LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-20-2011, 07:11 AM   #1
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Rep: Reputation: Disabled
lots of errors in maillog, why?


am a bit of a newbie, but I've recently built my first mail server (REHL with dovecot, postfix, SASL, ClamAV, MailScanner/SpamAssassin, PostGrey, SquirrelMail, Sieve).

Although I am yet to take it live (ie. redirect my MX records), my /var/log/maillog is starting to fill up with lots of log entries like this:

Code:
Dec 19 19:10:21 mail postfix/qmgr[28750]: B0995E26BE: from=<double-bounce@mail.mydomain.com>, size=909, nrcpt=1 (queue active)
Dec 19 19:10:21 mail postfix/qmgr[28750]: BC11BE2660: from=<root@mail.mydomain.com>, size=140734, nrcpt=1 (queue active)
Dec 19 19:10:21 mail dovecot: deliver(root): chdir(/root) failed: Permission denied
Dec 19 19:10:21 mail dovecot: deliver(root): sieve: failed to stat user's sieve script: stat(/root/.dovecot.sieve) failed: Permission denied (euid=99(nobody) egid=12(mail) missing +x perm: /root) (using global script path in stead)
Dec 19 19:10:21 mail dovecot: deliver(root): sieve: main_script: line 1: unexpected character(s) starting with 0xbe
Dec 19 19:10:21 mail dovecot: deliver(root): sieve: main_script: line 1: unexpected unknown characters found at (the presumed) end of file
Dec 19 19:10:21 mail dovecot: deliver(root): sieve: main_script: parse failed
Dec 19 19:10:21 mail dovecot: deliver(root): mkdir(/home/root/mail/cur) failed: Permission denied (euid=99(nobody) egid=12(mail) missing +w perm: /home)
Dec 19 19:10:21 mail dovecot: deliver(root): msgid=<20111214150206.CED4CE2678@mail.mydomain.com>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2011-12-19 19:10:21]
Dec 19 19:10:21 mail dovecot: deliver(root): chdir(/root) failed: Permission denied
Dec 19 19:10:21 mail dovecot: deliver(root): msgid=<20111217171244.B0995E26BE@mail.mydomain.com>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2011-12-19 19:10:21]
and so on. Other than these logs, the server is running fine. that said, I'm more than aware that this sort of behavious isn't good. Any ideas on how I can help cut this out?

- the good bits of my /etc/postfix/main.cf read like this:

Code:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
#smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient
#check_policy_service unix:postgrey/socket
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit

smtpd_recipient_restrictions = 
  permit_mynetworks
  permit_sasl_authenticated  
  check_recipient_address hash:/etc/postfix/recipient_address
  reject_unauth_destination 
  check_policy_service unix:postgrey/socket
  
broken_sasl_auth_clients = yes

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.mydomain.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.mydomain.com.key
smptd_tls_chain_file = /etc/pki/tls/certs/gd_bundle.crt
tls_random_source = dev:/dev/urandom

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
Some guesses about my primary problem are as follows:


SpamAssassin is installed (it came with MailScanner), but i guess I've never properly looked into configuring it - i Fugured that MailScanner would have done this?

I have also changed all user passwords (granted I am using Linux system accounts), but this hasn't helped.

Also, we are on PLAIN + LOGIN as authentication options - I know that PLAIN isn't the best but I haven't been able to get an alternative working (yet). What are the odds of this being the PRIMARY problem here?

I have a root user enabled, but he does not have a home folder (ie. no mail folder). I am worried that the various mailing attempts to mail him (RCPT TO root@mail.mydomain.com) are being kept in limbo somewhere - instead of being deleted - because it can't find his mailbox?

Any thoughts would be great - I am due to take the box online soon, but the last thing i want it to do is to unknowingly be relaying spam - or worse - collecting wads of mail that might bring it crashing to a halt one day.

Thanks again,

Scott

Last edited by scottmusician; 12-21-2011 at 03:05 AM.
 
Old 12-21-2011, 12:13 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 1,463

Rep: Reputation: 356Reputation: 356Reputation: 356Reputation: 356
The first two lines are from postfix and don't look like errors.
The rest of the lines are from dovecot, so your postfix config is not helpful.
Code:
Dec 19 19:10:21 mail dovecot: deliver(root): chdir(/root) failed: Permission denied
"mail" is the name of your system and "dovecot" is the application which is writing this line.
This says you are asking dovecot to do something in directory /root. That is the root user's home directory, so this is obviously wrong. Dovecot is started as a root process but drops root privileges so that an error in dovecot doesn't give root access to an attack. Post your dovecot config if you can't figure out the problem.
 
Old 01-15-2012, 09:06 PM   #3
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Original Poster
Rep: Reputation: Disabled
Hi again,

Thanks for the advise! I'm still having issues similar to the above, and haven't found the cause of it. I suspect it's something to do with dovecot's chrooting setup (which is admittedly the one area of dovecot that I haven't investigated a lot).

As an aside, I did find that I had 2x cron-based daily emails (one is logwatch, the other is a cron.daily report) that were attempting to send to root@mail.mydomain.com . I thought that this might be breaking things (As my mailboxes lie in their own custom location - /home/%u , and also I've not created a mailbox folder for 'root' user)... but even after redirecting cron+logwatch to a different address, these errors persist.

is something (perhaps someone externally) still trying to send stuff to root@mydomain.com? or is it simply some problems with dovecot.conf? Am i relaying? Here are all of my dovecot.conf lines containing the word 'root':

Code:
login_dir = /var/run/dovecot/login
login_chroot = yes
first_valid_uid = 500
last_valid_uid = 0
valid_chroot_dirs =
mail_chroot =

auth default {
  socket listen {
    client {

   path = /var/spool/postfix/private/auth
   mode = 0660
   user = postfix
   group = postfix

mechanisms = plain login

 #userdb vpopmail {
  #}
  user = root
  #chroot =
  #count = 1
}

  # Default user/group is the one who started dovecot-auth (root)
      #user =
      #group =

Last edited by scottmusician; 01-15-2012 at 09:08 PM.
 
  


Reply

Tags
dovecot, maillog, postfix, spam, spamassassin


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
why is maillog on my server getting created in /var/log/maillog.3 ? weblink_dipti Linux - Software 2 06-16-2007 04:47 AM
Getting lots of pptp_gre errors in syslog zurih Linux - Networking 1 05-23-2006 01:42 AM
STARTTLS errors in /var/log/maillog joe.biz Linux - Software 1 10-26-2005 04:18 PM
Lots of RX errors on internal eth pembo13 Linux - Networking 6 08-18-2004 08:03 AM
lots of errors after changing hostname bigcletus Linux - Networking 2 06-26-2003 11:53 PM


All times are GMT -5. The time now is 06:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration