At 01:52 AM 1/3/2004 -0500, Gene Smith wrote: [old stuff deleted]
Thanks for the info. Yes, I am NAT'ing behind the f/w.
I was sort of able to get qmail working but it uses a lot more of my ramdisk (only have 32Meg Ram) than I hoped.
Numbers would make this easier to comment on. Since mail gets queued at least briefly before sending, qmail will certainly use some RAMdisk ... possibly a lot if you handle a lot of outgoing mail or if connectivity to the ISP's smarthost is at all erratic.
Also, it seems to fill up my log file partition which evenutally gets full and renders the LEAF box unusable (must reboot with constant diskfull message on console).
qmail fIlls the logs with what sorts of messages?
Qmail logs are under /var/log. Here is an example of the content of the type of message I see going into /var/log/qmail/qmail/current log file:
@400000003ff629330ed0dab4 new msg 16632
@400000003ff629330ed14044 info msg 16632: bytes 450 from <[EMAIL PROTECTED]> qp
14447 uid 0
@400000003ff629330ed1c8fc starting delivery 10: msg 16632 to remote [EMAIL PROTECTED]@400000003ff629330ed23a44 status: local 0/10 remote 1/20
@400000003ff6293426e7d0e4 delivery 10: success: 209.225.8.77_accepted_message./Remote_host_said:_250_2.0.0_i037VFAe032279_Message_accepted_for_delivery/
@400000003ff6293426f12b6c status: local 0/10 remote 0/20
@400000003ff6293426fc9d1c end msg 16632
These occur every few minutes but since I don't see a timestamp I am not sure of the exact rate. If I send a real message w/mozilla (eg, to you) I see it is logged to this file, also accepted by 209.255.8.77 (my isp).
Here is the current df:
[...]
However, every few minutes I see in /var/log/qmail/qmail that a internal message from [EMAIL PROTECTED] is send to [EMAIL PROTECTED] . It is a local message that is being sent
to the isp smarthost and is accepted. (Never changed the default
domain names since I don't really have one.) However, it appears
that mydomain.com resolves to a real ip address and it appears that
qmail is attempted to connect to its port 25 but for some reason
shorewall is rejecting the connection attempt even though I allow
connections from the f/w to remote port 25. (There is a lot I
don't understand about this!)
Way too many uses of "it appears that" in this report. Provide examples of whatever you are seeing that causes you to make these judgments.
Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 6144 5196 948 85% / tmpfs 15256 16 15240 0% /tmp tmpfs 2048 1056 992 52% /var/log
Eventually (maybe after 12-14 hours) /var/log went to 100% and at least one user unable to access web or their email via pop3 until I rebooted LEAF box.
Here is the reject messages I see often in /var/log/syslog:
Jan 2 23:23:07 firewall kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=66.168.89.166 DST=209.225.8.77 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12320 PROTO=TCP SPT=2953 DPT=25 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0
Jan 2 21:30:01 firewall kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=66.168.89.166 DST=216.34.94.184 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30768 PROTO=TCP SPT=1590 DPT=25 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0
SRC=66.168.89.l66 is my LEAF box internet interface. The DST=209.255.8.77 is my ISP's smtp server (smarthost) and DST=216.34.94.184 is mydomain.com in the 2nd example. Destination port is 25 in both cases.
Here is my shorewall rule that I think allows a connection to any port 25 on the internet from the f/w:
ACCEPT fw net tcp smtp
With this rule, why would connection attempt to my ISP be rejected by f/w? Yet I am sure a connection does occur since I can use qmail as my smtp server in mozilla to send mail (at least until the /var/log goes to 100%).
Yes, "mydomain.com" is a registered domain; here it resolves to 216.34.94.184 . It's also used a lot as a dummy, "example" name, something I hoped the registrant realized before choosing it. But neither mydomain.com nor mail.mydomain.com responds on port 25.
If these messages -- you might look at one and tell us what is in them -- are not going through, they could be what is filling up your RAMdisk. It sounds like some process -- a cron job, say -- using mail as STDOUT or STDERR and, if so, the thing to fix is the cron job, not qmail itself.
I tried disconnecting the internet interface cable so any email would be queued, but was unable to determine where the messages are queued in the filesystem. I have not explictly added any crons to the default LEAF but I will check again tomorrow.
Modified /etc/init.d/qmail to not start the pop3d which I definitely don't need. That gets rid of a lot of processes. However, still seem to need qmail and smtpd started it appears.
Yeah, you need this because qmail needs to listen on port 25 to get mail from the LAN.
Thanks for your interest. Sorry to provide somewhat sketchy info.
-gene
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
