Re: [ossec-list] ossec-maild Error Sending email to 127.0.0.1
Hi Theresa, Please could you explain how did you solve this? Might be an epic fail for you, but it might help others :) Thanks a lot Laura On Tuesday, 22 December 2015 10:53:55 UTC, theresa mic-snare wrote: > > *FACEPALM* > > problem solved.this is too embarrassing :((( > epic fail! > > Am Dienstag, 22. Dezember 2015 10:54:45 UTC+1 schrieb theresa mic-snare: >> >> hmm it looks as so ossec-maild has a problem with my ssmtp >> ssmtp works fine, because it sent me an automated/generated email at 2:43 >> in the morning. >> i've set DEBUGGING=yes in the ssmtp.conf but the logs don't show any more >> info to debug >> >> what surprises me is that on netstat ssmtp isn't showing any open >> connectings. >> to me it looks like it's only opening a connection when it wants to send >> an email, there's no permanent open connection. >> >> here's my ssmtp.conf >> AuthUser=xx...@gmail.com >> AuthPass=x >> FromLineOverride=YES >> mailhub=smtp.gmail.com:587 >> UseSTARTTLS=YES >> TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt >> Debug=YES >> >> and my open connections: >> netstat -tulpen >> Active Internet connections (only servers) >> Proto Recv-Q Send-Q Local Address Foreign Address >> State User Inode PID/Program name >> tcp0 0 0.0.0.0:33060.0.0.0:* >> LISTEN 27 37255941313/mysqld >> tcp0 0 0.0.0.0:22 0.0.0.0:* >> LISTEN 0 11227 1216/sshd >> tcp0 0 :::22 :::* >>LISTEN 0 11232 1216/sshd >> tcp0 0 :::8080 :::* >>LISTEN 0 11642 1550/httpd >> tcp0 0 :::80 :::* >>LISTEN 0 11638 1550/httpd >> udp0 0 0.0.0.0:15140.0.0.0:* >> 0 13181 1926/ossec-remoted >> udp0 0 78.41.116.116:123 0.0.0.0:* >> 0 11350 1256/ntpd >> udp0 0 127.0.0.1:123 0.0.0.0:* >> 0 11346 1256/ntpd >> udp0 0 0.0.0.0:123 0.0.0.0:* >> 0 11339 1256/ntpd >> udp0 0 ::1:123 :::* >>0 11352 1256/ntpd >> udp0 0 fe80::5054:ff:fef6:4b74:123 :::* >>0 11351 1256/ntpd >> udp0 0 :::123 :::* >>0 11340 1256/ntpd >> >> I'm happy to do a TCPdump but at the moment I don't really know what to >> filter for... >> is ossec--maild listening on a specific port or default 25 port for smtp? >> >> thanks, >> theresa >> >> Am Montag, 21. Dezember 2015 14:00:56 UTC+1 schrieb dan (ddpbsd): >>> >>> On Sun, Dec 20, 2015 at 7:50 AM, theresa mic-snare >>> wrote: >>> > Hi everyone, >>> > >>> > today I've noticed a problem with the ossec-maild process. >>> > The ossec.log keeps saying >>> > >>> > ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp >>> server) >>> > >>> > Of course I started troubleshooting the problem and tried to send >>> several >>> > test-emails from the ossec master. >>> > I'm using ssmtp through my google-mail account by the way. >>> > All test mails that I sent arrived immediately, so sending mails >>> through my >>> > MTA seems to work as usual. >>> > >>> > Then I checked the mail log /var/log/maillog-20151220 >>> > which to my surprise has the latest mail entry from yesterday 19:30 >>> > Dec 19 19:30:03 tron sSMTP[3943]: Sent mail for b...@bla.org (221 >>> 2.0.0 >>> > closing connection u126sm11888435wme.3 - gsmtp) uid=48 username=apache >>> > outbytes=1898 >>> > >>> > changed the email address to b...@bla.org for demonstration >>> purposes... >>> > >>> > >>> > at least the two test emails that I just send should appear in this >>> log, >>> > right? >>> > >>> > I know that the root cause to this problem is NOT an ossec >>> problembut >>> > maybe you have an idea what the problem might be? >>> > I've checked the quota settings in my gmail account, (so far only 10% >>> > used...) >>> > I've also checked the disk space on my ossec master, still 21GB left >>> on / >>> > (where also /var is mounted) >>> > >>> > so I doubt it's a quota or diskspace problem. >>> > i've also restarted (stopped and started) ossec, to see if any zombie >>> > processes still allocated the filesystem, and it therefore showed that >>> > plenty of diskspace was available. >>> > but even after the r
