Mail not working on server (sending and receiving)
I inherited a server some months ago and found that some of the accounts were seemed to be sending out spam mail. At the time there were records like this in exim_mainlog
2017-06-28 23:02:42 1dQPj7-0005Mm-JP <=
NAME@MYDOMAIN H=([127.0.0.1]) [78.90.72.196]:41899
P=esmtpa A=dovecot_plain:NAME@one_of_my_site.com S=15548
id=4D248BBE.3420710@one_of_my_sites.com T="Hand regard:
following the hand with the eyes!" for some_name@prodigy.net
I deleted the email account in question and all email accounts for that website.
Also at that time I found that the directory for /var/spool/exim was filling up by several GB in the space of hours and the servers disk was becoming full because of it. I cant recall what I did exactly but I think I may have deleted or removed something that I followed in a guide and the disk usage stopped anyway.
Since then though mail doesnt seem to work on the server at all and I need to fix it now. It seems that no messages sent to any of the email addresses for the accounts are received and no mails from cron jobs and other tools are received by the root email and test emails are never received too.
Exim is still running though, here is some sample output from /exim_mainlog
2017-10-13 05:28:34 SMTP connection from [51.254.125.108]:46176 (TCP/IP connection count = 2)
2017-10-13 05:28:36 dovecot_login authenticator failed for 108.ip-51-254-125.eu (ADMIN) [51.254.125.108]:46176: 535 Incorrect authentication data (set_id=sales@my_site.com)
2017-10-13 05:28:36 SMTP connection from [127.0.0.1]:59006 (TCP/IP connection count = 3)
2017-10-13 05:28:36 SMTP connection from 108.ip-51-254-125.eu (ADMIN) [51.254.125.108]:46176 closed by QUIT
2017-10-13 05:28:55 1e2T9p-0002wB-Jh Sender identification U=another_site D=another_site.net S=wordpress@another_site.net
2017-10-13 05:28:55 1e2uKp-0001KM-Kt Sender identification U=another_site D=another_site.net S=wordpress@another_site.net
2017-10-13 05:28:55 1e2pHa-0004vO-Vz Message is frozen
2017-10-13 05:28:56 1e2vqV-0002Ey-GI Message is frozen
2017-10-13 05:28:56 1e2uxV-0003Vm-47 Message is frozen
a few other details:
In the WHM sent summary there is no activity and same for the mail delivery reports.
Mail queue manager seems to have a lot of activity in it, all messages there are either frozen or queued and seem to be from [System] and trying to go to either root, cpanel or fail2ban@server.myhost.com, there are also some mails trying to send from one of our sites to other email addresses I dont recognise (I would guess they are wither users signed up to the site or people that have left a comment).
Im not sure how to tackle this, should I submit a ticket?
I should add that a lot of the messages are not needed and Id be ok with re-instaling everything from scrath for the mail on the server if needed.
thanks
-
Hello, Do you notice any output to /var/log/exim_paniclog when encountering an issue with sending or receiving? Thank you. 0 -
Hello, Do you notice any output to /var/log/exim_paniclog when encountering an issue with sending or receiving? Thank you.
This is all I see in the current paniclog: 2017-10-16 00:32:36 socket bind() to port 587 for address (any IPv6) failed: Address already in use: daemon abandoned I have the logs rotated weekly and the older ones are compressed but the logs dated 15th and 8th have nothing in them0 -
This is all I see in the current paniclog: 2017-10-16 00:32:36 socket bind() to port 587 for address (any IPv6) failed: Address already in use: daemon abandoned I have the logs rotated weekly and the older ones are compressed but the logs dated 15th and 8th have nothing in them
..also this is what I can see listening on port 587 tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 21565/exim tcp 0 0 :::587 :::* LISTEN 21565/exim0 -
One other thing, this is the output from a test mail I tried to send: -bash-4.1$ echo "Subject: test" | /usr/sbin/exim -v me@gmail.com LOG: MAIN cwd=/home/me 3 args: /usr/sbin/exim -v me@gmail.com LOG: MAIN <= me@server.myhostname.com U=me P=local S=323 T="test" -bash-4.1$ LOG: MAIN cwd=/var/spool/exim 4 args: /usr/sbin/exim -v -Mc 1e3zV1-0000MA-Py delivering 1e3zV1-0000MA-Py LOG: MAIN ** me@gmail.com R=enforce_mail_permissions: Gid 577 is not permitted to relay mail, or has directly called /usr/sbin/exim instead of /usr/sbin/sendmail. LOG: MAIN cwd=/var/spool/exim 8 args: /usr/sbin/exim -v -t -oem -oi -f <> -E1e3zV1-0000MA-Py LOG: MAIN <= <> R=1e3zV1-0000MA-Py U=mailnull P=local S=1645 T="Mail delivery failed: returning message to sender" LOG: MAIN cwd=/var/spool/exim 4 args: /usr/sbin/exim -v -Mc 1e3zV2-0000MF-23 delivering 1e3zV2-0000MF-23 LOG: MAIN Completed LMTP<< 220 server.myhostname.com Dovecot ready. LMTP>> LHLO server.myhostname.com LMTP<< 250-server.myhostname.com LMTP<< 250-STARTTLS LMTP<< 250-8BITMIME LMTP<< 250-ENHANCEDSTATUSCODES LMTP<< 250 PIPELINING LMTP>> MAIL FROM:<> LMTP<< 250 2.1.0 OK LMTP>> RCPT TO: LMTP<< 250 2.1.5 OK LMTP>> DATA LMTP<< 354 OK LMTP>> writing message and terminating "." LMTP<< 250 2.0.0 EN0WGsBa5FlsBQAAQA8zkQ Saved LMTP>> QUIT LMTP<< 221 2.0.0 OK LOG: MAIN => me R=localuser T=dovecot_delivery S=1798 C="250 2.0.0 EN0WGsBa5FlsBQAAQA8zkQ Saved" LOG: MAIN Completed 0 -
Hi, should I submit a support ticket about this? 0 -
Your last output is just improper use of the commands, not a sign of your issue. Opening a ticket will allow us to provide you with the best support. Once opened, you can paste the ticket ID here, and we can update this thread with the outcome. Looking over your output, I am not sure if any information relevant to your issue has been provided. Ideally, you would provide a full transaction which failed(i.e. 'exigrep /var/log/exim_mainlog'). With that said, a random guess is that perhaps one of your exim databases is corrupt as in the post below: Exim db corrupt with a few entries? 0
Please sign in to leave a comment.
Comments
6 comments