Postfix issues with one of my virtualmin machines.

19 posts / 0 new
Last post
#1 Wed, 08/19/2009 - 18:51
mobiusllc

Postfix issues with one of my virtualmin machines.

I am setting up osTicket on a virtualmin virtual server and when it tries to mail out, I get these issues:

maillog:

Aug 19 16:32:20 servername postfix/smtp[30348]: E1F9E20E0867: to=info@domain.net, relay=none, delay=6329, delays=6299/0.03/30/0, dsn=4.4.1, status=deferred (connect to mail.mydomain.com[xxx.xxx.xxx.xxx]: Connection timed out) Aug 19 16:32:20 servername postfix/qmgr[3174]: E3DAE20E0866: to=info@domain.net, relay=none, delay=10358, delays=10328/30/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mail.mydomain.com[xxx.xxx.xxx.xxx]: Connection timed out) Aug 19 16:32:20 servername postfix/qmgr[3174]: E7DD820E085F: to=first.last@domain.net, relay=none, delay=6497, delays=6467/30/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mail.mydomain.com[xxx.xxx.xxx.xxx]: Connection timed out) Aug 19 16:32:20 servername postfix/qmgr[3174]: E5A5420E0860: to=first.last@domain.net, relay=none, delay=3859, delays=3829/30/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mail.mydomain.com[xxx.xxx.xxx.xxx]: Connection timed out) Aug 19 16:32:20 servername postfix/qmgr[3174]: E9A3120E0861: to=info@domain.net, relay=none, delay=6497, delays=6467/30/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mail.mydomain.com[xxx.xxx.xxx.xxx]: Connection timed out) Aug 19 16:32:20 servername postfix/qmgr[3174]: EAFB620E0864: to=first.last@domain.net, relay=none, delay=59500, delays=59470/30/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mail.mydomain.com[xxx.xxx.xxx.xxx]: Connection timed out) Aug 19 16:32:20 servername postfix/qmgr[3174]: EBDEA20E085E: to=first.last@domain.net, relay=none, delay=318708, delays=318678/30/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mail.mydomain.com[xxx.xxx.xxx.xxx]: Connection timed out)

I can mail to a @gmail.com account no problem. But as soon as I try to mail to an @domain.net address it has issues reaching our internal mail server, the @domain.net server.

Any ideas?

Thu, 08/20/2009 - 11:58
ronald
ronald's picture
Your MX records that were reported by your nameservers are:

0 mx-12-173-187-97.mobiusllc.net 12.173.187.97

that is incorrect and your mailserver can not be reached.

5 mail.mobiusllc.net 12.173.187.97 would be correct. you need to change your zonefile/mx records.

Thu, 08/20/2009 - 14:34
mobiusllc

Is it correct now?

Thu, 08/20/2009 - 18:16
ronald
ronald's picture

no it isn't

5 12.173.187.97.mobiusllc.net No A Record (no glue either)

you can check here: http://www.intodns.com/mobiusllc.net

Thu, 08/20/2009 - 18:48
mobiusllc

Ok it does not seem to have that error anymore. MX Looks good otherwise.

But my mail internally from the web server seems to still be timing out. If it helps at all check out m y SF post as well for some more troubleshooting steps I have taken.

http://serverfault.com/questions/56679/postfix-connection-timed-out-inte...

Thu, 08/20/2009 - 22:13
andreychek

So, the server where you're receiving the timeouts -- is that your Virtualmin or your Zimbra server?

And, if you were to log into said server, and type:

telnet localhost 25

Does it connect, or does that time out as well?

-Eric

Thu, 08/20/2009 - 23:13
mobiusllc

I am trying to send ticket notifications from a webapp called osTicket on the virtualmin box to email addresses on the local Zimbra box.

When I telnet from the virtualmin box to the zimbra box I get:

[user@hostname log]$ sudo telnet mx-xx-xx-xx-xx.mailserver.com 25 Password: Trying 192.xxx.xxx.xxx... Connected to mx-xx-xx-xx-xx.mailserver.com (192.xxx.xxx.xxx). Escape character is '^]'. 220 mail.mailserver.com ESMTP Postfix

This is what was returned. It looks good right?

Thu, 08/20/2009 - 23:21
andreychek

Yeah, that much looks good.

So, the address you're emailing -- is that "mobiusllc.net"?

On your Virtualmin box, if you type "dig mx mobiusllc.net" -- what do you get?

From there, what happens if you telnet into the IP address you got from the previous command -- does that work, or timeout?

-Eric

Wed, 08/26/2009 - 22:21
mobiusllc

; <<>> DiG 9.3.4-P1 <<>> mx domain.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6896 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION: ;domain.net. IN MX

;; ANSWER SECTION: domain.net. 14400 IN MX 5 mx-12-173-187-97.domain.net.

;; AUTHORITY SECTION: domain.net. 51029 IN NS ns2.domain.net. domain.net. 51029 IN NS ns1.domain.net.

;; ADDITIONAL SECTION: mx-12-173-187-97.domain.net. 14400 IN A 12.173.187.97 ns1.domain.net. 172800 IN A 64.22.66.229 ns2.domain.net. 172800 IN A 64.22.66.230

;; Query time: 1779 msec ;; SERVER: 12.127.17.71#53(12.127.17.71) ;; WHEN: Thu Aug 20 21:58:10 2009 ;; MSG SIZE rcvd: 148

Fri, 08/21/2009 - 10:26
mobiusllc

[user@hostname ~]$ sudo telnet mx-12-173-187-97.mobiusllc.net 25 Trying 192.xxx.xxx.xxx... Connected to mx-12-173-187-97.mobiusllc.net (192.xxx.xxx.xxx). Escape character is '^]'. 220 mail.mobiusllc.net ESMTP Postfix quit Connection closed by foreign host. [user@host ~]$ sudo telnet 12.173.187.97 25 Trying 12.173.187.97... telnet: connect to address 12.173.187.97: Connection timed out telnet: Unable to connect to remote host: Connection timed out

But notice if I telnet to mx-12- etc. etc. etc. it gives a different response. Could that be because the firewall blocks ICMP (ping) traffic?

Fri, 08/21/2009 - 10:25
mobiusllc

I also tried to telnet to the internal address at 192.xxx.xxx.xxx and I get the :

sudo telnet mx-12-173-187-97.mobiusllc.net 25 Trying 192.xxx.xxx.xxx... Connected to mx-12-173-187-97.mobiusllc.net (192.xxx.xxx.xxx). Escape character is '^]'. 220 mail.mobiusllc.net ESMTP

Fri, 08/21/2009 - 12:00
ronald
ronald's picture

may be far fetched but did you try to install something else besides OsTicket to test if another script has the same issues?

Fri, 08/21/2009 - 12:17
mobiusllc

Ya, unfortunately it is every other app. I have CATS Applicant Tracking System as well as a Drupal install having the same issues. It is ONLY to internal email addresses though. (To the Zimbra mail server on the same network) If I have the scripts send email to external mail servers it works great.

I can't help but think its running into an issue going outside to the WAN then coming back in.

Is there any way I could force it to go directly to the internal IP of the local mail server when mailing to @mobiusllc.net addresses? I think that would fix it I just don't know how to do it.

Fri, 08/21/2009 - 19:28
andreychek

Is there any way I could force it to go directly to the internal IP of the local mail server when mailing to @mobiusllc.net addresses? I think that would fix it I just don't know how to do it.

Sure -- you could add an entry for the hostname that isn't working into your /etc/hosts file.

If the name that's failing is "mail.mydomain.com", you could add an entry like:

192.xxx.xxx.xxx mail.mydomain.com

Fri, 08/21/2009 - 19:43
mobiusllc

Ok so it looks like I have already tried that route. If that does not work, any other ideas?

Fri, 08/21/2009 - 19:52
mobiusllc

This is the part that I find so odd. I have my /etc/hosts like this:

127.0.0.1 host localhost.localdomain localhost

::1 localhost6.localdomain6 localhost6

192.168.xxx.xxx host.domain.com domain.com

192.168.xxx.xxx mx-12-173-187-97.mobiusllc.net

192.168.xxx.xxx mail.mobiusllc.net

yet its still showing mx-12-173-187-97.mobiusllc.net[12.173.187.97] in maillog

Aug 21 16:45:53 host postfix/qmgr[3166]: A1D1620E087F: to=user@mobiusllc.net, relay=none, delay=12353, delays=12323/30/0/0, dsn=4.4.1, staatus=deferred (delivery temporarily suspended: connect to mx-12-173-187-97.mobiusllc.net[12.173.187.97]: Connection timed out)

However when I ping it, I get the internal...:

sudo ping mx-12-173-187-97.mobiusllc.net PING mx-12-173-187-97.mobiusllc.net (192.168.xxx.xxx) 56(84) bytes of data. 64 bytes from mx-12-173-187-97.mobiusllc.net (192.168.xxx.xxx): icmp_seq=1 ttl=64 time=0.138 ms 64 bytes from mx-12-173-187-97.mobiusllc.net (192.168.xxx.xxx): icmp_seq=2 ttl=64 time=0.121 ms 64 bytes from mx-12-173-187-97.mobiusllc.net (192.168.xxx.xxx): icmp_seq=3 ttl=64 time=0.118 ms

Is there something I need to do to the postfix config? main.cf or something?

Mon, 08/24/2009 - 11:00
mobiusllc

I will give anyone that can help fix this $100 via paypal.

Mon, 08/24/2009 - 11:11
andreychek

Well, I'm guessing the issue is, as you mentioned earlier, due to having both an internal and external address.

I suspect that the DNS lookup Postfix is performing doesn't use the hosts file -- it may be using DNS to lookup the MX record.

What that means is that you may need to use a BIND View in order to get the setup you have working.

That is, you'd need to setup BIND to give out one IP address if the request comes from inside your LAN, and another IP address if it's coming from the outside.

-Eric

Mon, 08/24/2009 - 11:42
mobiusllc

Odd. I changed my primary DNS server on the Virtualmin box then went to BIND and clicked the root zone, then chose to Re-download Root Name Servers....then flushed the Queue. Now it works. Weird.

Can you please delete this topic?