JIRA mail not working

Hello Experts,

I tried to set up JIRA email on my server, and JIRA tells me that the test emails are sent successfully, but I never get anything.

Anyone able to help?

Thanks!
LVL 17
OmniUnlimitedAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Look at the log, /usr/psa/var/log/maillog to see where you sent the test messages to.
Note that your local mail server treats your domain as local which means if the local mail server is not the default system that handles your domain, that would explain why the messages are not making their way to where you expect.  

you should have an entry
from <>
to <>
and then disposition connected to X and received a response etc.  ref your prior question's examples.
0
OmniUnlimitedAuthor Commented:
Arnold, thank you so much for responding!  The problem is that I don't know how to fill out the JIRA form correctly, I think.  It asks for mailservers, and most mailservers I have seen use a subdomain prefix like mail.example.com.  You helped set up the mail on this server.  What would I use as the mailservers?
0
arnoldCommented:
Is JIRA setup on the same system? you can use localhost/127.0.0.1.  If JIRA is on a separate system, you have to update the DNS records to create a hostname i.e. such as internalmail.yourdomain.com pointing to the Static IP of the mail server (must be static or RESERVED DHCP assigned IP i.e. you do not want a mail server that may shift to a new IP)  Then within JIRA you will point to internalmail.yourdomain.com
Note the configuration I helped you with only dealt with the functionality of the mail server and other components within the server, nothing dealt with how an external system/user will access it.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

OmniUnlimitedAuthor Commented:
I tried switching to localhost on JIRA.  Once again, JIRA tells me the connection was successful, and so was the test email, but I received nothing.

Here is the maillog:

tail -f /usr/local/psa/var/log/maillog

Sep 30 20:21:53 xx-xx-xx-xx courier-pop3d: LOGOUT, user=noreply@example.com, ip=[::ffff:127.0.0.1], port=[xxx15], top=0, retr=0, rcvd=6, sent=30, time=0
Sep 30 20:22:46 xx-xx-xx-xx postfix/smtpd[xxx96]: connect from localhost.localdomain[127.0.0.1]
Sep 30 20:22:46 xx-xx-xx-xx postfix/smtpd[xxx96]: disconnect from localhost.localdomain[127.0.0.1]
Sep 30 20:23:01 xx-xx-xx-xx postfix/smtpd[xxx96]: connect from localhost.localdomain[127.0.0.1]
Sep 30 20:23:01 xx-xx-xx-xx postfix/smtpd[xxx96]: 0A5B0138053E: client=localhost.localdomain[127.0.0.1], sasl_method=LOGIN, sasl_username=noreply@example.com
Sep 30 20:23:01 xx-xx-xx-xx postfix/cleanup[xxx45]: 0A5B0138053E: message-id=<1698192024.5.1380597781045.JavaMail.jira@localhost.localdomain>
Sep 30 20:23:01 xx-xx-xx-xx postfix/qmgr[xxx70]: 0A5B0138053E: from=<noreply@example.com>, size=842, nrcpt=1 (queue active)
Sep 30 20:23:01 xx-xx-xx-xx postfix/smtpd[xxx96]: disconnect from localhost.localdomain[127.0.0.1]
Sep 30 20:23:01 xx-xx-xx-xx postfix/smtp[xxx47]: connect to mail.example.com[xx.xx.xx.xx]:25: Connection refused
Sep 30 20:23:01 xx-xx-xx-xx postfix/smtp[xxx47]: 0A5B0138053E: to=<joe@example.com>, relay=none, delay=0.28, delays=0.05/0.01/0.22/0, dsn=4.4.1, status=deferred (connect to mail.example.com[xx.xx.xx.xx]:25: Connection refused)
Sep 30 20:25:44 xx-xx-xx-xx postfix/qmgr[xxx70]: EE457138052F: from=<noreply@example.com>, size=855, nrcpt=1 (queue active)
Sep 30 20:25:44 xx-xx-xx-xx postfix/smtp[xxx88]: connect to mail.example.com[xx.xx.xx.xx]:25: Connection refused
Sep 30 20:25:44 xx-xx-xx-xx postfix/smtp[xxx88]: EE457138052F: to=<joe@example.com>, relay=none, delay=2313, delays=2313/0.02/0.22/0, dsn=4.4.1, status=deferred (connect to mail.example.com[xx.xx.xx.xx]:25: Connection refused)

Open in new window

0
arnoldCommented:
The problem for me is without explicit detail where mail.example.com is, i.e. is it a local server or is it an external server that is refusing connections.

In the log it indicates that your postfix now tries to connect to an external mail.example.com to deliver email for user joe@example.com, but the connection is being refused.

Is this mail server (postfix) supposed to handle emails for example.com?
If so, make sure it is listed in the mydomain within /etc/postfix/main.cf
it looks as though you configured your postfix to require authentication from user, but did not exclude the local lan nor 127.0.0.1.
0
OmniUnlimitedAuthor Commented:
Sorry for the delay in getting back to you.  The Internet went down! (Lousy timing)

Is this mail server (postfix) supposed to handle emails for example.com?

Yes.

If so, make sure it is listed in the mydomain within /etc/postfix/main.cf

Ok, I did not set mydomain on the last question, just myhostname which is example.com.  Is mydomain supposed to be example.com, or mail.example.com (which is the one pointed to in the MX record)?

it looks as though you configured your postfix to require authentication from user, but did not exclude the local lan nor 127.0.0.1.

