Hi I need to build a front end a mail server and my experience is limited to Dovecot, which I believe doesn't have support for storing mails in databases. So just thinking how users will be interested in filtering mails for words or sorting mails based on time sent / received, sender, subject, etc it's probably easier to do this via SQL provided the mails are stored in database. So the question is has anyone setup Dovecot with say Oracle? And if there are other mail servers that has support for databases?
When I restart or start my BIND DNS server, I'm getting the following in the /var/log/messages log file.
Jan 26 07:50:30 dev named[306]: could not create /jail/bind-9.9.4-P2/var/run/named/session.key
Jan 26 07:50:30 dev named[306]: failed to generate session key for dynamic DNS: permission denied
Any idea why this is the case? I searched around and it appears to be related to the "key-directory" setting in the named.conf file. However even if I set this to a writeable directory I'm still seeing this error. Any ideas?
Referencing CentOS / RedHat guide on BIND here, it says the following...
Because /etc/named.conf is world-readable, it is advisable to place the key statement in a separate file, readable only by root, and then use an include statement to reference it.
And also the following...
Make sure that only the root user can read or write to the /etc/rndc.conf file.
Now when I do that with the following commands ...
chown root:root /etc/rndc.key
chmod 600 /etc/rndc.key
chown root:root /etc/rndc.conf
chmod 600 /etc/rndc.conf
I'm unable to start BIND because it'd complain in the /var/log/messages file the following...
loading configuration from '/etc/named.conf'
/etc/named.conf:1: open: /etc/rndc.key: permission denied
To rectify, I am now doing the following and BIND is able to start...
chown root:named /etc/rndc.key
chmod 640 /etc/rndc.key
chown root:named /etc/rndc.conf
chmod 640 /etc/rndc.conf
Now is that an error in the manual?
Given the following my BIND 9 is not able to start.
acl ns2 { 192.168.10.50; };
zone "10.168.192.in-addr.arpa" IN {
also-notify { ns2 port 53; };
type master;
file "192.168.10.db";
};
It's writing the following to the /var/log/messages file.
[root@dev bind]# tail /var/log/messages
Jan 25 18:41:05 dev named[22863]: found 4 CPUs, using 4 worker threads
Jan 25 18:41:05 dev named[22863]: using 4 UDP listeners per interface
Jan 25 18:41:05 dev named[22863]: using up to 4096 sockets
Jan 25 18:41:05 dev named[22863]: loading configuration from '/etc/named.conf'
Jan 25 18:41:05 dev named[22863]: /etc/named.conf:18: missing ';' before 'port'
Jan 25 18:41:05 dev named[22863]: /etc/named.conf:18: missing ';' before '53'
Jan 25 18:41:05 dev named[22863]: /etc/named.conf:23: missing ';' before 'port'
Jan 25 18:41:05 dev named[22863]: /etc/named.conf:23: missing ';' before '53'
Jan 25 18:41:05 dev named[22863]: loading configuration: failure
Jan 25 18:41:05 dev named[22863]: exiting (due to fatal error)
This is strange because per their guide here, the correct statement syntax is
[ also-notify { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
just realized after installing bind-9.9.4-P2, there is a ./etc/bind.keys file already installed. I have looked at their explanation here but have no clue what this is for still.
Can someone please let me know if I need to secure this key also by making it only readable by root, similar to how I'd do the same for the rndc.conf file?
I'm new to this PGP thing. Here are my questions:
Verification
When I do this, I'm given the message "This key is not certified with a trusted signature". Is there anyway to make it trusted and better yet what's the proper way for doing so?
[root@dev /]# gpg --verify bind-9.9.4-P2.tar.gz.sha512.asc bind-9.9.4-P2.copiedlink.tar.gz
gpg: Signature made Fri 03 Jan 2014 01:58:50 PM PST using RSA key ID 189CDBC5
gpg: Good signature from "Internet Systems Consortium, Inc. (Signing key, 2013) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2B48 A38A E1CF 9886 435F 89EE 45AC 7857 189C DBC5
Managing Key
I downloaded and saved a public key as isc.public.key, and imported it using the following command:
gpg –import isc.public.key
I'm sure there is an expiration date on it so how do I do the following:
- Find out when it expires? In fact does GPG tells me when the key I've imported has already expired when I do a "gpg --verify"?
- Update the key. Do I have to delete the key and re-import when this happens?
Thanks!
Hi if you have a handful of servers around each with LogWatch installed and generating a daily summary mail for you, how do you retrieve these mails?
At the moment I only have Dovecot installed on one of the boxes, from which I can download via Outlook the daily LogWatch mail. However, I'm not doing the same for the rest of my servers.
Am interested in how the rest of you manage this. I'm also setting up a mail server using Zimbra. Is there a way for all these servers to forward these mails to one single account? What do I need to setup or install? Thanks.
Hi have some questions for Zimbra v8.0.6GA. Under Configure -> MTA -> Network, I'm seeing a few settings and am not very clear what to do with them.
Web mail MTA Host name
Is this for delivering local mail only (ie not for external mails)? According to this link, it says the following. That's a mouthful but what is "composed messages"? Is this for a multi server deployment where the Postfix server for Zimbra isn't installed on the same box that as the rest of the servers?
Webmail MTA is used by the Zimbra server for composed messages and must be the location of the Postfix server in the Zimbra MTA.
Relay MTA for external delivery
My understanding after reading the doc is that if my ISP doesn't force me to relay outgoing mails through them, and I have enabled DNS lookup, I can leave this blank?
Inbound SMTP host name
Sorry I know this is explained as "If your MX records point to a spam-relay or any other external non-Zimbra server, enter the name of that server in the Inbound SMTP host name field." but I'm not following. Can someone provide an example?
MTA Trusted Networks
The admin doc says "To set up MTA trusted networks on a per server basis, make sure that MTA trusted networks have been set up as global settings and then go the Configure > Servers > MTA page and in the MTA Trusted Networks field enter the trusted network addresses for the server." However I see out of the box it has default networks setup for the server whereas on a global level it's blank. Does this mean there is a bug with the install software and I have to copy the setting from the server to the global setting?
Hi guys I have a very strange issue happening on one of my boxes. If someone can advise what I can check please let me know. Thanks.
Here's the layout.
Box 1 & Box 2 <> Firewall <> Internet
Now the interesting thing is with Box 1, I'm able to run the "yum" utility to download and check packages online but with Box 2, I'm getting a time out.
Looking into this further, I have ruled out this to be an issue with the Firewall as I'm able to see the connection request made by both Box 1 & Box 2 through the firewall by yum. I have further ruled this out to be an issue with the OS firewall as they both have the same setting and both have http permissioned.
Running a test from Box 2, I am getting the following. The last command is stucked. The same test on Box 1 results with a response.
[root@uat webalizer]# telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to google-public-dns-a.google.com (8.8.8.8).
Escape character is '^]'.
Connection closed by foreign host.
[root@uat webalizer]#
[root@uat webalizer]# ping www.yahoo.com
PING ds-any-fp3-real.wa1.b.yahoo.com (98.138.252.30) 56(84) bytes of data.
64 bytes from ir2.fp.vip.ne1.yahoo.com (98.138.252.30): icmp_seq=1 ttl=53 time=100 ms
--- ds-any-fp3-real.wa1.b.yahoo.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 100.251/100.251/100.251/0.000 ms
[root@uat webalizer]#
[root@uat webalizer]# telnet www.yahoo.com 80
Trying 206.190.36.45...
telnet: connect to address 206.190.36.45: Connection timed out
Trying 206.190.36.105...
telnet: connect to address 206.190.36.105: Connection timed out
Trying 98.138.252.30...
Now the thing I'm trying to do is to use yum. But from the following it looks like it's timing out.
[root@uat webalizer]# yum info bzip2-libs
http://vault.centos.org/5.5/addons/x86_64/repodata/repomd.xml: [Errno 12] Timeout: <urlopen error timed out>
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: addons. Please verify its path and try again
If I try to download the xml on Box 2, it fails. Trying to do the same on Box 1 was okay however.
[root@uat webalizer]# wget http://vault.centos.org/5.5/addons/x86_64/repodata/repomd.xml
--2013-12-20 05:54:09-- http://vault.centos.org/5.5/addons/x86_64/repodata/repomd.xml
Resolving vault.centos.org... 216.151.172.58
Connecting to vault.centos.org|216.151.172.58|:80...
can we do the following on *NIX.
Create following folder structure.
/<parent folder>/<child folder 1> /<parent folder>/<child folder 2> /<parent folder>/<child folder 3> /<parent folder>/<child folder 4> where <parent folder> is owned by master user, and .... <child folder 1> is owned by user 1, <child folder 2> is owned by user 2, <child folder 3> is owned by user 3, <child folder 4> is owned by user 4.Processes' binaries saved under the child folders are started by the respective child folder owners.
/<parent folder>/<child folder 2>/<process binary> is started by user 2. Say the process started has a PID of 3897.Both the individual users and the master user can kill the child processes.
kill 3897 can be done by either master user or user 2, but not user 1, user 3, and user 4.
Thought one of the issues I'm experiencing with the following question is due to MTU rightfully so.
ESXi 5 VM Putty session hangs, vSphere client timing out
However, when I tried testing the maximum MTU size it seems there's just no limit. Thought Ethernet only allows maximum MTU. But I'm up to 54450.
ping -l 54450 192.168.10.7
Pinging 192.168.50.7 with 54450 bytes of data:
Reply from 192.168.10.7: bytes=54450 time=1081ms TTL=62
Reply from 192.168.10.7: bytes=54450 time=1079ms TTL=62
Reply from 192.168.10.7: bytes=54450 time=1079ms TTL=62
Reply from 192.168.10.7: bytes=54450 time=1079ms TTL=62
Ping statistics for 192.168.10.7:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1079ms, Maximum = 1081ms, Average = 1079ms
I notice on my firewall that my QNAP NAS is continuously sending UDP sessions out to the Internet. Every second I have 5 - 7 connections out to addresses like the following:
2013-11-10 23:17:54 Deny 192.168.60.5 93.215.212.162 6881/udp 6881 6881
2013-11-10 23:18:05 Deny 192.168.60.5 87.76.0.83 29872/udp 6881 29872
2013-11-10 23:18:05 Deny 192.168.60.5 5.164.188.224 6881/udp 6881 6881
2013-11-10 23:18:05 Deny 192.168.60.5 80.61.45.206 6881/udp 6881 6881
2013-11-10 23:18:34 Deny 192.168.60.5 37.117.204.129 6881/udp 6881 6881
2013-11-10 23:18:34 Deny 192.168.60.5 71.67.101.30 51413/udp 6881 51413
2013-11-10 23:18:34 Deny 192.168.60.5 89.28.92.191 8621/udp 6881 8621
2013-11-10 23:18:34 Deny 192.168.60.5 94.244.157.85 28221/udp 6881 28221
2013-11-10 23:18:34 Deny 192.168.60.5 213.241.61.240 9089/udp 6881 9089
2013-11-10 23:18:45 Deny 192.168.60.5 88.163.28.100 52721/udp 6881 52721
2013-11-10 23:18:45 Deny 192.168.60.5 37.55.190.20 10027/udp 6881 10027
2013-11-10 23:18:45 Deny 192.168.60.5 62.72.188.146 14306/udp 6881 14306
2013-11-10 23:19:14 Deny 192.168.60.5 85.53.244.205 51413/udp 6881 51413
2013-11-10 23:19:14 Deny 192.168.60.5 67.163.18.215 52130/udp 6881 52130
2013-11-10 23:19:14 Deny 192.168.60.5 86.172.105.140 9089/udp 6881 9089
2013-11-10 23:19:14 Deny 192.168.60.5 99.28.56.121 52383/udp 6881 52383
2013-11-10 23:19:14 Deny 192.168.60.5 109.60.184.249 46217/udp 6881 46217
2013-11-10 23:19:25 Deny 192.168.60.5 121.107.144.174 21135/udp 6881 21135
2013-11-10 23:19:25 Deny 192.168.60.5 84.39.116.180 48446/udp 6881 48446
2013-11-10 23:19:25 Deny 192.168.60.5 183.238.254.62 openvpn/udp 6881 1194
This is frightening as it seems like it's been hacked to send information out. Has anyone observed this behaviour from their QNAP NAS?
First of all I believe this is a ESXi issue but let me know if you have seen this. It started about a year ago when I noticed occasionally when I putty via SSH to my VM guests, if I do anything that makes it to display a lot of things at once, the session will hang and I have to start a new one quite often only to find the same behaviour. What I meant by display a lot of things can be any of the following:
1) tail -f filename
2) Paste a long command
3) less filename
If I type in one character at a time this won't happen. I tried searching online and it always point me to flow control settings and the various suggestions I've tried have never been able to resolve the issue.
Since last week, I've noticed I'm not able to connect to my POP3 server from Outlook (it's timing out from Outlook's perspective).
Today I tried to connect to the ESXi via vSphere client and it gives me a time out also. Exact behavior and error I saw is similar to the one posted at the following URL but the suggested technique also failed to resolve the issue. http://davidcocke.blogspot.hk/2012/02/unable-to-login-with-vsphere-client.html
Has anyone experienced this before? Any suggestions on how to troubleshoot this?
routinely I'm seeing lots of login attempts to my mail server trying out various login names starting from A to Z coming from the one IP on one day and another IP on another day. Is there any means to detect this type of activities and block accordingly? I asked Watchguard and it appears they don't support this on their XTM series. Anything else I can do other than to have a super long password?
daily I'm getting hundreds of these mails and have never been able to quite understand completely. Here are some high level types I have observed for these mails.
Type 1
From: Mail Delivery Subsystem ([email protected])
Subject: Delivery Status Notification (Delay)
Type 2
From: Mail Delivery Subsystem ([email protected])
Subject: Delivery Status Notification (Failure)
Type 3
From: Mail Delivery System ([email protected])
Subject: Undelivered Mail Returned to Sender
Question Group 1
What puzzles me is for the DSNs from googlemail.com from Types 1 & 2 above, I'll see 3 mails from it with the following in the body of the mails in sequence over 3 days.
1) Message will be retried for 2 more day(s)
2) Message will be retried for 1 more day(s)
3) Delivery to the following recipient failed permanently
Questions are:
1) If the e-mail address doesn't exist on Google, why doesn't it tell me out right the address is not valid?
2) Assuming that it does exist because Google doesn't say outright on the initial try that it doesn't exist, why it'd still fail on the 3rd day saying "failed permanently"?
Question Group 2
Sometimes I'll be getting e-mails also from googlemail.com but these fall under Type 3 above. Content of the mail will include something like the following:
: host alt1.gmail-smtp-in.l.google.com[173.194.67.27]
said: 451 Requested action aborted: local error in processing (in reply to
RCPT TO command)
Questions:
1) Why wouldn't I see Google sending mails under Types 1 & 2 above ultimately telling me "Delivery to the following recipient failed permanently"?
2) What do I do in this case? Is this an invalid address or internal error with Google?
Question Group 3
Sometimes I'll also be getting e-mails with content "mailbox unavailable" from mails under Type 3 above. I'm running Dovecot / Postfix.
Question:
How do I make it such that I'll get a list of all the addresses resulted in "mailbox unavailable" so I can batch delete them from my system automatically?
Thanks!
When looking at Traffic Monitor, you will see columns of numbers. However not all of them are apparent on what they are for. Unfortunately I don't have enough reputation to post images but I'll try to explain what I'm looking at.
Can someone let me know the following. Thanks.
1) What are the numbers on Column 7, 12, and 13?
2) What's the difference between what's shown on columns 6 and 8?
Column Description 1 Date 2 Time 3 Shows "Allowed", Deny", etc 4 Source IP 5 Destination IP the Source IP is trying to target (ie Firebox's external IP for incoming traffic) 6 Protocol (Port name and sometimes Port number is shown also) 7 Unknown 8 Protocol (Port number but not sure difference from column 5 above) 9 Network from which Source IP originates from 10 Network to which Destination IP is at 11 Shows "Allowed", "blocked ports", etc 12 Unknown 13 Unknown 14 Policy name
Question on Watchguard XTM policy not allowing some traffic through. I have setup in Policy Manager named "TCP - NAS" that allows all TCP ports from External to SNAT from 192.168.10.13 -> 192.168.60.4 but am puzzled at why it's blocking some traffic (shown below).
The XTM is setup as Mixed Routing Mode, with external IP 192.168.10.13. A NAS is setup as 192.168.60.4. I want to grant traffic coming from outside the XTM to the NAS so when people try to reach 192.168.10.13 it's getting to 192.168.60.4.
Given, the policy is permitting all ports, and is sitting at the top as the first policy (I have switched off Auto Order Mode), can someone explain to me why I'm seeing denials via "Internal Policy"? Thanks.
ftp, http allowed through Policy TCP - NAS
2013-10-04 23:50:29 Allow 192.168.10.1 192.168.10.13 ftp/tcp 2555 21 0-External 0-Optional Bridge Allowed 60 63 (TCP - NAS-00) proc_id="firewall" rc="100" dst_ip_nat="192.168.60.4" tcp_info="offset 10 S 2686556654 win 5840" Traffic 2013-10-04 23:50:29 Allow 192.168.10.1 192.168.10.13 http/tcp 4722 80 0-External 0-Optional Bridge Allowed 60 63 (TCP - NAS-00) proc_id="firewall" rc="100" dst_ip_nat="192.168.60.4" tcp_info="offset 10 S 2687441010 win 5840" Traffic
Port 8000 denied
2013-10-04 23:50:29 Deny 192.168.10.1 192.168.10.13 8000/tcp 4019 8000 0-External 0-Optional Bridge blocked ports 60 63 (Internal Policy) proc_id="firewall" rc="101" dst_ip_nat="192.168.60.4" tcp_info="offset 10 S 2698964068 win 5840" Traffic 2013-10-04 23:50:32 Deny 192.168.10.1 192.168.10.13 8000/tcp 4019 8000 0-External 0-Optional Bridge blocked ports 60 63 (Internal Policy) proc_id="firewall" rc="101" dst_ip_nat="192.168.60.4" tcp_info="offset 10 S 2698964068 win 5840" Traffic
webcache, rdp are allowed through policy TCP - NAS
2013-10-04 23:50:32 Allow 192.168.10.1 192.168.10.13 webcache/tcp 4135 8080 0-External 0-Optional Bridge Allowed 60 63 (TCP - NAS-00) proc_id="firewall" rc="100" dst_ip_nat="192.168.60.4" tcp_info="offset 10 S 2689599964 win 5840" Traffic 2013-10-04 23:50:32 Allow 192.168.10.1 192.168.10.13 rdp/tcp 3896 3389 0-External 0-Optional Bridge Allowed 60 63 (TCP - NAS-00) proc_id="firewall" rc="100" dst_ip_nat="192.168.60.4" tcp_info="offset 10 S 2702431472 win 5840" Traffic