Re: [ossec-list] ossec-maild Error Sending email to 127.0.0.1
*FACEPALM* problem solved.this is too embarrassing :((( epic fail! Am Dienstag, 22. Dezember 2015 10:54:45 UTC+1 schrieb theresa mic-snare: > > hmm it looks as so ossec-maild has a problem with my ssmtp > ssmtp works fine, because it sent me an automated/generated email at 2:43 > in the morning. > i've set DEBUGGING=yes in the ssmtp.conf but the logs don't show any more > info to debug > > what surprises me is that on netstat ssmtp isn't showing any open > connectings. > to me it looks like it's only opening a connection when it wants to send > an email, there's no permanent open connection. > > here's my ssmtp.conf > AuthUser=xx...@gmail.com > AuthPass=x > FromLineOverride=YES > mailhub=smtp.gmail.com:587 > UseSTARTTLS=YES > TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt > Debug=YES > > and my open connections: > netstat -tulpen > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address > State User Inode PID/Program name > tcp0 0 0.0.0.0:33060.0.0.0:* > LISTEN 27 37255941313/mysqld > tcp0 0 0.0.0.0:22 0.0.0.0:* > LISTEN 0 11227 1216/sshd > tcp0 0 :::22 :::* >LISTEN 0 11232 1216/sshd > tcp0 0 :::8080 :::* >LISTEN 0 11642 1550/httpd > tcp0 0 :::80 :::* >LISTEN 0 11638 1550/httpd > udp0 0 0.0.0.0:15140.0.0.0:* > 0 13181 1926/ossec-remoted > udp0 0 78.41.116.116:123 0.0.0.0:* > 0 11350 1256/ntpd > udp0 0 127.0.0.1:123 0.0.0.0:* > 0 11346 1256/ntpd > udp0 0 0.0.0.0:123 0.0.0.0:* > 0 11339 1256/ntpd > udp0 0 ::1:123 :::* >0 11352 1256/ntpd > udp0 0 fe80::5054:ff:fef6:4b74:123 :::* >0 11351 1256/ntpd > udp0 0 :::123 :::* >0 11340 1256/ntpd > > I'm happy to do a TCPdump but at the moment I don't really know what to > filter for... > is ossec--maild listening on a specific port or default 25 port for smtp? > > thanks, > theresa > > Am Montag, 21. Dezember 2015 14:00:56 UTC+1 schrieb dan (ddpbsd): >> >> On Sun, Dec 20, 2015 at 7:50 AM, theresa mic-snare >> wrote: >> > Hi everyone, >> > >> > today I've noticed a problem with the ossec-maild process. >> > The ossec.log keeps saying >> > >> > ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp >> server) >> > >> > Of course I started troubleshooting the problem and tried to send >> several >> > test-emails from the ossec master. >> > I'm using ssmtp through my google-mail account by the way. >> > All test mails that I sent arrived immediately, so sending mails >> through my >> > MTA seems to work as usual. >> > >> > Then I checked the mail log /var/log/maillog-20151220 >> > which to my surprise has the latest mail entry from yesterday 19:30 >> > Dec 19 19:30:03 tron sSMTP[3943]: Sent mail for b...@bla.org (221 >> 2.0.0 >> > closing connection u126sm11888435wme.3 - gsmtp) uid=48 username=apache >> > outbytes=1898 >> > >> > changed the email address to b...@bla.org for demonstration >> purposes... >> > >> > >> > at least the two test emails that I just send should appear in this >> log, >> > right? >> > >> > I know that the root cause to this problem is NOT an ossec >> problembut >> > maybe you have an idea what the problem might be? >> > I've checked the quota settings in my gmail account, (so far only 10% >> > used...) >> > I've also checked the disk space on my ossec master, still 21GB left on >> / >> > (where also /var is mounted) >> > >> > so I doubt it's a quota or diskspace problem. >> > i've also restarted (stopped and started) ossec, to see if any zombie >> > processes still allocated the filesystem, and it therefore showed that >> > plenty of diskspace was available. >> > but even after the restart of ossec it still shows that it has plenty >> of >> > diskspace available. >> > >> > any other ideas how I could troubleshoot this problem? >> > >> >> Make sure ssmtp is still listening on 127.0.0.1. >> Use tcpdump or something similar to sniff the traffic between >> ossec-maild and ssmtp. >> Turn on debugging on