Um, I really don't know what you are talking about...  sorry.  Can you guide me to get this setup right?
0
arnoldCommented:
myhostname you can change to mail.example.com
mydomain you can set to example.com

The difficulty deals with where the information to resolve mail.example.com to xxx.xxx.xxx.xxx comes from and whether the xxx.xxx.xxx.xxx has a firewall that allows port 25 through.
0
OmniUnlimitedAuthor Commented:
Good Morning arnold,

Thanks for staying with me.  I've changed myhostname to the name on the MX record, and mydomain as the site domain as you instructed, and restarted postfix.

You were right, and I am sorry I missed that (I missed it because the two domains are so similar) but the mail server that is rejecting is an external server (which I should have listed as mail.othersite.com, not mail.example.com)

I sent a test message again through PHP just to make sure I didn't screw things up on that end and that message came through fine.  I tried the JIRA, and the same errors are occurring:

Oct  1 07:26:00 xx-xx-xx-xx postfix/smtpd[xx62]: connect from localhost.localdomain[127.0.0.1]
Oct  1 07:26:00 xx-xx-xx-xx postfix/smtpd[xx62]: 9FDE713803D8: client=localhost.localdomain[127.0.0.1], sasl_method=LOGIN, sasl_username=noreply@example.com
Oct  1 07:26:00 xx-xx-xx-xx postfix/cleanup[xx65]: 9FDE713803D8: message-id=<233045696.6.1380637560657.JavaMail.jira@localhost.localdomain>
Oct  1 07:26:00 xx-xx-xx-xx postfix/qmgr[xx54]: 9FDE713803D8: from=<noreply@example.com>, size=845, nrcpt=1 (queue active)
Oct  1 07:26:00 xx-xx-xx-xx postfix/smtpd[xx62]: disconnect from localhost.localdomain[127.0.0.1]
Oct  1 07:26:00 xx-xx-xx-xx postfix/smtp[xx66]: connect to mail.othersite.com[xx.xx.xx.xx]:25: Connection refused
Oct  1 07:26:00 xx-xx-xx-xx postfix/smtp[xx66]: 9FDE713803D8: to=<joe@othersite.com>, relay=none, delay=0.31, delays=0.04/0.01/0.26/0, dsn=4.4.1, status=deferred (connect to mail.othersite.com[xx.xx.xx.xx]:25: Connection refused)

Open in new window


I have root access to the other server.  What info do you need to determine if port 25 is blocked?
0
arnoldCommented:
Look at the log on the othersite server to see whether it has a record of the incoming connection from mail.example.com.  I suspect you have something else in front that ..

Try the following while in the shell of mail.example.com
telnet mail.example.com 25
What is the response?
ehlo Mail.example.com
Mail from:  joe@example.com
Rcpt to: joe@othersite.com
Data
From: joe@example.com
To: joe@othersite.com
Subject: testing smtp

This is a test
.

See whether you always get 2xx, 3xx to the commands you send if a connection can be established.
0
OmniUnlimitedAuthor Commented:
I ran the tail -f /usr/local/psa/var/log/maillog command on the othersite.com server after I tried to send it an email through JIRA and there was nothing regarding my attempt registered in the log.  The log contains references to qmail on this server.

As you suspected, it looks like the connection through port 25 is blocked because doing a telnet to mail.othersite.com from the same server where it supposedly sits results in a "Connection refused" error.  I was able to connect through port 26, however.

Would it be easy to switch the example.com port to 26 instead of 25?

The server tells me that the ehlo command is not found.  I could not run your test.  I thought maybe you meant "echo" like you did in the test you ran in the previous question, but the two formats were too different, I wanted to ask you first.
0
arnoldCommented:
port 25 is the standard MX/Mail port.
Are you currently getting external emails sent to othersite.com delivered?
Check the firewall if any to make sure it is allowing traffic through on port 25.

if mail.othersite.com and mail.example.com are one and the same, edit /etc/hosts with an entry
127.0.0.1 mail.othersite.com mail.example.com

And see if that makes a difference.

The example in the recent post was to establish and perform and actual SMTP transaction with you behaving/functioning as a sending email server/client.
0
OmniUnlimitedAuthor Commented:
Are you currently getting external emails sent to othersite.com delivered?

Yes, the othersite.com server is our main email system, I would suspect that the firewall is allowing traffic through port 25.

mail.example.com and mail.othersite.com are not one in the same, if they even exist, because I don't remember having set up anything like that in the email setup I did with you.  If they exist, they would be housed on separate servers.

Can any other command perform the SMTP transaction you talked about besides ehlo?
0
arnoldCommented:
Ehlo is a newer alternative to helo a greating.

It seems that your firewall does not allow traffic originating com inside to hit the outside in an effort to come back to an internal system.
One option is to configure mail.example.com to send all its mail through mail.othersite.com using its internal IP.
One way is to do it in /etc/hosts
Xxx.xxx.xxx.xxx mail.othersite.com
Where Xxx.xxx.xxx.xxx is the internal IP of mail.othersite.co
 This is done through relayhost
Ok, try the following, look at /etc/postfix/main.cf find relayhost and put the xxx.xxx.xxx.xxx as the internal IP. The difference between the two is the main.cf option will send any and all outgoing emails from mail.example.com through mail.othersite.co. While the /etc/hosts entry will only deal with email message for which mail.othersite.com is the receiving mail server.

