[CentOS] Mail has quit working

Mon Aug 27 02:37:55 UTC 2018
TE Dukes <tdukes at palmettoshopper.com>


> -----Original Message-----
> From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Richard
> Sent: Sunday, August 26, 2018 10:25 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Mail has quit working
> 
> 
> 
> > Date: Sunday, August 26, 2018 21:10:48 -0400
> > From: TE Dukes <tdukes at palmettoshopper.com>
> >
> >> From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of
> >> Richard Sent: Sunday, August 26, 2018 8:31 PM
> >>
> >> > Date: Sunday, August 26, 2018 16:25:14 -0400
> >> > From: TE Dukes <tdukes at palmettoshopper.com>
> >> >
> >> >> From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of
> >> >> Alexander Dalloz
> >> >> Sent: Sunday, August 26, 2018 3:46 PM
> >> >>
> >> >> Am 26.08.2018 um 20:48 schrieb TE Dukes:
> >> >> >> You see a basic error message "Could not connect to
> >> >> >> localhost:143". So test that without using additional
> >> >> >> software. Foremost consult the maillog, in this case the log
> >> >> >> content produced by dovecot. And test connectivity on the
> >> >> >> lowest level.
> >> >> >>
> >> >> >> echo QUIT | openssl s_client -connect localhost:143 -starttls
> >> >> >> imap
> >> >> > I'm getting what appears to be help file with various options
> >> >> > when trying to run the above commad
> >> >>
> >> >> Can we guess that you don't offer TLS for IMAP connections?
> >> >>
> >> > I added this to /etc/postfix/main.cf from
> >> > https://access.redhat.com/solutions/120383
> >> >
> >> > smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> >> > smtpd_tls_protocols = !SSLv2, !SSLv3
> >> > smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
> >> > smtp_tls_protocols = !SSLv2, !SSLv3
> >> >
> >>
> >> Randomly adding lines to a config file isn't going to help things.
> >> Those lines, which you added to the postfix config (which will have
> >> no impact on dovecot), are -- as the RH documentation indicates --
> >> to turn off weak protocols, they don't turn anything on, other
> >> directives are used for that.
> >>
> >> >
> >> >> >> That must be successful first. You can too test "lsof -i
> >> >> >> :143" or "ss -tulpen | grep 143". And tail your maillog.
> >> >> >>
> >> >> > Running lsof -i :143, I get:
> >> >> >
> >> >> > COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
> >> >> > dovecot 1576 root   37u  IPv4  32014      0t0  TCP *:imap
> >> >> > (LISTEN) dovecot 1576 root   38u  IPv6  32015      0t0  TCP
> >> >> > *:imap (LISTEN)
> >> >> >
> >> >> > Running ss -tulpen | grep 143 :
> >> >> >
> >> >> > tcp    LISTEN     0      100       *:143                   *:*
> >> >> > users:(("dovecot",pid=1576,fd=37)) ino:32014
> >> >> > sk:ffff913e953e2e80 <-> tcp    LISTEN     0      100
> >> >> > :::143
> >> >> > :::* users:(("dovecot",pid=1576,fd=38)) ino:32015
> >> >> > sk:ffff913b2e90a100v6only:1
> >> >> > <->
> >> >>
> >> >> So port 143 is listening. Are we back to the point that your DNS
> >> >> or NSS is broken so that even
> >> >
> >> > I think so. Everything else work, I don't get it.
> >> >>
> >> >> telnet localhost 143
> >> >>
> >> >> fails while
> >> >>
> >> >> telnet 127.0.0.1 143
> >> >>
> >> >> is successful?
> >> >>
> >> >
> >> > Yes, that is correct localhost fails but 127.0.0.1 responds.
> >> >
> >>
> >> In your pastebin:
> >>
> >>   <https://paste.fedoraproject.org/paste/MMNEJmqIrEzK-A4N3MR0ZA>
> >>
> >> you show three nameservers:
> >>
> >>   nameserver 166.102.165.13
> >>   nameserver 207.91.5.20
> >>   nameserver 127.0.0.1
> >>
> >
> > The first two nameservers belong to my ISP. Should I move 127.0.0.1
> > to the top?
> >
> >
> >> I can't tell if that's what you still have in place, but note that
> >> your dns queries will query those DNS servers in that order. Based
> >> on that order, the "localhost" (127.0.0.1) server is the last one
> >> that will be queried. Unless explicitly queried (e.g., with an
> >> @<nameserver> syntax) it will only be queried if the other two
> >> fail.
> >>
> >> Could you confirm the current order (and perhaps list) the
> >> nameservers in your /etc/resolv.conf file - so we are aware of any
> >> changes.
> >
> > They are still in that order.
> >
> >>
> >> I did a "localhost" query against the first two and they respond
> >> correctly, e.g.,
> >>
> >>   ;; QUESTION SECTION:
> >>   ;localhost.			IN	A
> >>
> >>   ;; ANSWER SECTION:
> >>   localhost.		86400	IN	A	127.0.0.1
> >>
> >>   ;; Query time: 100 msec
> >>   ;; SERVER: 166.102.165.13#53(166.102.165.13)
> >>
> >> Somewhat related to the:
> >>
> >>   > telnet localhost 143
> >>   >
> >>   > fails [while it works when you try 127.0.0.1]
> >>
> >
> > Not sure what I have done, but telnet localhost 143 now works but
> > telnet 127.0.0.1 143 fails.
> >
> >
> >> In an earlier message (from Sunday, August 26, 2018 14:37:57) you
> >> state:
> >>
> >>   > I have all the files shipped with CentOS. I created 2 zone
> >>   > files
> >>
> >> could you please enumerate the "named.*" files that you have under
> >> your defined directory. Note, if you've chrooted named that's a
> >> different location than in a non-chrooted setup.
> >>
> >
> > total 28
> > -rw-r--r-- 1 root  named  391 Aug 26 17:44 192.168.1.zone
> > drwxrwx--- 2 named named  127 Aug 26 03:46 data/
> > drwxrwx--- 2 named named   31 Aug 26 16:28 dynamic/
> > -rw-r--r-- 1 root  root     0 Aug 26 20:54 named
> > -rw-r----- 1 root  named 2281 May 22  2017 named.ca
> > -rw-r----- 1 root  named  152 Dec 15  2009 named.empty
> > -rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
> > -rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
> > -rw-r--r-- 1 root  named  793 Aug 26 17:44 palmettodomains.zone
> > -rw-r--r-- 1 root  root  1001 Aug 26 13:29
> > palmettodomains.zone.082618 drwxrwx--- 2 named named    6 Apr 12
> > 14:48 slaves/
> >
> >> Then there's this:
> >>
> >>   > ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @localhost localhost
> >>   >    +short
> >>   > ; (1 server found)
> >>   > ;; global options: +cmd
> >>   > ;; connection timed out; no servers could be reached
> >>
> >> do you *really* have a name server running on your local machine?
> >> Just thought I'd ask.
> >>
> > root       600  0.0  0.0 112704   968 tty2     S+   21:02   0:00
> > grep --color=auto named
> > named    21096  0.0  0.3 391636 60160 ?        Ssl  17:45   0:00
> > /usr/sbin/named -u named -c /etc/named.conf
> >
> >> While you are at it, could you show the current state of your
> >> /etc/hosts file (as well as its ownerships and permissions).
> >>
> > 127.0.0.1	localhost localhost.localdomain localhost4
> > localhost4.localdomain4
> ># 127.0.0.1     localhost.localdomain localhost
> > 192.168.1.110	ts130.palmettodomains.com	ts130
> > 192.168.1.110 mail.palmettodomains.com mail
> >
> > ::1         localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> ># ::1       localhost6.localdomain6 localhost6
> > 192.168.1.102	edukes1.palmettodomains.com edukes1
> > 192.168.1.105	hp8200.palmettodomains.com hp8200
> > ::1	localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> >
> > -rw-r--r--    1 root     root        509 Aug 26 14:02 hosts
> 
> Since your:
> 
>    dig @localhost localhost
> 
> failed, try:
> 
>    dig @127.0.0.1 localhost a
> 
> (in this context, i like the longer output as it reveals more).