Re: [ossec-list] ossec-maild Error Sending email to 127.0.0.1
hmm it looks as so ossec-maild has a problem with my ssmtp ssmtp works fine, because it sent me an automated/generated email at 2:43 in the morning. i've set DEBUGGING=yes in the ssmtp.conf but the logs don't show any more info to debug what surprises me is that on netstat ssmtp isn't showing any open connectings. to me it looks like it's only opening a connection when it wants to send an email, there's no permanent open connection. here's my ssmtp.conf AuthUser=xx...@gmail.com AuthPass=x FromLineOverride=YES mailhub=smtp.gmail.com:587 UseSTARTTLS=YES TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt Debug=YES and my open connections: netstat -tulpen Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN 27 37255941313/mysqld tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 11227 1216/sshd tcp0 0 :::22 :::* LISTEN 0 11232 1216/sshd tcp0 0 :::8080 :::* LISTEN 0 11642 1550/httpd tcp0 0 :::80 :::* LISTEN 0 11638 1550/httpd udp0 0 0.0.0.0:15140.0.0.0:* 0 13181 1926/ossec-remoted udp0 0 78.41.116.116:123 0.0.0.0:* 0 11350 1256/ntpd udp0 0 127.0.0.1:123 0.0.0.0:* 0 11346 1256/ntpd udp0 0 0.0.0.0:123 0.0.0.0:* 0 11339 1256/ntpd udp0 0 ::1:123 :::* 0 11352 1256/ntpd udp0 0 fe80::5054:ff:fef6:4b74:123 :::* 0 11351 1256/ntpd udp0 0 :::123 :::* 0 11340 1256/ntpd I'm happy to do a TCPdump but at the moment I don't really know what to filter for... is ossec--maild listening on a specific port or default 25 port for smtp? thanks, theresa Am Montag, 21. Dezember 2015 14:00:56 UTC+1 schrieb dan (ddpbsd): > > On Sun, Dec 20, 2015 at 7:50 AM, theresa mic-snare > > wrote: > > Hi everyone, > > > > today I've noticed a problem with the ossec-maild process. > > The ossec.log keeps saying > > > > ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server) > > > > Of course I started troubleshooting the problem and tried to send > several > > test-emails from the ossec master. > > I'm using ssmtp through my google-mail account by the way. > > All test mails that I sent arrived immediately, so sending mails through > my > > MTA seems to work as usual. > > > > Then I checked the mail log /var/log/maillog-20151220 > > which to my surprise has the latest mail entry from yesterday 19:30 > > Dec 19 19:30:03 tron sSMTP[3943]: Sent mail for b...@bla.org > (221 2.0.0 > > closing connection u126sm11888435wme.3 - gsmtp) uid=48 username=apache > > outbytes=1898 > > > > changed the email address to b...@bla.org for > demonstration purposes... > > > > > > at least the two test emails that I just send should appear in this log, > > right? > > > > I know that the root cause to this problem is NOT an ossec > problembut > > maybe you have an idea what the problem might be? > > I've checked the quota settings in my gmail account, (so far only 10% > > used...) > > I've also checked the disk space on my ossec master, still 21GB left on > / > > (where also /var is mounted) > > > > so I doubt it's a quota or diskspace problem. > > i've also restarted (stopped and started) ossec, to see if any zombie > > processes still allocated the filesystem, and it therefore showed that > > plenty of diskspace was available. > > but even after the restart of ossec it still shows that it has plenty of > > diskspace available. > > > > any other ideas how I could troubleshoot this problem? > > > > Make sure ssmtp is still listening on 127.0.0.1. > Use tcpdump or something similar to sniff the traffic between > ossec-maild and ssmtp. > Turn on debugging on ssmtp? > > > thanks, > > theresa > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options,
Re: [ossec-list] ossec-maild Error Sending email to 127.0.0.1
On Sun, Dec 20, 2015 at 7:50 AM, theresa mic-snare wrote: > Hi everyone, > > today I've noticed a problem with the ossec-maild process. > The ossec.log keeps saying > > ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server) > > Of course I started troubleshooting the problem and tried to send several > test-emails from the ossec master. > I'm using ssmtp through my google-mail account by the way. > All test mails that I sent arrived immediately, so sending mails through my > MTA seems to work as usual. > > Then I checked the mail log /var/log/maillog-20151220 > which to my surprise has the latest mail entry from yesterday 19:30 > Dec 19 19:30:03 tron sSMTP[3943]: Sent mail for b...@bla.org (221 2.0.0 > closing connection u126sm11888435wme.3 - gsmtp) uid=48 username=apache > outbytes=1898 > > changed the email address to b...@bla.org for demonstration purposes... > > > at least the two test emails that I just send should appear in this log, > right? > > I know that the root cause to this problem is NOT an ossec problembut > maybe you have an idea what the problem might be? > I've checked the quota settings in my gmail account, (so far only 10% > used...) > I've also checked the disk space on my ossec master, still 21GB left on / > (where also /var is mounted) > > so I doubt it's a quota or diskspace problem. > i've also restarted (stopped and started) ossec, to see if any zombie > processes still allocated the filesystem, and it therefore showed that > plenty of diskspace was available. > but even after the restart of ossec it still shows that it has plenty of > diskspace available. > > any other ideas how I could troubleshoot this problem? > Make sure ssmtp is still listening on 127.0.0.1. Use tcpdump or something similar to sniff the traffic between ossec-maild and ssmtp. Turn on debugging on ssmtp? > thanks, > theresa > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] ossec-maild Error Sending email to 127.0.0.1
Hi everyone, today I've noticed a problem with the ossec-maild process. The ossec.log keeps saying ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server) Of course I started troubleshooting the problem and tried to send several test-emails from the ossec master. I'm using ssmtp through my google-mail account by the way. All test mails that I sent arrived immediately, so sending mails through my MTA seems to work as usual. Then I checked the mail log /var/log/maillog-20151220 which to my surprise has the latest mail entry from yesterday 19:30 Dec 19 19:30:03 tron sSMTP[3943]: Sent mail for b...@bla.org (221 2.0.0 closing connection u126sm11888435wme.3 - gsmtp) uid=48 username=apache outbytes=1898 changed the email address to b...@bla.org for demonstration purposes... at least the two test emails that I just send should appear in this log, right? I know that the root cause to this problem is NOT an ossec problembut maybe you have an idea what the problem might be? I've checked the quota settings in my gmail account, (so far only 10% used...) I've also checked the disk space on my ossec master, still 21GB left on / (where also /var is mounted) so I doubt it's a quota or diskspace problem. i've also restarted (stopped and started) ossec, to see if any zombie processes still allocated the filesystem, and it therefore showed that plenty of diskspace was available. but even after the restart of ossec it still shows that it has plenty of diskspace available. any other ideas how I could troubleshoot this problem? thanks, theresa -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.