DNS / Bind Problem....

peter_robb · 01-11-2006, 06:52 AM

The serial number is the most important bit in the zone file.
It tells a client that downloads the zone that the data is current or not.

If the last time a client looked at the zone and got a serial number 2005030601 and then looked at it again 3 days later and got the same serial number, it says the file hasn't changed and uses it's old cached data.

Each time you alter the zone file, increment the last 2 digits by one and then restart/reload bind. If the date changes, use the current date and 01 for the first change of that day, eg 2006011101 for today.

I suppose I need glasses! The logfile says authdaemond is looking for the pam file, and authdaemond belongs to Courier.. Check pam is installed correctly, reinstall if necessary. Courier may be looking for a different version of libauthpam.so (which is just a link to the correct version). Did you build courier-imap or was it from a package?

<edit> Why is Courier using pam for authentication when you have mysql?

Sapient · 01-11-2006, 07:00 AM

Quote:

Originally Posted by peter_robb

The serial number is the most important bit in the zone file.
It tells a client that downloads the zone that the data is current or not.

If the last time a client looked at the zone and got a serial number 2005030601 and then looked at it again 3 days later and got the same serial number, it says the file hasn't changed and uses it's old cached data.

Each time you alter the zone file, increment the last 2 digits by one and then restart/reload bind. If the date changes, use the current date and 01 for the first change of that day, eg 2006011101 for today.

I suppose I need glasses! The logfile says authdaemond is looking for the pam file, and authdaemond belongs to Courier.. Check pam is installed correctly, reinstall if necessary. Courier may be looking for a different version of libauthpam.so (which is just a link to the correct version). Did you build courier-imap or was it from a package?

Thanks Peter,
I downloaded and installed: This entire configuration is based on http://genco.gen.tc/postfix_virtual.php

cd /usr/local
wget -c http://easynews.dl.sourceforge.net/s...-4.0.2.tar.bz2
tar jxf courier-imap-4.0.2.tar.bz2
cd courier-imap-4.0.2
./configure --enable-workarounds-for-imap-client-bugs \
--with-authchangepwdir --enable-unicode --with-trashquota
make
make install
make install-configure

Sapient · 01-11-2006, 07:06 AM

I went in and changed the serial number on both of the zone files.

"0.0.10.in-addr.arpa.zone"

$TTL 3D
@ IN SOA hingedmind.com. postmaster.hingedmind.com. (
2006011101 ; serial
1D ; refresh
2H ; retry
1W ; expiry
2D ) ; minimum

IN NS mind.hingedmind.com.
1 IN PTR mind.hingedmind.com.

and

"hingedmind.com.zone"

I have been modifying this like no tomorrow...

$TTL 3D
@ IN SOA hingedmind.com. postmaster.hingedmind.com. (
2006011101 ; serial
7200 ; refresh
7200 ; retry
604800 ; expire
86400 ) ; minimum

IN NS mind
IN MX 5 mind

mind IN A 10.0.0.10
hingedmind.com. IN A 10.0.0.10
mail.hingedmind.com. IN A 10.0.0.10
www.hingedmind.com. IN A 10.0.0.10
hingedmind.com. IN MX 5 mail.hingedmind.com.
webmail.hingedmind.com. IN A 10.0.0.10
securewebmail.hingedmind.com. IN A 10.0.0.11

www IN CNAME mind
ftp IN CNAME mind

Sapient · 01-12-2006, 06:31 AM

This is how it was configured... Doesn't this disable pam? --without-pam \

I looked in etc/pam.d and there are no sasl files.

export CPPFLAGS="-I/usr/local/mysql/include/mysql"
./configure \
--enable-anon \
--enable-plain \
--enable-login \
--enable-sql \
--disable-krb4 \
--disable-otp \
--disable-cram \
--disable-digest \
--with-mysql=/usr/local/mysql/lib/mysql \
--without-pam \
--without-saslauthd \
--without-pwcheck \
--with-dblib=berkeley \
--with-bdb-libdir=/usr/local/bdb/lib \
--with-bdb-incdir=/usr/local/bdb/include \
--with-openssl=/usr/local/ssl \
--with-plugindir=/usr/local/lib/sasl2
make
make install
ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
echo "/usr/local/lib/" >> /etc/ld.so.conf
ldconfig

peter_robb · 01-12-2006, 06:50 AM

After looking at the instructions you were following, it describes using mysql as the database, which means pam isn't required.

So courier-authlib needs to be
$cd courier-authlib-0.55
$./configure \
--with-mysql-libs=/usr/local/mysql/lib/mysql\
--with-mysql-includes=/usr/local/mysql/include/mysql/ \
--with-authmysql --with-authmysql=yes

and courier-imap needs authmodulelist="authmysql authpam" in authdaemonrc
This will then choose pam if mysql isn't available.

I also put you wrong about the dns setup. Must have put too much sugar in my tea, sorry..
The SOA line in the zone file does have the hostname of the server..
And named.conf only has the domain name in the zone name..

How many changes from the installation guide did you need to make? (File locations etc..)

