d try restarting Postfix, and looking at the mail log immediately afterwards, you should see the actual error in there somewhere.

Regarding the login attempts above – I don’t know that I’d worry too much. There are bots roaming all around the Internet now, just trying a random usernames and passwords. Looking in my auth log, it looks like my server had 251 attempts to login by guessing passwords over the last 2 days.

Sure, you can block this one IP, but there’s bazillion more that will be trying, it’s just not possible to keep up with it… the key is proactive security – making sure you and your users have decent passwords, that your system is up to date, and that web apps are kept up to date as well.

If it really bothers you though, you can add a firewall rule to block that host (in Webmin -> Networking -> Linux Firewall), or perhaps simpler, you could add it to the "TCP Wrappers" Denied Hosts file (in Webmin -> Networking -> TCP Wrappers, or /etc/hosts.deny).
-Eric

Hi

I just update bind and dovecot on the system.

Now I get this error when trying to start bind.

> named-checkconf /etc/named.conf
/etc/named.conf:97: unknown option ‘zone’
/etc/named.conf:145: unexpected token near end of file

Have taken a look at lines 97 and 147 in named.conf and dont see any differnece to others.

Sorry meant

Have taken a look at lines 97 and 145 in named.conf and dont see any differnece to others.

Can you paste in those lines? Also include 2 lines above and below the line where you’re getting the error.
-Eric

I took the whole zone out from line 97 to the next one,
still gives 97 as an error and 145 becomes 138, guess I deleted 7 lines.

I have put it back as it was now.

Well I have got bind back up.

I just made a copy of the file contents in notepad++.

Then made a spare copy to work with and everytime it moaned about a line I removed it.

Now to put the domains I removed back and see if it still all works.

Wish me luck…

No big deal. Someone is trying to figure out how to use your mail server for spam. They’re failing. We get thousands of these every day.

As long as you use strong passwords, you’ll be fine.

Okay well I have put all the zones I removed back now and it still restarts.

I now have 148 line(had 145 before), but I have added a few blank lines between zones to make it easier to read and system seems happy with it.

Now to go see if the email problem is still there which is what I was trying to fix beforte the bind update cause that to stop working.

Regards
Shane

This is an interesting instinct. I’m pretty sure it’s a bad instinct.

So, I’m beginning to think this particular instinct is where a lot of your problems are coming from…you’ve got a lot of broken configuration files (BIND, Postfix, maybe others?). Where did they come from? Virtualmin doesn’t generate broken config files (at least not very often, and when it does we fix the bug that caused it)…so something else is breaking your config files. Randomly removing lines from them without having any idea what they’re for or where they came from would be one way to go about breaking those config files.

Virtualmin can regenerate zone files under its control; just disable DNS for that domain, and then re-enable it. This will delete the zone and then recreate it from the appropriate Server Template.

well so far so good the 3 user I have tested all working fine.

Fixing bind or the updating of dovecot must of done the trick