Another option that provides domain based routing uses the transports file. Within the main.cf there is a transport reference.

The transport file in /etc/postfix/transport has an example
I.e.
Othersite.com. Smtp:xxx.xxx.xxx.xxx:25

You then need to run postmap to convert the plain text transport file to a hash, database as configured within the main.cf.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OmniUnlimitedAuthor Commented:
Wait, I am sorry.  Did I say that I'm very new at this?  You left me in the dust back there.

I don't know how to do half of the things you talked about, like checking the firewall to see if it allows connections to port 25.

Now you stated:

One option is to configure mail.example.com to send all its mail through mail.othersite.com using its internal IP.

I know I don't know what I'm doing, but that sounds very bad to me.  Why would I want to route mail from one server through the email system of another server (especially since one server has absolutely nothing to do with the other) when the server that generates the mail has a working email system?  (At least it is working for PHP and roundcube.)  In fact, now that we have been working on this, it appears that the only problem with the email system is that it won't send emails to our othersite.com server.

Are you saying there is no way to get this to work using the example.com server?  I mean, now that we've been at this, it appears that something could be done, like I had mentioned that telneting through port 26 worked.  Can't we change the mail port on example.com to 26?
0
arnoldCommented:
Often, for application based servers as your mail.example.com it is easier to have the email handled by the local mail server and it delivers the message to the recipient versus having the application within the web server, etc. trying to connect to a remote mail server performing an SMTP message exchange.  The difference deals with overhead direct submission to local mailserver is less taxing then the other alternative.

Back to your question. There are situation where only certain systems are allowed external access and routing emails from internal servers that have no external access to those that do is necessary.

In your case, as my prior posts suggests you have two options.
One deals with creating an entry in /etc/hosts pointing mail.othersite.com to its internal IP.
The other deals with setting up a transport file that says send all messages addressed to othersite.com through the smtp:internalIP:25

A yet another option deals with whether your organization has internal DNS servers within which you can define mail.othersite.com that points to the internal IP. This requires that your mail.example.com server uses the internal DNS servers for name resolution.

Many options. You can choose whichever suits you best.  Note that DNS management provides the highest flexibility while file based change will require you to make changes should the server ever change IP or additional servers are added.
0
OmniUnlimitedAuthor Commented:
Oops, may have to scratch my last idea, a telnet mail.othersite.com 26 got a connection timed out error.

I don't understand why the mail.othersite.com server is having such a hard time getting emails?

There are situation where only certain systems are allowed external access and routing emails from internal servers that have no external access to those that do is necessary.

I am not certain what you mean by "internal" vs. "external" servers.  As I mentioned before, the two servers are very different servers.  They are not even housed in the same room.  And both servers house different websites.  I would say they have external access.

The mail.othersite.com server should have full external access.  If it does not, can we make it have it, because this should have been done in the first place and is probably due to some misconfiguration somewhere?
0
arnoldCommented:
Mail.othersite.com has full access to external and external senders have access to it as well.  In your case your Mail.example.com internal mail server is also trying to reach mail.othersite.com via external means.

Internet <=> router/firewall <=> LAN switch/systems.

Mail.othersite.com has xx.xx.xx.xx IP address which is on the Internet side' public
Your mail.example.com tries the following <=> LAN <=> router/firewall
                                                                                                    /*
                                            mail.othersite.com <=>LAN <= _x*

The * marked route is on most routers/firewalls is configured to deny this dealt with the old spoofing attacks which I will not go through to avoid adding extraneous information.
The short dealt with information sent to the router with the source reflected as an internal IP.
If you are interested in ore details, look up "IP spoofing attack."
0
OmniUnlimitedAuthor Commented:
But, mail.example.com is trying to access mail.othersite.com by external means because it IS external to mail.othersite.com.  They share nothing in common.  I am simply trying to access mail.othersite.com just like everybody else in the world can do.

Oh, and BTW, I updated iptables on the mail.othersite.com to accept connections via port 26.  I did a telnet from the mail.example.com server and it successfully connected!  woohoo!

Can't we try changing the smtp port on mail.example.com to port 26 and see if it will work?
0
arnoldCommented:
Is mail.example.com outside the LAN of mail.othersite.com?
In this case you have something configured on the firewall that allows some, but denies others.

Are there any VPN test up between the location where mail.example.com is and where mail.othersite.com is?

is there any telnet IP 25 that you can run that will get you successfully from mail.example.com to the mail.othersite.com?

Does your othersite.com subscribe to google mail's or any other mail filtering service?
0
OmniUnlimitedAuthor Commented:
Is mail.example.com outside the LAN of mail.othersite.com?

I don't know.  I would assume that it is.  Is there any way to check?

Are there any VPN test up between the location where mail.example.com is and where mail.othersite.com is?

Also don't know (sorry if I'm not being very helpful.)

is there any telnet IP 25 that you can run that will get you successfully from mail.example.com to the mail.othersite.com?

I can't find any.  I tried running tests through php and roundcube and they all had "connection refused" errors.  I am wondering if these problems would still occur through port 26 since I was able to successfully telnet through it.

Does your othersite.com subscribe to google mail's or any other mail filtering service?

No.  Not to my knowledge.
0
arnoldCommented:
Any chance you can post the actual domain names involved? Is it any variation/derivative of your username?

Compare the internal Ips of mail.othersite.com to that of mail.example.com.
Netstat -rn.
Ping the default gateway/router often .1 on the LAN.
After you ping use arp -a default_router.
Compare the two results. If they are one and the same, that means they are on the same network.
Can mail.example.com send any email to an external email address?gmail, yahoo, hotmail,live, etc.
0
OmniUnlimitedAuthor Commented:
Any chance you can post the actual domain names involved?

No, I'm sorry I can't.  The best I can do is to tell you that the two domains are the same with the exception of the top level domains which are different (e.g. .org vs. .com).

Is it any variation/derivative of your username?

Are you talking the username of the email we are using?  If this is the case then yes, because the username is just the email address (e.g. noreply@example.com)

Compare the internal Ips of mail.othersite.com to that of mail.example.com

The netstat command showed very different ip's for both servers with the exception of two listings:

mail.othersite.com
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0

Open in new window


mail.example.com
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1

Open in new window


Ping the default gateway/router often .1 on the LAN.

How do I find the IP of the gateway/router?  I mean, I know how to do it on my home network, the IP is generally 192.168.0.1 or something like that, but on a server, I have no idea.

Can mail.example.com send any email to an external email address?

Yes, it can.  It sends messages fine to everywhere with the exception of mail.othersite.com.
0
arnoldCommented:
169.254.0.0 are ranges used when DHCP IP assignment fails.

usually IPs on the LAN are in the form of 10.x.x.x, 172.16-31.x.x or 192.168.x.x

is the IP for mail.othersite.com that you are masking starts with 169.254.x.x?

If so, that may explain the issue. mail.example.com having an IP on the 169.254.y.y sees mail.othersite.com with IP 169.254.x.x as local and tries to reach it directly versus sending the data to the default router/gateway.
0
OmniUnlimitedAuthor Commented:
I tried pinging 192.168.0.1 like I would on my home system and got responses from both servers.

I ran arp -a 192.168.0.1 (hope this was right) and the results are as follows:

mail.othersite.com
arp: in 1 entries no match found.

Open in new window


mail.example.com
arp: in 2 entries no match found.

Open in new window


is the IP for mail.othersite.com that you are masking starts with 169.254.x.x?

If you are talking about the IP for mail.othersite.com that shows up when I execute the tail -f command, then no, it shows the proper IP for that site.
0
arnoldCommented:
While people can use any IP on their LAN, there are recommended/IPs designed for this purpose.  The use of other IPs can have issues as your situation seems to point to.

Who within your organization can address the IP setup question?
You need to check with them how to get mail.example.com to contact Mail.othersite.com.
0
OmniUnlimitedAuthor Commented:
Ok, so it's your premise then that mail.example.com is actually an internal server and that there is no way to connect to mail.othersite.com using external means?
0
arnoldCommented:
Usually an IP on the 169.254.x.x indicates an issue.  In your case given both systems can and do send/receive and access the net indicates there is some different setup.
The problem you are running into
both systems see 169.254.x.x as local

i.e. person A resides at 300 west main street (some city)
Person B resides at 302 west main street (some other city)

Each knows only the street address of the other (no info on city).
The mail person is courteous and looks at the address.

Person A addresses a letter to 302 west main street and puts it into the mail box.
The mail person, picks up, and drops the letter one place down at 302 west main street.
The neighbor of the sender, indicates that this is not meant for them and sends it back.

This is effectively what seems to be going on with your mail servers.  othersite might be somewhere else, but as far as mail.example.com the 169.254.x.x IP is right around the corner.

http://whois.arin.net/rest/net/NET-169-254-0-0-1/pft
0
OmniUnlimitedAuthor Commented:
Ah, ok.  I really appreciate the break down.  That was very helpful!  Thank you.

One of your suggestions you suggested making a new entry in the /etc/hosts file:

One way is to do it in /etc/hosts
Xxx.xxx.xxx.xxx mail.othersite.com
Where Xxx.xxx.xxx.xxx is the internal IP of mail.othersite.co


The only IP address I know is the one where I can access it through SSH and via a web browser.  Is this the one you were referring to, or is there another "internal" version?
0
arnoldCommented:
The IP you use for ssh, are you able to use the same IP with port 25 via telnet to connect? If so, yes, adding this IP to /etc/hosts with mail.othersite.com may work.
0
OmniUnlimitedAuthor Commented:
No, I get a "connection refused" error when I try to telnet port 25 on that IP address.  I am able to connect via port 26, however.
0
arnoldCommented:
What is on port 26?
Does it say
200 mail.othersite.com qmail?
0
OmniUnlimitedAuthor Commented:
No.  It says
220 othersite.com ESMTP

Can I route this port over to 25 and bypass the block, or can I reconfigure this port to read mail.othersite.com qmail?
0
arnoldCommented:
You can using the transport file
Othersite.com SMTP:IP:26
0
OmniUnlimitedAuthor Commented:
Ok, looking over your comment ID: 39537614 I found the following statements containing the word "transport" within the main.cf file:

virtual_transport = plesk_virtual
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#mailbox_transport = cyrus
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport =
transport_maps = , hash:/var/spool/postfix/plesk/transport
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps

Open in new window


Do I change any of these, or are they just reference?  I checked the /var/spool/postfix/plesk/ folder and it is filled with databases, which I presume gets updated/created using the postmap command.

You stated:

The transport file in /etc/postfix/transport has an example
I.e.
Othersite.com. Smtp:xxx.xxx.xxx.xxx:25

You then need to run postmap to convert the plain text transport file to a hash, database as configured within the main.cf.


I found the transport file, and basically it's just a text file with syntax and formats for the file.  Since I've never done this before, I was wondering if you could take me by the hand and show me the way?  Do I just set up a text file (using nano or some other similar editor) with that line Othersite.com SMTP:IP:26 and run postmap on it?  What is the syntax of postmap to do this?

Also, why are we doing all this on mail.example.com?  Shouldn't we be modifying settings on mail.othersite.com?  And if so, I know nothing about qmail.
0
arnoldCommented:
First thing first, the reason you need to jump through these hoops is because your mail.example.com has an issue accessing mail.othersite.com through regular means.
I.e. Lookup the mail server responsible for othersite.com.
Connect to the mail server and deliver the message it has for the recipient on the othersite.com domain.


The transport_map
http://www.postfix.org/transport.5.html
Check whether plesk has a directive to rebuild transport or actually add records into it.
Using nano, open /var/spool/postfix/plesk/transport
At the bottom of the page add
Othersite.com smtp:ssh_external_ip:26

After saving the file,
postmap -c /etc/postfix/main.cf hash:/var/spool/postfix/plesk/transport
There is no need to restart postfix, postfix will reread the changes the next time an outgoing message is processed by it.
0
OmniUnlimitedAuthor Commented:
Thanks arnold!  I really appreciate all the assistance.

There is no /var/spool/postfix/plesk/transport file, nano opens a new file.  Is this ok?
0
arnoldCommented:
Yes.
An alternative could be to do the following.
Use nano to edit /etc/postfix/main.cf
Get to transport_map between the = and the , there add hash:/etc/postfix/transport

This way you will have two transport maps. One presumably managed by plesk if you add additional domains that are handled by this mail server (future consideration deals withi.e. You need the mail server to handle example.com and examples.com, another example.com, etc. while each has its own mailboxes.)

The /etc/postfix/transport includes at the top the instruction/examples.
Within this transport file add
Othersite.com smtp:ssh_ip:26

postmap hash:/etc/postfix/transport

Then see if your currently queued up emails start going out. Or generate a test message and check the log.
0
OmniUnlimitedAuthor Commented:
Ok, /etc/postfix/main.cf now has the following line:

transport_maps = hash:/etc/postfix/transport, hash:/var/spool/postfix/plesk/transport

Open in new window


Is this correct?

I included othersite.com smtp:ssh_ip:26 at the bottom of the /etc/postfix/transport file and ran the postmap hash:/etc/postfix/transport command.

Still not getting anything.  I checked the log using the tail -f command and got the following:

Oct  1 17:13:33 xx-xx-xx-xx courier-imapd: Connection, ip=[::1]
Oct  1 17:13:33 xx-xx-xx-xx courier-imapd: LOGIN, user=noreply@example.com, ip=[::1], port=[xx411], protocol=IMAP
Oct  1 17:13:33 xx-xx-xx-xx courier-imapd: LOGOUT, user=noreply@example.com, ip=[::1], headers=0, body=0, rcvd=52, sent=156, time=0
Oct  1 17:14:33 xx-xx-xx-xx courier-imapd: Connection, ip=[::1]
Oct  1 17:14:33 xx-xx-xx-xx courier-imapd: LOGIN, user=noreply@example.com, ip=[::1], port=[xx413], protocol=IMAP
Oct  1 17:14:33 xx-xx-xx-xx courier-imapd: LOGOUT, user=noreply@example.com, ip=[::1], headers=0, body=0, rcvd=52, sent=156, time=0
Oct  1 17:15:33 xx-xx-xx-xx courier-imapd: Connection, ip=[::1]
Oct  1 17:15:33 xx-xx-xx-xx courier-imapd: LOGIN, user=noreply@example.com, ip=[::1], port=[xx418], protocol=IMAP
Oct  1 17:15:33 xx-xx-xx-xx courier-imapd: LOGOUT, user=noreply@example.com, ip=[::1], headers=0, body=0, rcvd=52, sent=156, time=0
Oct  1 17:16:33 xx-xx-xx-xx courier-imapd: Connection, ip=[::1]
Oct  1 17:16:33 xx-xx-xx-xx courier-imapd: LOGIN, user=noreply@example.com, ip=[::1], port=[xx420], protocol=IMAP
Oct  1 17:16:33 xx-xx-xx-xx courier-imapd: LOGOUT, user=noreply@example.com, ip=[::1], headers=0, body=0, rcvd=52, sent=156, time=0

Open in new window


Per your instructions, I did not restart postfix.  Looks like it is in some sort of a loop?
0
arnoldCommented:
You are looking in the wrong log.  Courier-imap is the front end interface allowing an IMAP enabled email client to access/view emails delivered.

You need to look at /usr/psa/var/log/maillog for message handling by postfix.
0
OmniUnlimitedAuthor Commented:
?  The log I displayed IS the /usr/local/psa/var/log/maillog file?

tail -f /usr/local/psa/var/log/maillog

NEWS UPDATE -

The loop seems to have stopped, and I ran a test.  It looks like the connection took!  However, the message bounced for some reason:

Oct  1 17:48:28 xx-xx-xx-xx postfix/pickup[xx63]: 729621380538: uid=10000 from=<openoffi>
Oct  1 17:48:28 xx-xx-xx-xx postfix/cleanup[xx51]: 729621380538: message-id=<20131002004828.729621380538@mail.example.com>
Oct  1 17:48:28 xx-xx-xx-xx postfix/qmgr[xx84]: 729621380538: from=<joe@mail.example.com>, size=936, nrcpt=1 (queue active)
Oct  1 17:48:28 xx-xx-xx-xx postfix/smtp[xx54]: 729621380538: to=<joe@othersite.com>, relay=none, delay=0.09, delays=0.08/0.01/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=ssh_ip type=AAAA: Host not found)
Oct  1 17:48:28 xx-xx-xx-xx postfix/cleanup[xx51]: 89CC8138053A: message-id=<20131002004828.89CC8138053A@mail.example.com>
Oct  1 17:48:28 xx-xx-xx-xx postfix/bounce[xx55]: 729621380538: sender non-delivery notification: 89CC8138053A
Oct  1 17:48:28 xx-xx-xx-xx postfix/qmgr[xx84]: 89CC8138053A: from=<>, size=2876, nrcpt=1 (queue active)
Oct  1 17:48:28 xx-xx-xx-xx postfix/qmgr[xx84]: 729621380538: removed
Oct  1 17:48:29 xx-xx-xx-xx postfix/smtp[xx54]: 89CC8138053A: to=<joe@mail.example.com>, relay=none, delay=0.42, delays=0.03/0/0.38/0, dsn=5.4.6, status=bounced (mail for mail.example.com loops back to myself)
Oct  1 17:48:29 xx-xx-xx-xx postfix/qmgr[xx84]: 89CC8138053A: removed

Open in new window

0
arnoldCommented:
not sure whether plesk allows, or whether you need to edit the courier-imap configuration to have it log to a different log file /usr/psa/var/log/courier-imap/maillog.

I do not know what mail server actually is answering the call on ssh_ip port 26.
But it is not mail.othersite.com since it is rejecting emails to user@othersite.com.

look at the bounce emails delivered to joe@mail.example.com to see what system that lands on.

I suggest you check with someone who setup the othersite mail server network on how your system mail.example.com can reach it.  The fact that both locations use the same IP segment and that is what is being published in DNS shows that there is an issue that can not be resolved here.

I have no problem going back and forth trying different things, but it is like throwing darts at a map saying, try this country, try that one.
0
OmniUnlimitedAuthor Commented:
not sure whether plesk allows, or whether you need to edit the courier-imap configuration to have it log to a different log file /usr/psa/var/log/courier-imap/maillog.

I don't see anything in my Plesk 11.5.30 Control Panel, and looking at the /etc/courier-imap/ files I didn't see anything to modify the path of the log file.  I did note that it does use sendmail, the same as postfix, which may or may not be the reason it shares the log.

You should know that I had made a change to the /etc/postfix/master.cf file as well as in other areas, in that I changed
smtp      inet  n       -       n       -       -       smtpd

Open in new window

to
26         inet  n       -       n       -       -       smtpd

Open in new window


I had also made some changes (in my ignorance) to some postfix files on othersite.com, as well as played with iptables.

Could anything I had done affected how the email is going out from example.com or how, if it is even being received, it is entering into othersite.com?

How can I trace that bounced email?  Where can I find logs of the attempt?

Thanks!
0
arnoldCommented:
The change to master.cf from smtp to 26 on which system was this change made?
All the changes in master.cf controls the incoming traffic to mail.example.com
Iptbles also affect the incoming traffic often.
iptables -t filter -L --line-numbers


At this stage because we were discussing both, first thing is to correct what changes you made to reverse and restore the postfix functionality on mail.example.com to what it needs to be.  Then you would need to check with how the network/IPs are setup and how they interact.


The bounced ma l should be accessible through courier-imap (thought you were setting up dovecot with postfix and mysql) accessing the joe@example.com email account.
The difficulty is that the error message the system got is non standard.
Checking the othersite firewall to identify the system to which port 26 is being forwarded is the straight forward way to determine which system and what is going on.
0
OmniUnlimitedAuthor Commented:
The change to master.cf from smtp to 26 on which system was this change made?


Example.com

iptables -t filter -L --line-numbers

Example.com
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
2    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:26
3    ACCEPT     udp  --  anywhere             anywhere            udp dpt:26

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Open in new window


othersite.com
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp_p26
2    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
3    REJECT     tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
4    DROP       all  --  anywhere             anywhere            state INVALID
5    ACCEPT     all  --  anywhere             anywhere
6    ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:60000:65000
7    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pcsync-https
8    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:cddbp-alt
9    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
10   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
11   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
12   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
13   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:submission
14   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:25
15   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtps
16   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
17   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s
18   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap
19   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps
20   DROP       tcp  --  anywhere             anywhere            tcp dpt:poppassd
21   ACCEPT     tcp  --  mail.example.com     anywhere            tcp dpt:mysql
22   ACCEPT     tcp  --  thirdsite.com        anywhere            tcp dpt:mysql
23   ACCEPT     tcp  --  thirdsite.com        anywhere            tcp dpt:mysql
24   ACCEPT     tcp  --  thirdsite.com        anywhere            tcp dpt:mysql
25   ACCEPT     tcp  --  cpe-xx-xx-xx-xx.socal.res.rr.com  anywhere            tcp dpt:mysql
26   ACCEPT     tcp  --  xx.xx.xx.xx        anywhere            tcp dpt:mysql
27   ACCEPT     tcp  --  mail.othersite.com   anywhere            tcp dpt:mysql
28   DROP       tcp  --  anywhere             anywhere            tcp dpt:mysql
29   DROP       tcp  --  anywhere             anywhere            tcp dpt:postgres
30   DROP       tcp  --  anywhere             anywhere            tcp dpt:9008
31   DROP       tcp  --  anywhere             anywhere            tcp dpt:glrpc
32   DROP       udp  --  anywhere             anywhere            udp dpt:netbios-ns
33   DROP       udp  --  anywhere             anywhere            udp dpt:netbios-dgm
34   DROP       tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn
35   DROP       tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds
36   DROP       udp  --  anywhere             anywhere            udp dpt:openvpn
37   ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
38   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
39   ACCEPT     icmp --  anywhere             anywhere            icmp type 8 code 0
40   DROP       all  --  anywhere             anywhere
41   ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp_p26

Chain FORWARD (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
2    REJECT     tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
3    DROP       all  --  anywhere             anywhere            state INVALID
4    ACCEPT     all  --  anywhere             anywhere
5    DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
2    REJECT     tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
3    DROP       all  --  anywhere             anywhere            state INVALID
4    ACCEPT     all  --  anywhere             anywhere
5    ACCEPT     all  --  anywhere             anywhere

Open in new window


I went ahead and took out the port 26 entry out of /etc/postfix/master.cf and replaced it with the smtp entry it had originally, and restarted postfix.

How do I check the setup of the network/IP's as you suggested?
0
arnoldCommented:
You need to correct the changes to iptables on mail.example.com

The iptables for othersite.com presumably are for mail.othersite.com rather than a router/firewall.


You need to define what the source of information is and what it is I am looking at.

You need to look at iptables -t nat -L --line-numbers
0
OmniUnlimitedAuthor Commented:
Ok, I corrected the changes to iptables on mail.example.com

iptables -t filter -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Open in new window


The iptables for othersite.com presumably are for mail.othersite.com rather than a router/firewall.

I don't know, I just ssh into othersite.com and run the iptables command you gave me.  How can I tell the difference?

You need to define what the source of information is and what it is I am looking at.

I'm sorry, I thought I was.  I'll try harder.

iptables -t nat -L --line-numbers

SSH to example.com
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Open in new window


SSH to othersite.com
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Open in new window

0
arnoldCommented:
Trying to figure out what your network is like and the interactions is a difficult proposition.
Run
On othersite.com,
lsof -i:25
lsof -i:26
lsof -i:465
0
OmniUnlimitedAuthor Commented:
Yeah, I know I haven't made it easy on you.  I really, really appreciate all the help! :)

Here is the info from othersite.com:
# lsof -i:25
# lsof -i:26
COMMAND   PID USER   FD   TYPE    DEVICE SIZE NODE NAME
xinetd  xxx20 root    8u  IPv4 256945432       TCP *:smtp_p26 (LISTEN)
# lsof -i:465
COMMAND   PID USER   FD   TYPE    DEVICE SIZE NODE NAME
xinetd  xxx20 root    9u  IPv4 256945433       TCP *:smtps (LISTEN)
#

Open in new window

0
arnoldCommented:
You are running a mail service out of xinetd. Port binder.  Look in /etc/xinetd.d

Need to see how the mail server is run from there whether it has a restriction.

Look to see if you have data in /etc/hosts,deny
All:all
If the above matches, look in /etc/hosts.allow to see which services are permitted and from where.

The puzzling thing in your iptables data for othersite, there is an entry for mail.othersite.com with access right to mysql, suggesting there are two separate servers so not sure which and what functions this one provides...
0
OmniUnlimitedAuthor Commented:
/etc/xinetd.d - not sure what I'm supposed to look for here?

ls -alhls
8.0K drwxr-xr-x  2 root root 4.0K Sep 24 19:45 .
 16K drwxr-xr-x 99 root root  12K Oct  1 00:00 ..
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 chargen-dgram
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 chargen-stream
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 daytime-dgram
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 daytime-stream
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 discard-dgram
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 discard-stream
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 echo-dgram
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 echo-stream
8.0K -rw-r--r--  1 root root  323 Jun  5 12:01 eklogin
8.0K -rw-r--r--  1 root root  347 Jun  5 12:01 ekrb5-telnet
8.0K -rw-r--r--  1 root root  286 Dec  8  2010 ftp_psa
8.0K -rw-r--r--  1 root root  326 Apr 23 10:46 gssftp
8.0K -rw-r--r--  1 root root  310 Jun  5 12:01 klogin
8.0K -rw-r--r--  1 root root  323 Jun  5 12:01 krb5-telnet
8.0K -rw-r--r--  1 root root  308 Jun  5 12:01 kshell
8.0K -rw-r--r--  1 root root  331 Oct  7  2010 poppassd_psa
8.0K -rw-r--r--  1 root root  317 Sep  9  2004 rsync
8.0K -rw-r--r--  1 root root  407 Sep  3 13:18 smtp_psa
8.0K -rw-r--r--  1 root root  411 Sep 24 19:46 smtp_psa_p26
8.0K -rw-r--r--  1 root root  408 Sep  3 13:18 smtps_psa
8.0K -rw-r--r--  1 root root  392 Sep  3 13:18 submission_psa
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 tcpmux-server
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 time-dgram
8.0K -rw-r--r--  1 root root 1.2K Oct  7  2010 time-stream

Open in new window


I'm afraid there's nothing in /etc/hosts.deny:
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!

Open in new window


nor in /etc/hosts.allow:
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#

Open in new window


The puzzling thing in your iptables data for othersite, there is an entry for mail.othersite.com with access right to mysql

Yeah, I was curious about that myself.  I was wondering why both mail.example.com and mail.othersite.com were set up as mysql.  If that is wrong, let's change them.  To be honest with you, I don't remember if maybe I was the one responsible for putting those there or not.  I could have used the wrong iptables command for all I know.
0
arnoldCommented:
Mysql is the backend where the information for the domains and user mailboxes are stored.
The access would depend on the setup One central mysql server and  ....   There are various ways that can be setup/configured.

Look at psa_smtp
You may have two instances of incoming mail server handling one on port 25 and one on port 26 with one listening on port SMTPS 456.
0
OmniUnlimitedAuthor Commented:
I found more things that I did to othersite.com and reverted them to the way they were.  I had made a change to the /etc/xinetd.d/ directory, smtp_psa file by adding a copy called smtp_psa_p26 file to that directory and reconfiguring it to port 26.  That is all gone now.  I've also closed port 26 in the iptables.

Here is the smtp_psa file from othersite.com:
service smtp
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        disable         = no
        user            = root
        instances       = UNLIMITED
        env             = SMTPAUTH=1 POPAUTH=1
        server          = /var/qmail/bin/tcp-env
        server_args     = -Rt0 /var/qmail/bin/relaylock  /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

Open in new window

0
arnoldCommented:
I used to run qmail, but not under xinetd.
Daemontols that monitor the service and restart it if it crashes.


In your case however, you need to find a path from Mail.example.com 25.

Run on n external system nslookup -q=MX othersite.com and see where all others are sending emails for othersite.com
Then try to see whether you can connect to that from mail.example.com and send a test message to a user@othersite.com.

Then use the transport configuration to point it to that location.
0
OmniUnlimitedAuthor Commented:
Thanks again arnold.  I ran the nslookup from my home computer and got an "Can't find server name for address xx.xx.xx.xx: Non-existant domain" error.

I did some research on this, and I found the following statement:

If reverse DNS for that IP address is not setup correctly, then NSLOOKUP cannot determine the name associated with the IP address.
On Windows Vista/2008, it then says "Default Server: UnKnown".
On earlier Windows versions, it displays the error message "*** Can't find server name for address ...".

Open in new window


and
Many e-mail servers on the Internet are configured to reject incoming e-mails from any IP address which does not have reverse DNS.

Open in new window


What do you think of this?  Do you think this could be possible?
0
arnoldCommented:
Usually, the rejection is when the two do not match
I.e.
But lookup of x.x.x.y shows up as mail.example.com which in turn resolves to x.x.x.a

The nslookup -q=MX yourotherdomain.com

If you get an error this means the domain is not valid.  You should not be using an IP in the above lookup.
0
OmniUnlimitedAuthor Commented:
I am using othersite.com in the nslookup, not the IP address.  The domain has to be valid, I can browse to it and see the web page on the server.

***UPDATE

Well, I just ran nslookup on google.com and got the same error.  Must be a Windows problem.
0
arnoldCommented:
If you do not have an MX record, the mail delivery attempts will go to the IP to which othersite.com resolves
nslookup othersite.com

Then try to telnet to the above returned IP port 25 and see if you can send email then.

Look at DNSstuff.com http://www.dnsgoodies.com to get MX and IPs.

Your issue might be that your internal DNS records points to one thing while the external email. Goes to a different location.
0
OmniUnlimitedAuthor Commented:
telnet to the returned IP port 25 gave me a "Could not open connection to the host, on port 25: Connect failed" error.

MX from http://www.dnsgoodies.com shows MX as 10 mail.othersite.com.  The A record shows same IP as that which was returned by nslookup.
0
arnoldCommented:
Is the email to othersite.com still being received?

You may need to make sure your iptables are configured correctly, check any external firewall?

Unfortunately it seems that you do not have a copy of iptables prior to making any changes.
0
OmniUnlimitedAuthor Commented:
Hey arnold,

You know you might have given me a clue as to what is going on here.  The emails that are arriving at the othersite.com inboxes are all from other othersite.com emails.  I just tried to send an email to one of the othersite.com addresses from an outside account and it has not arrived.  I take it that emails sent from accounts on a particular server to other accounts on the same server do not have to worry about firewalls, etc.  Am I right?
0
arnoldCommented:
Yes, you can setup a domain that is only internal in nature.
0
OmniUnlimitedAuthor Commented:
Hmm.  Ok, well I guess I'm going to have to take up this issue with the hosting company.  I'll keep you informed.

Thanks again, arnold.
0
OmniUnlimitedAuthor Commented:
arnold, I am so sorry it took so long to get back to you.  I had to work with the hosting company for several days in order to resolve this issue.  It seems that our server had been compromised and infected with a particularly nasty Trojan, as well has having experienced some unrelated breaches by other hackers.  Needless to say, it has not been a fun week.  We are still working on the issue, but I couldn't keep you hanging any longer.  I wish I could award more than 2,000 points, you really did go above and beyond the call of duty.  Thank you.  I really appreciate all your help.

Best Regards,

Jason
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.