Sapient · 01-12-2006, 07:12 AM

Quote:

Originally Posted by peter_robb

After looking at the instructions you were following, it describes using mysql as the database, which means pam isn't required.

So courier-authlib needs to be
$cd courier-authlib-0.55
$./configure \
--with-mysql-libs=/usr/local/mysql/lib/mysql\
--with-mysql-includes=/usr/local/mysql/include/mysql/ \
--with-authmysql --with-authmysql=yes

and courier-imap needs authmodulelist="authmysql authpam" in authdaemonrc
This will then choose pam if mysql isn't available.

I also put you wrong about the dns setup. Must have put too much sugar in my tea, sorry..
The SOA line in the zone file does have the hostname of the server..
And named.conf only has the domain name in the zone name..

How many changes from the installation guide did you need to make? (File locations etc..)

My gut is telling me DNS is the issue.

I have made a few changes as outlined below. Loaded Courier, postfix manually and followed it to the "T", which it appars to be fine. There were some location changes because I run SuSE. I had mysql, php4, apache, cyrus, berkeley, and openssl already loaded.

I have modified and dns zone files and... opened a forward for port 25 on my router. Which made a difference....

This is very different from the mail log...

an 12 04:58:57 mind postfix/smtpd[24556]: connect from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]
Jan 12 04:58:57 mind postfix/smtpd[24556]: lost connection after CONNECT from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]
Jan 12 04:58:57 mind postfix/smtpd[24556]: disconnect from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]
Jan 12 05:02:17 mind postfix/anvil[24693]: statistics: max connection rate 3/60s for (smtp:24.176.227.138) at Jan 12 04:58:57
Jan 12 05:02:17 mind postfix/anvil[24693]: statistics: max connection count 1 for (smtp:24.176.227.138) at Jan 12 04:58:36
Jan 12 05:02:17 mind postfix/anvil[24693]: statistics: max cache size 1 at Jan 12 04:58:36

Perhaps trying to simplify toooo much?

hingedmind.com.zone

$TTL 3D
@ IN SOA mind.hingedmind.com. postmaster.hingedmind.com. (
2006011203 ; serial
7200 ; refresh
7200 ; retry
604800 ; expire
86400 ) ; minimum

IN NS mind
IN MX 5 mail.hingedmind.com

localhost. IN A 127.0.0.1
mind. IN A 10.0.0.10
mail IN A 10.0.0.10

0.0.10.in-addr.arpa.zone

$TTL 3D
@ IN SOA mind.hingedmind.com. postmaster.hingedmind.com. (
2006011205 ; serial
1D ; refresh
2H ; retry
1W ; expiry
2D ) ; minimum
IN NS hingedmind.com.
1 IN PTR hingedmind.com.

Sapient · 01-12-2006, 07:16 AM

What is driving me crazy (short trip) is that I do not see an mx record no matter what I do to the zone files...

Oh... and I added a forward to the named.conf file. My dns provider ips...

forwarders { 24.205.224.35; 66.214.48.27; };
forward first;

mind:~ # dig any hingedmind.com

; <<>> DiG 9.2.3 <<>> any hingedmind.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53130
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;hingedmind.com. IN ANY

;; ANSWER SECTION:
hingedmind.com. 2205 IN A 24.176.227.138
hingedmind.com. 2234 IN NS NS57.WORLDNIC.com.
hingedmind.com. 2234 IN NS NS58.WORLDNIC.com.

;; AUTHORITY SECTION:
hingedmind.com. 2234 IN NS NS57.WORLDNIC.com.
hingedmind.com. 2234 IN NS NS58.WORLDNIC.com.

;; Query time: 30 msec
;; SERVER: 24.205.224.35#53(24.205.224.35)
;; WHEN: Thu Jan 12 05:11:58 2006
;; MSG SIZE rcvd: 123

peter_robb · 01-12-2006, 07:35 AM

It's now refusing email addresses.
It rejects postmaster@ and root@ so I suspect the connection to mysql needs checking.

RCPT TO:<postmaster@hingedmind.com>
550 <postmaster@hingedmind.com>: Recipient address rejected: User unknown in vir tual mailbox table
RCPT TO:<root@hingedmind.com>
550 <root@hingedmind.com>: Recipient address rejected: User unknown in virtual m ailbox table

peter_robb · 01-12-2006, 07:37 AM

For the mx record, do
dig -t mx hingedmind.com

Sapient · 01-12-2006, 08:04 AM

I checked mysql, it is running.... hmmmmm

mind:~ # dig -t mx hingedmind.com

; <<>> DiG 9.2.3 <<>> -t mx hingedmind.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53195
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;hingedmind.com. IN MX

;; AUTHORITY SECTION:
hingedmind.com. 7200 IN SOA NS57.WORLDNIC.com. namehost.WORLDNIC.com. 2006010200 10800 3600 604800 7200

;; Query time: 98 msec
;; SERVER: 24.205.224.35#53(24.205.224.35)
;; WHEN: Thu Jan 12 06:01:55 2006
;; MSG SIZE rcvd: 91

Sapient · 01-12-2006, 08:40 AM

ohhhh

Yes, they have not been configured. I sent an email out as root and root does not have a mailbox, etc... Not sure why postmaster got involved unless the SOA record has something to do with it. I will just change the SOA to read a defined user mail box.

