[SOLVED] smtpd and postfix-script warnings

[asparatu]

I got this these two warnings.
one is from the smptd, i would like to know if these means someone is using my smtp server as a relay?
I am using 6.0.1 Open Source

On other thing is that Stats service keeps stopping.. i get this message..any ideas why that is happening? I have stop all the service and start them all to fix it. This only started happening when i upgrade to 6.0.1

Thank you,
Shane

Code:

Oct 18 17:23:26 xxx.xxx.xxx.xxx zimbramon[17419]: 17419:err: Service status change: xxx.xxx.xxx.xxx stats changed from running to stopped

Code:

Warnings
--------
  smtpd (total: 1)
         1   70.33.186.10: hostname 70-33-186-10.reliablehostingservices.net...

And if postfix-script warning is something i should worry about?
I check the files and see who they where own by and it look ok to me.. its zimbra or postfix.

Code:

Warnings
--------
  postfix-script (total: 4)
         1   not owned by root: /opt/zimbra/postfix-2.6.2.2z/conf/master.cf
         1   not owned by root: /opt/zimbra/postfix-2.6.2.2z/conf/main.cf
         1   not owned by root: /opt/zimbra/data/postfix/spool
         1   not owned by root: /opt/zimbra/postfix-2.6.2.2z/conf/master.cf.in

Fatal Errors: none

Panics: none

Master daemon messages
----------------------
      1   daemon started -- version 2.6.2, configuration /opt/zimbra/postfix-2.6.2.2z/conf
      1   terminating on signal 15

[uxbod]

Check /var/log/zimbra.log to see whether that hostname attempted to relay through your server.

[asparatu]

this what to log file says...from what it looks like it sent me email if im reading it correctly..

Code:

Oct 16 19:19:04 xxx.xxx.xxx.xxx postfix/smtpd[6738]: warning: 70.33.186.10: hostname 70-33-186-10.reliablehostingservices.net verification failed: Name or service not known
Oct 16 19:19:04 xxx.xxx.xxx.xxx postfix/smtpd[6738]: connect from unknown[70.33.186.10]
Oct 16 19:19:04 xxx.xxx.xxx.xxx postfix/smtpd[6738]: setting up TLS connection from unknown[70.33.186.10]
Oct 16 19:19:04 xxx.xxx.xxx.xxx postfix/smtpd[6738]: Anonymous TLS connection established from unknown[70.33.186.10]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Oct 16 19:19:05 xxx.xxx.xxx.xxx postfix/smtpd[6738]: 1922B1326109: client=unknown[70.33.186.10]
Oct 16 19:19:05 xxx.xxx.xxx.xxx postfix/smtpd[6738]: disconnect from unknown[70.33.186.10]
Oct 16 19:19:xxx.xxx.xxx.xxx amavis[11945]: (11945-01) Checking: OPWKky-E0u+x [70.33.186.10] <hiresco1@superbad.hirescover.net> -> <asparatu@asparatu.com>
Oct 16 19:19:11 xxx.xxx.xxx.xxx amavis[11945]: (11945-01) Passed CLEAN, [70.33.186.10] [70.33.186.10] <hiresco1@superbad.hirescover.net> -> <asparatu@asparatu.com>, Message-ID: <E1Myys5-00055d-RU@superbad.hirescover.net>, mail_id: OPWKky-E0u+x, Hits: 0.986, size: 2887, queued_as: 6CC471326229, 5938 ms
Oct 16 19:22:25 xxx.xxx.xxx.xxx postfix/anvil[6835]: statistics: max connection rate 1/60s for (smtp:70.33.186.10) at Oct 16 19:19:04
Oct 16 19:22:25 xxx.xxx.xxx.xxx postfix/anvil[6835]: statistics: max connection count 1 for (smtp:70.33.186.10) at Oct 16 19:19:04

[ArcaneMagus]

Yes they sent you an email, but their DNS records are configured improperly.

Your mail server did the equivalent of these steps when they connected:
dig +short 10.186.33.70.in-addr.arpa PTR
dig 70-33-186-10.reliablehostingservices.net.

Note how there is no A record for the PTR record for their IP address?

You will see this a lot with misconfigured mail servers, or in this case what looks like a server that was never intended to be a mail server, but has been hacked and is sending out spam

[asparatu]

ok.. thank you..i understand it now.

Can you tell why the other errors happen? with stats stopping and postfix script saying the file are not owned by root?
Thank you
Shane

[ArcaneMagus]

Sorry didn't see that about the stats earlier. That is Bug 40861 - zmstat-allprocs stops running on 6.0 which has been fixed and will be in 6.0.2, due out sometime around 10/26/09 according to Zimbra Product Portal

As for the errors about the files not being owned by root, you should be able to safely ignore that. I got that also on the first daily report after upgrading to 6.0.0, but on subsequent reports it has not appeared.

[hoangkk]

Good new! Thank your for usefull infomation

[zmailcc]

Quote:

Originally Posted by ArcaneMagus

As for the errors about the files not being owned by root, you should be able to safely ignore that. I got that also on the first daily report after upgrading to 6.0.0, but on subsequent reports it has not appeared.

I just upgraded a test system from 5.0.18 to 6.0.5 and am seeing the same "not owned by root" warnings in the zimbra log every time zimbra starts. This happens with my backup script every evening so I see them in the daily email report. I confirmed with a manual stop/start. My experience is that the warnings will continue to appear in the daily report anytime Zimbra starts. Can anyone else confirm this?

Code:

Mar  8 00:34:59 mail postfix/postfix-script[5801]: warning: not owned by root: /opt/zimbra/data/postfix/spool
Mar  8 00:34:59 mail postfix/postfix-script[5808]: warning: not owned by root: /opt/zimbra/postfix-2.6.5.2z/conf/main.cf
Mar  8 00:34:59 mail postfix/postfix-script[5809]: warning: not owned by root: /opt/zimbra/postfix-2.6.5.2z/conf/master.cf
Mar  8 00:34:59 mail postfix/postfix-script[5810]: warning: not owned by root: /opt/zimbra/postfix-2.6.5.2z/conf/master.cf.in

My mission critical Zimbra is still at 5.0.18. I compared the file ownerships between the two versions and they are the same. Based on a quick comparison of the two postfix-script versions it appears that code has been added to the 6.0.x version to test the ownership and report warnings.

My best guess is that the ownership settings do not fit the security configuration recommended for postfix and that the warnings are simply the result of this now being tested. It is probably not critical but I prefer to not see warnings.

Has anyone tried changing the ownerships to address the warning?

[phoenix]

Quote:

Originally Posted by zmailcc

I just upgraded a test system from 5.0.18 to 6.0.5 and am seeing the same "not owned by root" warnings in the zimbra log every time zimbra starts. This happens with my backup script every evening so I see them in the daily email report. I confirmed with a manual stop/start. My experience is that the warnings will continue to appear in the daily report anytime Zimbra starts. Can anyone else confirm this?

That's correct, they will continue to appear.

Quote:

Originally Posted by zmailcc

My best guess is that the ownership settings do not fit the security configuration recommended for postfix and that the warnings are simply the result of this now being tested. It is probably not critical but I prefer to not see warnings.

Has anyone tried changing the ownerships to address the warning?

Those warnings have always appeared in the Zimbra logs and it's required that the ownership stays as it is and you not modify them, Zimbra needs to write to those files.

[zmailcc]

Phoenix,

Thank you for confirming that I can ignore the ownership messages. I plan to upgrade my mission critical system this weekend.