Results 1 to 10 of 10

Thread: [SOLVED] smtpd and postfix-script warnings

  1. #1
    Join Date
    Jun 2009
    Location
    PDX, Oregon
    Posts
    5
    Rep Power
    6

    Question [SOLVED] smtpd and postfix-script warnings

    I got this these two warnings.
    one is from the smptd, i would like to know if these means someone is using my smtp server as a relay?
    I am using 6.0.1 Open Source

    On other thing is that Stats service keeps stopping.. i get this message..any ideas why that is happening? I have stop all the service and start them all to fix it. This only started happening when i upgrade to 6.0.1

    Thank you,
    Shane

    Code:
    Oct 18 17:23:26 xxx.xxx.xxx.xxx zimbramon[17419]: 17419:err: Service status change: xxx.xxx.xxx.xxx stats changed from running to stopped
    Code:
    Warnings
    --------
      smtpd (total: 1)
             1   70.33.186.10: hostname 70-33-186-10.reliablehostingservices.net...
    And if postfix-script warning is something i should worry about?
    I check the files and see who they where own by and it look ok to me.. its zimbra or postfix.

    Code:
    Warnings
    --------
      postfix-script (total: 4)
             1   not owned by root: /opt/zimbra/postfix-2.6.2.2z/conf/master.cf
             1   not owned by root: /opt/zimbra/postfix-2.6.2.2z/conf/main.cf
             1   not owned by root: /opt/zimbra/data/postfix/spool
             1   not owned by root: /opt/zimbra/postfix-2.6.2.2z/conf/master.cf.in
    
    Fatal Errors: none
    
    Panics: none
    
    Master daemon messages
    ----------------------
          1   daemon started -- version 2.6.2, configuration /opt/zimbra/postfix-2.6.2.2z/conf
          1   terminating on signal 15

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Check /var/log/zimbra.log to see whether that hostname attempted to relay through your server.

  3. #3
    Join Date
    Jun 2009
    Location
    PDX, Oregon
    Posts
    5
    Rep Power
    6

    Default

    this what to log file says...from what it looks like it sent me email if im reading it correctly..

    Code:
    Oct 16 19:19:04 xxx.xxx.xxx.xxx postfix/smtpd[6738]: warning: 70.33.186.10: hostname 70-33-186-10.reliablehostingservices.net verification failed: Name or service not known
    Oct 16 19:19:04 xxx.xxx.xxx.xxx postfix/smtpd[6738]: connect from unknown[70.33.186.10]
    Oct 16 19:19:04 xxx.xxx.xxx.xxx postfix/smtpd[6738]: setting up TLS connection from unknown[70.33.186.10]
    Oct 16 19:19:04 xxx.xxx.xxx.xxx postfix/smtpd[6738]: Anonymous TLS connection established from unknown[70.33.186.10]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Oct 16 19:19:05 xxx.xxx.xxx.xxx postfix/smtpd[6738]: 1922B1326109: client=unknown[70.33.186.10]
    Oct 16 19:19:05 xxx.xxx.xxx.xxx postfix/smtpd[6738]: disconnect from unknown[70.33.186.10]
    Oct 16 19:19:xxx.xxx.xxx.xxx amavis[11945]: (11945-01) Checking: OPWKky-E0u+x [70.33.186.10] <hiresco1@superbad.hirescover.net> -> <asparatu@asparatu.com>
    Oct 16 19:19:11 xxx.xxx.xxx.xxx amavis[11945]: (11945-01) Passed CLEAN, [70.33.186.10] [70.33.186.10] <hiresco1@superbad.hirescover.net> -> <asparatu@asparatu.com>, Message-ID: <E1Myys5-00055d-RU@superbad.hirescover.net>, mail_id: OPWKky-E0u+x, Hits: 0.986, size: 2887, queued_as: 6CC471326229, 5938 ms
    Oct 16 19:22:25 xxx.xxx.xxx.xxx postfix/anvil[6835]: statistics: max connection rate 1/60s for (smtp:70.33.186.10) at Oct 16 19:19:04
    Oct 16 19:22:25 xxx.xxx.xxx.xxx postfix/anvil[6835]: statistics: max connection count 1 for (smtp:70.33.186.10) at Oct 16 19:19:04
    Last edited by asparatu; 10-19-2009 at 07:16 PM.

  4. #4
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Yes they sent you an email, but their DNS records are configured improperly.

    Your mail server did the equivalent of these steps when they connected:
    dig +short 10.186.33.70.in-addr.arpa PTR
    dig 70-33-186-10.reliablehostingservices.net.

    Note how there is no A record for the PTR record for their IP address?