>From dig @127.0.0.1 localhost a


; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @127.0.0.1 localhost a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36452
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;localhost.			IN	A

;; ANSWER SECTION:
localhost.		86400	IN	A	127.0.0.1

;; AUTHORITY SECTION:
localhost.		86400	IN	NS	localhost.

;; ADDITIONAL SECTION:
localhost.		86400	IN	AAAA	::1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 26 22:29:21 EDT 2018
;; MSG SIZE  rcvd: 96

> 
> If that fails, then there is, at minimum, a problem with your local
> dns server. If that works, try:
> 
>    dig @localhost4 localhost a

>From dig @localhost4 localhost a

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @localhost4 localhost a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39351
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;localhost.			IN	A

;; ANSWER SECTION:
localhost.		86400	IN	A	127.0.0.1

;; AUTHORITY SECTION:
localhost.		86400	IN	NS	localhost.

;; ADDITIONAL SECTION:
localhost.		86400	IN	AAAA	::1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 26 22:30:35 EDT 2018
;; MSG SIZE  rcvd: 96

> 
> This will explicitly use the ipv4 127. entry in your /etc/hosts,
> while "localhost" could use either.
> 
> [by the way, you appear to have redundant ipv6 "localhost" entries in
> your /etc/hosts file. mostly to have things clean, i'd get rid of the
> bottom one.]

Thanks! Not sure where that came from but its been removed.

Thank!!