Sapient · 01-12-2006, 08:44 AM

This looks better...?

ehlo localhost

250-mail.hingedmind.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME

Sapient · 01-12-2006, 09:20 AM

In the client (KMail) I setup for smtp and set the username and password. I get a failur for authentication. Double checked my database and everything is correct.

Jan 12 07:15:24 mind postfix/smtpd[11831]: connect from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]
Jan 12 07:15:24 mind postfix/smtpd[11831]: warning: SASL authentication failure: Password verification failed
Jan 12 07:15:24 mind postfix/smtpd[11831]: warning: 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]: SASL PLAIN authentication failed
Jan 12 07:15:24 mind postfix/smtpd[11831]: lost connection after AUTH from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]
Jan 12 07:15:24 mind postfix/smtpd[11831]: disconnect from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]
Jan 12 07:16:29 mind postfix/smtpd[11831]: connect from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]
Jan 12 07:16:29 mind postfix/smtpd[11831]: disconnect from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]
Jan 12 07:16:44 mind postfix/smtpd[11831]: connect from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]
Jan 12 07:16:44 mind postfix/smtpd[11831]: warning: SASL authentication failure: Password verification failed
Jan 12 07:16:44 mind postfix/smtpd[11831]: warning: 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]: SASL PLAIN authentication failed
Jan 12 07:16:44 mind postfix/smtpd[11831]: lost connection after AUTH from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]
Jan 12 07:16:44 mind postfix/smtpd[11831]: disconnect from 24-176-227-138.static.snlo.ca.charter.com[24.176.227.138]

Sapient · 01-12-2006, 09:35 AM

Do these look correct?

$TTL 3D
@ IN SOA mind.hingedmind.com. sapient.hingedmind.com. (
2006011209 ; serial
1D ; refresh
2H ; retry
1W ; expiry
2D ) ; minimum
IN NS mind.hingedmind.com.

1 IN PTR gw.hingedmind.com.
2 IN PTR mind.hingedmind.com.
3 IN PTR mail.hingedmind.com.
4 IN PTR ftp.hingedmind.com.

$TTL 3D
@ IN SOA mind.hingedmind.com. sapient.hingedmind.com. (
2006011211 ; serial
7200 ; refresh
7200 ; retry
604800 ; expire
86400 ) ; minimum

IN NS mind
IN MX 10 mail.hingedmind.com.

localhost IN A 127.0.0.1
gw IN A 10.0.0.1
TXT "The router"
mind IN A 10.0.0.10
IN MX 10 mail.hingedmind.com.
www CNAME mind
mail IN A 10.0.0.10
IN MX 10 mail.hingedmind.com.
ftp IN A 10.0.0.10
IN MX 10 mail.hingedmind.com.

Darin · 01-12-2006, 01:13 PM

When all else fails, K.I.S.S.

And FYI these messages from your logfile:
"Jan 9 02:49:21 mind named[29928]: client 127.0.0.1#3527: query: wmail.ccsi.com IN AAAA"

mean that the DNS server (named) is trying to look up an IPv6 address (AAAA record) for wmail.ccsi.com, any reason you can think of why?

localhost.conf for zone "localhost"

Code:

$TTL    1W
@       SOA     localhost.      sapient.localhost. (
                        9       ; serial
                        2D      ; refresh
                        2H      ; retry
                        6W      ; expiry
                        1W )    ; minimum

        NS      @
        A       127.0.0.1

127.conf for zone "0.0.127.in-addr.arpa"

Code:

$TTL 1W
@       SOA     localhost.      sapient.localhost. (
                        9       ; Serial
                        2D      ; Refresh
                        2H      ; Retry
                        6W      ; Expire
                        1W)     ; Minimum TTL

        NS      localhost.
1       PTR     localhost.

hingedmind.conf for zone "hingedmind.com"

Code:

$TTL 3D
@   SOA   hingedmind.com  sapient.hingedmind.com. (
	2006011215 ; serial
	7200 ; refresh
	7200 ; retry
	604800 ; expire
	86400 ) ; minimum

	NS mind
	A 10.0.0.10
	MX 10 mail

mail  CNAME  hingedmind.com.
mind  CNAME  hingedmind.com.
www   CNAME  hingedmind.com.
ftp   CNAME  hingedmind.com.

10.conf for zone "0.0.10.in-addr.arpa"

Code:

$TTL 3D
@   SOA   hingedmind.com  sapient.hingedmind.com. (
	2006011215 ; serial
	7200 ; refresh
	7200 ; retry
	604800 ; expire
	86400 ) ; minimum

  NS mind.hingedmind.com.
10 PTR mail.hingedmind.com.

edit - fixed incorrect conf to com