    You will see this a lot with misconfigured mail servers, or in this case what looks like a server that was never intended to be a mail server, but has been hacked and is sending out spam

  5. #5
    Join Date
    Jun 2009
    Location
    PDX, Oregon
    Posts
    5
    Rep Power
    6

    Default

    ok.. thank you..i understand it now.

    Can you tell why the other errors happen? with stats stopping and postfix script saying the file are not owned by root?
    Thank you
    Shane

  6. #6
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Sorry didn't see that about the stats earlier. That is Bug 40861 - zmstat-allprocs stops running on 6.0 which has been fixed and will be in 6.0.2, due out sometime around 10/26/09 according to Zimbra Product Portal

    As for the errors about the files not being owned by root, you should be able to safely ignore that. I got that also on the first daily report after upgrading to 6.0.0, but on subsequent reports it has not appeared.
    Last edited by ArcaneMagus; 10-20-2009 at 02:18 AM.

  7. #7
    Join Date
    Jul 2009
    Location
    Hồ Chi Minh City, Vietnam
    Posts
    13
    Rep Power
    6

    Default

    Good new! Thank your for usefull infomation

  8. #8
    Join Date
    Jan 2007
    Location
    Delaware, USA
    Posts
    14
    Rep Power
    8

    Question Not owned by root warnings every time Zimbra starts

    Quote Originally Posted by ArcaneMagus View Post
    As for the errors about the files not being owned by root, you should be able to safely ignore that. I got that also on the first daily report after upgrading to 6.0.0, but on subsequent reports it has not appeared.
    I just upgraded a test system from 5.0.18 to 6.0.5 and am seeing the same "not owned by root" warnings in the zimbra log every time zimbra starts. This happens with my backup script every evening so I see them in the daily email report. I confirmed with a manual stop/start. My experience is that the warnings will continue to appear in the daily report anytime Zimbra starts. Can anyone else confirm this?

    Code:
    Mar  8 00:34:59 mail postfix/postfix-script[5801]: warning: not owned by root: /opt/zimbra/data/postfix/spool
    Mar  8 00:34:59 mail postfix/postfix-script[5808]: warning: not owned by root: /opt/zimbra/postfix-2.6.5.2z/conf/main.cf
    Mar  8 00:34:59 mail postfix/postfix-script[5809]: warning: not owned by root: /opt/zimbra/postfix-2.6.5.2z/conf/master.cf
    Mar  8 00:34:59 mail postfix/postfix-script[5810]: warning: not owned by root: /opt/zimbra/postfix-2.6.5.2z/conf/master.cf.in
    My mission critical Zimbra is still at 5.0.18. I compared the file ownerships between the two versions and they are the same. Based on a quick comparison of the two postfix-script versions it appears that code has been added to the 6.0.x version to test the ownership and report warnings.

    My best guess is that the ownership settings do not fit the security configuration recommended for postfix and that the warnings are simply the result of this now being tested. It is probably not critical but I prefer to not see warnings.

    Has anyone tried changing the ownerships to address the warning?

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by zmailcc View Post
    I just upgraded a test system from 5.0.18 to 6.0.5 and am seeing the same "not owned by root" warnings in the zimbra log every time zimbra starts. This happens with my backup script every evening so I see them in the daily email report. I confirmed with a manual stop/start. My experience is that the warnings will continue to appear in the daily report anytime Zimbra starts. Can anyone else confirm this?
    That's correct, they will continue to appear.


    Quote Originally Posted by zmailcc View Post
    My best guess is that the ownership settings do not fit the security configuration recommended for postfix and that the warnings are simply the result of this now being tested. It is probably not critical but I prefer to not see warnings.

    Has anyone tried changing the ownerships to address the warning?
    Those warnings have always appeared in the Zimbra logs and it's required that the ownership stays as it is and you not modify them, Zimbra needs to write to those files.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    Join Date
    Jan 2007
    Location
    Delaware, USA
    Posts
    14
    Rep Power
    8

    Default

    Phoenix,

    Thank you for confirming that I can ignore the ownership messages. I plan to upgrade my mission critical system this weekend.

Similar Threads

  1. Hopefully an easy Postfix question....
    By NoDoze in forum Users
    Replies: 8
    Last Post: 10-01-2008, 07:59 AM
  2. Changing outgoing postfix port
    By rmvg in forum Administrators
    Replies: 0
    Last Post: 09-18-2008, 06:38 PM
  3. [SOLVED] Spam Being Sent Thru Server - Help Needed!
    By msf004 in forum Administrators
    Replies: 22
    Last Post: 03-14-2008, 11:11 PM
  4. Replies: 5
    Last Post: 12-04-2007, 04:40 PM
  5. System-Load with M4
    By billybofh in forum Administrators
    Replies: 7
    Last Post: 02-15-2006, 01:11 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •