[solved]Cant recive Email Postfix Service unavailable

[Szer0P]

Hello !

I want your Help to solve my Problem .. i use postfix .. i become always error messeges in the maillog !

When i send email to myself tthrow Contact Form 7 plugin Wordpress i dont get the Email and this is the maillog or from Hotmail i got those Errors:

Aug 9 16:27:55 server dovecot: master: Warning: Killed with signal 15 (by pid=2698 uid=0 code=kill)
Aug 9 16:32:13 server postfix/smtpd[2527]: connect from dub004-omc2s11.hotmail.com[157.55.1.150]
Aug 9 16:32:13 server postfix/smtpd[2527]: warning: connect to Milter service inet:127.0.0.1:8891: Connection refused
Aug 9 16:32:13 server postfix/smtpd[2527]: E4440F40248: client=dub004-omc2s11.hotmail.com[157.55.1.150]
Aug 9 16:32:14 server greylisting filter[2533]: Starting greylisting filter...
Aug 9 16:32:14 server /usr/lib64/plesk-9.0/psa-pc-remote[1087]: handlers_stderr: DEFER
Aug 9 16:32:14 server /usr/lib64/plesk-9.0/psa-pc-remote[1087]: DEFER during call 'grey' handler
Aug 9 16:32:14 server /usr/lib64/plesk-9.0/psa-pc-remote[1087]: Message aborted.
Aug 9 16:32:14 server postfix/smtpd[2527]: E4440F40248: milter-reject: DATA from dub004-omc2s11.hotmail.com[157.55.1.150]: 451 4.7.1 Service unavailable - try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<DUB004-OMC2S11.hotmail.com>
Aug 9 16:32:14 server postfix/smtpd[2527]: disconnect from dub004-omc2s11.hotmail.com[157.55.1.150]



and the DKIM works not always good .. i get this error many times and when i check the mail-tester.com i really got that my dkim signutar is not valid

16:20:55 server opendkim[4008]: OpenDKIM Filter: Unable to create listening socket on conn inet:8891@localhost
Aug 9 16:20:55 server opendkim[4008]: smfi_opensocket() failed
Aug 9 16:20:55 server opendkim[3983]: exited with status 69, restarting
Aug 9 16:20:55 server opendkim[4009]: OpenDKIM Filter: Unable to bind to port inet:8891@localhost: Address already in use
Aug 9 16:20:55 server opendkim[4009]: OpenDKIM Filter: Unable to create listening socket on conn inet:8891@localhost

in main.cf this is what i have added

# OpenDKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters =, inet:127.0.0.1:8891, inet:127.0.0.1:12768
non_smtpd_milters = $smtpd_milters
#, inet:127.0.0.1:8891,

-----------------
PS: after 20 oder 15 Mins i got the Emails from Hotmail but from myserver internal (contact form 7) not at all

Thanks in advance

 

[Szer0P]

Update: i checked the 8891 port

[root@server ~]# netstat -nlp | grep 8891
tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 5400/opendkim
[root@server ~]# ps aux | grep opendkim
opendkim 4829 0.0 0.0 87608 1868 ? Sl 18:03 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid
opendkim 4856 0.0 0.0 67120 972 ? Ss 18:03 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid
opendkim 5400 0.0 0.0 87608 1812 ? Sl 18:03 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid
root 5768 0.0 0.0 103308 840 pts/1 S+ 18:07 0:00 grep opendkim

and tried to send another email from hotmail .. i got this error:


Aug 9 18:10:20 server dovecot: service=imap, user=[email protected], ip=[127.0.0.1]. Disconnected: Logged out rcvd=50, sent=475
Aug 9 18:10:50 server postfix/smtpd[5826]: connect from dub004-omc4s6.hotmail.com[157.55.2.81]
Aug 9 18:11:20 server postfix/smtpd[5833]: connect from bay004-omc1s25.hotmail.com[65.54.190.36]
Aug 9 18:11:20 server postfix/smtpd[5826]: warning: milter inet:127.0.0.1:8891: can't read SMFIC_OPTNEG reply packet header: Connection timed out
Aug 9 18:11:20 server postfix/smtpd[5826]: warning: milter inet:127.0.0.1:8891: read error in initial handshake
Aug 9 18:11:20 server dovecot: imap-login: Login: user=<[email protected]>, method=DIGEST-MD5, rip=127.0.0.1, lip=127.0.0.1, mpid=5838, secured, session=<6lmjHuMcyQB/AAAB>
Aug 9 18:11:20 server dovecot: service=imap, user=[email protected], ip=[127.0.0.1]. Disconnected: Logged out rcvd=50, sent=475
Aug 9 18:11:20 server postfix/smtpd[5826]: C9940F40267: client=dub004-omc4s6.hotmail.com[157.55.2.81]
Aug 9 18:11:20 server greylisting filter[5841]: Starting greylisting filter...
Aug 9 18:11:20 server /usr/lib64/plesk-9.0/psa-pc-remote[1087]: handlers_stderr: DEFER
Aug 9 18:11:20 server /usr/lib64/plesk-9.0/psa-pc-remote[1087]: DEFER during call 'grey' handler
Aug 9 18:11:20 server /usr/lib64/plesk-9.0/psa-pc-remote[1087]: Message aborted.
Aug 9 18:11:20 server postfix/smtpd[5826]: C9940F40267: milter-reject: DATA from dub004-omc4s6.hotmail.com[157.55.2.81]: 451 4.7.1 Service unavailable - try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<DUB004-OMC4S6.hotmail.com>
Aug 9 18:11:21 server postfix/smtpd[5826]: disconnect from dub004-omc4s6.hotmail.com[157.55.2.81]
Aug 9 18:11:25 server dovecot: imap-login: Login: user=<[email protected]>, method=DIGEST-MD5, rip=127.0.0.1, lip=127.0.0.1, mpid=5845, secured, session=<H8bsHuMczAB/AAAB>

 

[UFHH01]

Hi Szer0P,

# OpenDKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters =, inet:127.0.0.1:8891, inet:127.0.0.1:12768
non_smtpd_milters = $smtpd_milters
#, inet:127.0.0.1:8891,

Please change this to:

milter_default_action = accept
milter_protocol = 6
smtpd_milters = , inet:127.0.0.1:12768, inet:127.0.0.1:8891
#non_smtpd_milters = $smtpd_milters

Please restart the services postfix, dovecot, opendkim and pc-remote after your changes:

service postfix restart && service dovecot restart && /etc/init.d/opendkim restart && /etc/init.d/pc-remote restart​

Second, please make sure, that you set the DNS - entries not only over your Plesk Control Panel, but as well on your primary nameserver ( mostly the one from your domain - provider, where you purchased the domain! ).

 

[Szer0P]

Thanks you for your replay
i didt this and the problem with internal messege is now solved ! thanks
but other problemes are not
when i become an email from outside the server i didnt get it and this is again the maillog

Aug 10 13:02:21 server dovecot: service=imap, user=[email protected], ip=[127.0.0.1]. Disconnected: Logged out rcvd=76, sent=495
Aug 10 13:02:48 server postfix/smtpd[3468]: connect from dub004-omc2s30.hotmail.com[157.55.1.169]
Aug 10 13:02:48 server postfix/smtpd[3468]: warning: connect to Milter service inet:127.0.0.1:8891: Connection refused
Aug 10 13:02:49 server postfix/smtpd[3468]: 539E2F4024B: client=dub004-omc2s30.hotmail.com[157.55.1.169]
Aug 10 13:02:49 server greylisting filter[3472]: Starting greylisting filter...
Aug 10 13:02:49 server /usr/lib64/plesk-9.0/psa-pc-remote[1534]: handlers_stderr: DEFER
Aug 10 13:02:49 server /usr/lib64/plesk-9.0/psa-pc-remote[1534]: DEFER during call 'grey' handler
Aug 10 13:02:49 server /usr/lib64/plesk-9.0/psa-pc-remote[1534]: Message aborted.
Aug 10 13:02:49 server postfix/smtpd[3468]: 539E2F4024B: milter-reject: DATA from dub004-omc2s30.hotmail.com[157.55.1.169]: 451 4.7.1 Service unavailable - try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<DUB004-OMC2S30.hotmail.com>
Aug 10 13:02:49 server postfix/smtpd[3468]: disconnect from dub004-omc2s30.hotmail.com[157.55.1.169]


and when the email is enternal from the contact form 7 i got this (but i can get the emails very fast now and without problems):


Aug 10 12:59:02 server plesk sendmail[3222]: handlers_stderr: PASS
Aug 10 12:59:02 server plesk sendmail[3222]: PASS during call 'limit-out' handler
Aug 10 12:59:02 server plesk sendmail[3222]: handlers_stderr: SKIP
Aug 10 12:59:02 server plesk sendmail[3222]: SKIP during call 'check-quota' handler
Aug 10 12:59:02 server postfix/pickup[1637]: BA2F1F4024C: uid=10003 from=<[email protected]>
Aug 10 12:59:02 server postfix/cleanup[3160]: BA2F1F4024C: message-id=<[email protected]>
Aug 10 12:59:02 server postfix/qmgr[1638]: BA2F1F4024C: from=<[email protected]>, size=874, nrcpt=1 (queue active)
Aug 10 12:59:02 server postfix-local[3229]: postfix-local: from=[email protected], to=[email protected], dirname=/var/qmail/mailnames
Aug 10 12:59:02 server dk_check[3230]: DK_STAT_NOSIG: No signature available in message
Aug 10 12:59:02 server postfix-local[3229]: handlers_stderr: PASS
Aug 10 12:59:02 server postfix-local[3229]: PASS during call 'dd52-domainkeys' handler
Aug 10 12:59:02 server dovecot: service=lda, user=[email protected], ip=[]. msgid=<[email protected]>: saved mail to INBOX
Aug 10 12:59:02 server postfix/pipe[3228]: BA2F1F4024C: to=<[email protected]>, relay=plesk_virtual, delay=0.05, delays=0/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via plesk_virtual service)

at the end i testet the dkim is it the same problem and yes i added the dns in the domain cp and befor this probelm when i test the dkim i got that its work fine 10 / 10 but now not more ..
when i test another domains from my server i got that they have dkim valid signuar but my main domin not more

and what else when i test for example [email protected] and [email protected] i got 2 different resullt !! but they are in the same domain .. the dkim ok is valid but for example the
DMARC is not

sorry that i sent more than problem but maby they have the same solution ..

thanks in advance

 

[UFHH01]

Hi Szer0P,

Aug 10 13:02:48 server postfix/smtpd[3468]: warning: connect to Milter service inet:127.0.0.1:8891: Connection refused

Please make sure that opendkim is started and is listening on port 8891 ( check as well your configuration files, please! ).

netstat -nlp | grep :8891
​

If opendkim is not started, then you will always see the described errors in your logs.

at the end i testet the dkim is it the same problem and yes i added the dns in the domain cp and befor this probelm when i test the dkim i got that its work fine 10 / 10 but now not more ..
when i test another domains from my server i got that they have dkim valid signuar but my main domin not more

Sorry, but without the correct domain - name, suggestions will be pretty undefined. We can't check what might be wrong.

and what else when i test for example [email protected] and [email protected] i got 2 different resullt !! but they are in the same domain .. the dkim ok is valid but for example the
DMARC is not

Again... without your correct domain-name, we can only guess.... which is pretty time-investing. If you have a missing DMARC - entry in your DNS, there will always be a false positiv for it.

Example entry:

    _dmarc.YOUR-DOMAIN.COM.    TXT    v=DMARC1; p=none

 

[Szer0P]

Hello UFHH01
Thanks for ur replay

i dont know where is the problem when i tried to enter netstat -nlp | grep :8891
so i got nothing but after restart opendkim service first time i got error but second time it could be succssefully restarted and then i get those
[root@server ~]# netstat -nlp | grep :8891
tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 16561/opendkim

my domain name is palstudenten.com
dkim sector is mail
i added all those dkim and dmarc etc ..

 

[UFHH01]

Hi Szer0P,

first, your server is vulnerable. Please see: https://www.ssllabs.com/ssltest/analyze.html?d=palstudenten.com

To start, you might consider to secure your server with the help of the thread: SSL POODLE / SSLv3 bug ( Forum thread link )


Second, please consider to adjust your SPF - entry:

v=spf1 a mx ptr a:server.palstudenten.com mx:palstudenten.com ip4:79.143.179.239 ~all

"mx:palstudenten.com"

is a double entry, because "v=spf1 a mx" already contains all "A" and "MX" entries, that you set on your nameserver.


As well, you could consider adding the DNS - entry:

_adsp._domainkey.example.com. TXT dkim=unknown
or
_adsp._domainkey.example.com. TXT dkim=all

"unknown" defines, that some mails are signed - some may not..... and "all" defines, that all mails from the domain will be signed.


Consider adding valid PTR records ( if available at your provider ) so that reverse checks fit you mail-server-settings:

79.143.179.239 / 24 PTR palstudenten.com.
79.143.179.239 / 24 PTR server.palstudenten.com.
79.143.179.239 / 24 PTR mail.palstudenten.com.

Third, your DMARC - entry is quite strict and may result in eMail - rejections, if any of your settings fail or softfail. Consider using the suggestion above, please.

Fourth is the recommendation not to use sendmail, when using PHP - forms, because it's a bit tricky, to tell sendmail how it should sign mails with DKIM and/or OpemDKIM. A rather easy solution is to use a contact form with SMTP - login over a dummy eMail - adress like "[email protected]". If you still insist in using sendmail, please google for solutions/suggestions/tutorials.


If you still experience issues, please add eMail - headers from the specific eMails and include as well depending log - entries from your mail.log for further investigations.

 

[Szer0P]

I shouldn't have disabled this ssl 3 shitt ,,, !!! it has my server destroyed (

after Resoterd the Backup the configuration still having problems

Error: New configuration files for the Apache web server were not created due to the errors in configuration templates: nginx: [warn] duplicate value "TLSv1" in /etc/nginx/plesk.conf.d/server.conf:44
nginx: [warn] duplicate value "TLSv1.1" in /etc/nginx/plesk.conf.d/server.conf:44
nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/plesk.conf.d/server.conf:44
nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/nginx/plesk.conf.d/server.conf:45
nginx: configuration file /etc/nginx/nginx.conf test failed. <a target="_blank" href="http://kb.parallels.com/en/products/?id=52&qprod=52">Search in KB</a>

i delteted the files /usr/local/psa/admin/conf/templates/custom/
and then i dont get more errors .. but i dont know what i changed now

what should i do now .. please be kind to me and tell me exactly what i should do, dont send me please another link with 6 sites so i dont know what is the right soultion !! i want to follow step by step ..

sorry for this but please i want to finde a solution i dont want to make a new problems .. i know that was my problem but i really did only what on the other link

 

[UFHH01]

Hi Szer0P,

first of all..... please get yourself a cup of coffee/tea, or what ever may relax yourself a bit.... there is nothing, which can't be reversed.


as you can see in the error log... you have TWO values with "TLSv1.1" and "ssl_ciphers" in your configuration files. but the statement "server.conf" is a bit confusing.... because this will be the mostly not directly in the server.conf, but in the depending *.conf files, located at: "/etc/nginx/conf.d/*".... and unfortunately, this will be the file "zz010_psa_nginx.conf", which contains more links, to the other folders at:

/etc/nginx/plesk.conf.d/webmail.conf;
/etc/nginx/plesk.conf.d/vhosts/*.conf;

But now, please keep in mind, WHAT you changed. If you followed the suggestions in the thread, you changed "nginxWebmailPartial.php" "server/nginxVhosts.php" "domain/nginxDomainVirtualHost.php"

- so please go to that folder and have a look at the *.conf - files there, and try to find double entries in the depending domain files at: "/etc/nginx/plesk.conf.d/vhosts/" and "/etc/nginx/plesk.conf.d/webmail.conf"

... another hint for it : The folder "/etc/nginx/plesk.conf.d/vhosts/" contain symlinks to the domain - config files located as for example at:

/var/www/vhosts/system/example.com/conf/nginx.conf
/var/www/vhosts/system/example.com/conf/httpd.conf​

and either post the depending entries, so others may tell you, what will be correct, or do it on your own, having another look at the single posting:

You might have missed to create the new certificate:

Move to the folder: /etc/nginx/

openssl dhparam -out dhparam.pem 4096

Be aware, that this may take a while to finish!

Afterwards, the correct entries in the nginx - templates ( "nginxWebmailPartial.php" "server/nginxVhosts.php" "domain/nginxDomainVirtualHost.php" , would be:

ssl_session_timeout         5m;
ssl_session_cache shared:SSL:50m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;

Please be sure, to modify the templates in a "custom" directory ( "/opt/psa/admin/conf/templates/custom/" ) , to be sure, that Plesk doesn't touch your modifications.

If you have questions, please ask them directly and please give the forum users a bit time to answer your questions. Because I'm not the only one responding to your thread, be aware that double/tribble postings may confuse others, because they don't know where to start. Please use the "EDIT" - function in your posts, to add some more informations to your last post, so that people know, what the actual post ist and where to start to answer.

 

[Szer0P]

Thanks also can anyone answer me

i made this last night .. but after the problem i deleted this file /usr/local/psa/admin/conf/templates/custom/ and now i made this changes again as it above mentioned

all the three document i changed it to>

<?php if ($OPT['ssl']): ?>
<?php $sslCertificate = $ipAddress->sslCertificate; ?>
<?php   if ($sslCertificate->ce): ?>
    ssl_certificate             <?php echo $sslCertificate->ceFilePath ?>;
    ssl_certificate_key         <?php echo $sslCertificate->ceFilePath ?>;
<?php       if ($sslCertificate->ca): ?>
    ssl_client_certificate      <?php echo $sslCertificate->caFilePath ?>;
<?php       endif ?>
    ssl_session_timeout         5m;
    ssl_session_cache shared:SSL:50m;
<?php if (get_param('disablesslv3')): ?>
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
<?php else: ?>
    ssl_protocols               SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
<?php endif ?>
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNUL$
    ssl_prefer_server_ciphers   on;
    ssl_dhparam /etc/nginx/dhparam.pem;
<?php   endif ?>
<?php endif ?>

and here i can see that the problem is fixed thanks very much

https://www.ssllabs.com/ssltest/analyze.html?d=palstudenten.com

[root@server custom]# openssl s_client -connect palstudenten.com:443 -ssl3
CONNECTED(00000003)
140482596030280:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40
140482596030280:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1439379073
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

returing to my main problem is the MAIL Server

u can see please the test from here http://www.mail-tester.com/web-jU9SYy&reloaded=1
and the header code after sending email to gmail is this

Received: by 10.194.38.3 with SMTP id c3csp304659wjk;
        Wed, 12 Aug 2015 06:47:15 -0700 (PDT)
X-Received: by 10.180.78.98 with SMTP id a2mr47909627wix.50.1439387235827;
        Wed, 12 Aug 2015 06:47:15 -0700 (PDT)
Return-Path: <[email protected]>
Received: from server.palstudenten.com (server.palstudenten.com. [79.143.179.239])
        by mx.google.com with ESMTPS id cm6si10706468wjb.64.2015.08.12.06.47.15
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 12 Aug 2015 06:47:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 79.143.179.239 as permitted sender) client-ip=79.143.179.239;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 79.143.179.239 as permitted sender) [email protected];
       dmarc=pass (p=REJECT dis=NONE) header.from=palstudenten.com
Received: from webmail.palstudenten.com (localhost.localdomain [127.0.0.1])
    by server.palstudenten.com (Postfix) with ESMTPA id 79004F4025A
    for <[email protected]>; Wed, 12 Aug 2015 13:47:15 +0200 (CEST)
DomainKey-Signature: a=rsa-sha1;  q=dns; c=nofws;
  s=default; d=palstudenten.com;
  b=RqtWrrl0R+bXGUSMuKBgWLcNyUIzKaYgv0zU6glnPEJsQjmsqxP8us2uE55/zJz+mKh8iJVusRXpQmSL7Fi+hiIajj1wc1qEfxQkFdv45Cjjn7AoqNmStbj1Vpq84oVuzEU/whpwTrIHvyrs2jHMtfSrZ//zSix5VH+PwdV9ZVI=;
  h=MIME-Version:Date:From:To:Subject:Message-ID:X-Sender:User-Agent:X-PPP-Message-ID:X-PPP-Vhost;
MIME-Version: 1.0
Date: Wed, 12 Aug 2015 13:47:15 +0200
From: [email protected]
To: [email protected]
Subject: (kein Betreff)
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/1.1.2
X-PPP-Message-ID: <[email protected]>
X-PPP-Vhost: palstudenten.com

by sending an email from hotmail to myserver i got also probelms and i get the email after 15 min or so and this is the mail log

Aug 12 13:47:31 server postfix/smtpd[7255]: connect from dub004-omc2s24.hotmail.com[157.55.1.163]
Aug 12 13:47:31 server postfix/smtpd[7255]: warning: connect to Milter service inet:127.0.0.1:8891: Connection refused
Aug 12 13:47:31 server postfix/smtpd[7255]: 46122F4025A: client=dub004-omc2s24.hotmail.com[157.55.1.163]
Aug 12 13:47:31 server greylisting filter[7396]: Starting greylisting filter...
Aug 12 13:47:31 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: handlers_stderr: DEFER
Aug 12 13:47:31 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: DEFER during call 'grey' handler
Aug 12 13:47:31 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: Message aborted.
Aug 12 13:47:31 server postfix/smtpd[7255]: 46122F4025A: milter-reject: DATA from dub004-omc2s24.hotmail.com[157.55.1.163]: 451 4.7.1 Service unavailable - try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<DUB004-OMC2S24.hotmail.com>
Aug 12 13:47:31 server postfix/smtpd[7255]: disconnect from dub004-omc2s24.hotmail.com[157.55.1.163]
Aug 12 13:48:02 server postfix/smtpd[7255]: connect from dub004-omc2s26.hotmail.com[157.55.1.165]
Aug 12 13:48:02 server postfix/smtpd[7255]: warning: connect to Milter service inet:127.0.0.1:8891: Connection refused
Aug 12 13:48:02 server postfix/smtpd[7255]: 91294F4025A: client=dub004-omc2s26.hotmail.com[157.55.1.165]
Aug 12 13:48:02 server greylisting filter[7405]: Starting greylisting filter...
Aug 12 13:48:02 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: handlers_stderr: DEFER
Aug 12 13:48:02 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: DEFER during call 'grey' handler
Aug 12 13:48:02 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: Message aborted.
Aug 12 13:48:02 server postfix/smtpd[7255]: 91294F4025A: milter-reject: DATA from dub004-omc2s26.hotmail.com[157.55.1.165]: 451 4.7.1 Service unavailable - try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<DUB004-OMC2S26.hotmail.com>
Aug 12 13:48:02 server postfix/smtpd[7255]: disconnect from dub004-omc2s26.hotmail.com[157.55.1.165]
Aug 12 13:48:31 server postfix/smtpd[7255]: connect from dub004-omc2s24.hotmail.com[157.55.1.163]
Aug 12 13:48:31 server postfix/smtpd[7255]: warning: connect to Milter service inet:127.0.0.1:8891: Connection refused
Aug 12 13:48:31 server postfix/smtpd[7255]: B7A1EF4025A: client=dub004-omc2s24.hotmail.com[157.55.1.163]
Aug 12 13:48:31 server greylisting filter[7413]: Starting greylisting filter...
Aug 12 13:48:31 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: handlers_stderr: DEFER
Aug 12 13:48:31 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: DEFER during call 'grey' handler
Aug 12 13:48:31 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: Message aborted.
Aug 12 13:48:31 server postfix/smtpd[7255]: B7A1EF4025A: milter-reject: DATA from dub004-omc2s24.hotmail.com[157.55.1.163]: 451 4.7.1 Service unavailable - try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<DUB004-OMC2S24.hotmail.com>
Aug 12 13:48:31 server postfix/smtpd[7255]: disconnect from dub004-omc2s24.hotmail.com[157.55.1.163]
Aug 12 13:56:40 server postfix/smtpd[7600]: warning: connect to Milter service inet:127.0.0.1:8891: Connection refused
Aug 12 13:56:40 server postfix/smtpd[7600]: EAA17F4025A: client=localhost.localdomain[127.0.0.1], sasl_method=DIGEST-MD5, [email protected]
Aug 12 13:56:40 server greylisting filter[7605]: Starting greylisting filter...
Aug 12 13:56:40 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: handlers_stderr: SKIP
Aug 12 13:56:40 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: SKIP during call 'grey' handler
Aug 12 13:56:40 server postfix/cleanup[7604]: EAA17F4025A: message-id=<[email protected]>
Aug 12 13:56:41 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: handlers_stderr: PASS
Aug 12 13:56:41 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: PASS during call 'limit-out' handler
Aug 12 13:56:41 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: handlers_stderr: SKIP
Aug 12 13:56:41 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: SKIP during call 'check-quota' handler
Aug 12 13:56:41 server spf filter[7609]: Starting spf filter...
Aug 12 13:56:41 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: handlers_stderr: SKIP
Aug 12 13:56:41 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: SKIP during call 'spf' handler
Aug 12 13:56:41 server dk_sign[7610]: Auth_ID: [palstudenten.com] Signed: [Yes] Header List: [Yes]
Aug 12 13:56:41 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: handlers_stderr: PASS
Aug 12 13:56:41 server /usr/lib64/plesk-9.0/psa-pc-remote[1581]: PASS during call 'dd51-domainkeys' handler
Aug 12 13:56:41 server postfix/smtpd[7600]: disconnect from localhost.localdomain[127.0.0.1]
Aug 12 13:56:42 server postfix/smtp[7611]: certificate verification failed for mx3.hotmail.com[207.46.8.199]:25: untrusted issuer /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root

thanks in advance

 

[UFHH01]

<?php if ($OPT['ssl']): ?>
<?php $sslCertificate = $ipAddress->sslCertificate; ?>
<?php if ($sslCertificate->ce): ?>
ssl_certificate <?php echo $sslCertificate->ceFilePath ?>;
ssl_certificate_key <?php echo $sslCertificate->ceFilePath ?>;
<?php if ($sslCertificate->ca): ?>
ssl_client_certificate <?php echo $sslCertificate->caFilePath ?>;
<?php endif ?>
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
<?php if (get_param('disablesslv3')): ?>
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
<?php else: ?>
ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
<?php endif ?>
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNUL$
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
<?php endif ?>
<?php endif ?>

Double entry...., please take the "ssl_protocols TLSv1 TLSv1.1 TLSv1.2; " ....but I'm not sure, that you investigated all configuration files, because it states, that there should be as well another double entry for "ssl_ciphers ..." .

Please see again this post:

http://talk.plesk.com/threads/ssl-poodle-sslv3-bug.323338/#post-761018

It states quite clear step-by-step how and what you should do, if you secure your server.

 

[Szer0P]

Hello UFHH01

I did step my step the tech01 on the other post and i found this file as u see above and all the three files are the same .. should i now delete from the three files in
/usr/local/psa/admin/conf/templates/custom/

the line ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ?

in the
/usr/local/psa/admin/conf/templates/default/nginxWebmailPartial.php

<?php if ($OPT['ssl']): ?>
<?php $sslCertificate = $ipAddress->sslCertificate; ?>
<?php   if ($sslCertificate->ce): ?>
    ssl_certificate             <?php echo $sslCertificate->ceFilePath ?>;
    ssl_certificate_key         <?php echo $sslCertificate->ceFilePath ?>;
<?php       if ($sslCertificate->ca): ?>
    ssl_client_certificate      <?php echo $sslCertificate->caFilePath ?>;
<?php       endif ?>
    ssl_session_timeout         5m;

<?php if (get_param('disablesslv3')): ?>
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
<?php else: ?>
    ssl_protocols               SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
<?php endif ?>
    ssl_ciphers                 HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
<?php   endif ?>
<?php endif ?>

i see this .. that what i copied to this file /usr/local/psa/admin/conf/templates/custom/ and there is only double entry for the ssl_protocols .. i saw the other postes and i saw a soultion for the double entry for the ssl_protocols but it has nothings changed
u can see here

[root@server ~]# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e "insert into misc values('disablesslv3', 'true')"
ERROR 1062 (23000) at line 1: Duplicate entry 'disablesslv3' for key 'PRIMARY'
[root@server ~]# /usr/local/psa/admin/bin/httpdmng --reconfigure-all
[root@server ~]# cat /var/www/vhosts/system/*/conf/last_nginx.conf | grep ssl_protocols
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;

i dont know what should i do now to fix this problem ?
thanks

 

[UFHH01]

Hi Szer0P,

once again.... you have TWO TIMES an entry for "ssl_protocols ...", which doesn't work! Please delete the additional second entry from the template(s) AND from the configuration file!

 

[Szer0P]

Hello UFHH01,

Sorry for asking too much, im really sorry for that ..

the thre files
/usr/local/psa/admin/conf/templates/custom/
/usr/local/psa/admin/conf/templates/custom/server/
/usr/local/psa/admin/conf/templates/custom/domain/

i deleted the additional second entry to ;

<?php if ($OPT['ssl']): ?>
<?php $sslCertificate = $ipAddress->sslCertificate; ?>
<?php   if ($sslCertificate->ce): ?>
    ssl_certificate             <?php echo $sslCertificate->ceFilePath ?>;
    ssl_certificate_key         <?php echo $sslCertificate->ceFilePath ?>;
<?php       if ($sslCertificate->ca): ?>
    ssl_client_certificate      <?php echo $sslCertificate->caFilePath ?>;
<?php       endif ?>
    ssl_session_timeout         5m;
    ssl_session_cache shared:SSL:50m;
<?php if (get_param('disablesslv3')): ?>
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
<?php else: ?>

<?php endif ?>
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+$
    ssl_prefer_server_ciphers   on;

Is this right ? im sorry agian
i read that u said that we have not to edit the default files .. so i changend only in the custom files ..

 

[UFHH01]

Hi Szer0P,

well, if your "default" files contain as well double entries, they are not flying into the configuration... there must be a tiny little man, who put it there. Please check as well the default files.

YES! This is just what I was suggesting.


After all, when you are sure, that you deleted the double entries ( again, not only in the template - folders, but as well in the current configuration files! ), please regenerate once again all your webserver configuration files with the command:

/usr/local/psa/admin/bin/httpdmng --reconfigure-all
​

and smile afterwards, because now all should work as expected!

 

[Szer0P]

Good

but what do u mean with not only in the template - folders, but as well in the current configuration files! ?

sorry but i want to be sure that i changed all of this

/usr/local/psa/admin/conf/templates/custom/
/usr/local/psa/admin/conf/templates/custom/server/
/usr/local/psa/admin/conf/templates/custom/domain/
"nginxWebmailPartial.php" "server/nginxVhosts.php" "domain/nginxDomainVirtualHost.php"
I have changed the Three files, this is what do u mean with configuration files ?

when i did all corectily .. so can we return to the dkim email problems ?

 

[UFHH01]

Hi Szer0P,

please consider reading some basic informations about log - files and depending configuration files:

Odin / Parallels Plesk Panel for Linux services logs and configuration files ( KB - article: 111 283 )​

/usr/local/psa/admin/conf/templates/* <= TEMPLATES for your webserver ( used to configure your configuration files )​

Informations from the mentioned KB - article:

Apache

• Logs
  • Global Access and Error logs: /var/log/httpd/
  • Domain logs: /var/www/vhosts/<domain>/logs
• Services
  • Stop: /etc/init.d/httpd stop
  • Start: /etc/init.d/httpd start
  • Restart: /etc/init.d/httpd restart
• Configuration
  • /etc/httpd/conf/httpd.conf
  • /etc/httpd/conf.d/zz010_psa_httpd.conf (includes generated configuration files with the rest of the vhosts and server configuration)
• NOTE: On SuSE, Debian, and Ubuntu, the service is called "apache2". The path to its logs is /var/log/apache2and the path to configs is /etc/apache2.

NGINX

• Logs
  • Error log: /var/log/nginx/error.log
  • Access log: /var/log/nginx/access.log
  • Domain logs: /var/www/vhosts/<domain>/logs/proxy_access*_log
• Services
  • Stop: /etc/init.d/nginx stop
  • Start: /etc/init.d/nginx start
  • Restart: /etc/init.d/nginx restart
  • NOTE: To disable nginx, go to "Tools & Settings > Services Management" and stop nginx from there.
• Configuration
  • /etc/nginx/nginx.conf
  • /etc/nginx/conf.d/zz010_psa_nginx.conf (includes generated configuration files with the rest of the vhosts' and server configuration)

It is really essential, that you know some basics, when you administrate a server, so please bookmark the mentioned KB - article for future issues/problems and questions.

​

 

[Szer0P]

thanks very much .. yes this configuration i know very well but i thought there are another configuration files for the ssl

so i think i solved the problem

thanks alot

can u please tell me how to fix the dkim problem now ?

have a nice day

 

[UFHH01]

Hi Szer0P,

in your previous post you already got the milter working again. As far that I inverstigated, you should only change your strict settings, in order to get DKIM to work. Please report again with ACTUAL log - error - entries to investigate any problems.

 

[Szer0P]

i still having problem with the opendkim !
see the error log i see this for more than 100 times i musst everytime to restart the dkim to solve this problem ..

Aug 13 20:03:51 server opendkim[19353]: smfi_opensocket() failed
Aug 13 20:03:51 server opendkim[19354]: OpenDKIM Filter: Unable to bind to port                   inet:8891@localhost: Address already in use

and another problem when i send an email to my server from hotmail for example i get this error

Aug 13 20:06:15 server postfix/smtpd[19374]: E9D60F4039A: milter-reject: DATA from dub004-omc2s15.hotmail.com[157.55.1.154]: 451 4.7.1 Service unavailable - try  again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo =<DUB004-OMC2S15.hotmail.com>
Aug 13 20:06:16 server postfix/smtpd[19374]: disconnect from dub004-omc2s15.hotmail.com[157.55.1.154]
Aug 13 20:07:03 server dovecot: imap-login: Login: user=<[email protected]>,           method=DIGEST-MD5, rip=127.0.0.1, lip=127.0.0.1, mpid=19427, secured, session=<    luLQMzUd1wB/AAAB>
Aug 13 20:07:15 server postfix/smtpd[19374]: connect from dub004-omc2s15.hotmail.com[157.55.1.154]
Aug 13 20:07:45 server postfix/smtpd[19374]: warning: milter inet:127.0.0.1:8891: can't read SMFIC_OPTNEG reply packet header: Connection timed out
Aug 13 20:07:45 server postfix/smtpd[19374]: warning: milter inet:127.0.0.1:8891 : read error in initial handshake
Aug 13 20:07:45 server postfix/smtpd[19374]: C6EC4F4039A: client=dub004-omc2s15.hotmail.com[157.55.1.154]
Aug 13 20:07:45 server greylisting filter[19429]: Starting greylisting filter...
Aug 13 20:07:45 server /usr/lib64/plesk-9.0/psa-pc-remote[1110]: handlers_stderr: DEFER
Aug 13 20:07:45 server /usr/lib64/plesk-9.0/psa-pc-remote[1110]: DEFER during call 'grey' handler
Aug 13 20:07:45 server /usr/lib64/plesk-9.0/psa-pc-remote[1110]: Message aborted                                                                                        .
Aug 13 20:07:45 server postfix/smtpd[19374]: C6EC4F4039A: milter-reject: DATA from dub004-omc2s15.hotmail.com[157.55.1.154]: 451 4.7.1 Service unavailable - tryagain later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<DUB004-OMC2S15.hotmail.com>

ps. i got the email from hotmail after 10 to 15 mins ..

this is the opendkim setting in the main.cf file:

# OpenDKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters = , inet:127.0.0.1:12768, inet:127.0.0.1:8891
#non_smtpd_milters = $smtpd_milters

the dns setting for my domain is:

default._domainkey.palstudenten.com    86400    TXT    0    p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCk/wlf1gQcgVEVCup82CNgQ4TnmGgddhtMDVs81PvlyZOdilNEuVrfg2Fk1eyzTgk9uH3hVSLQNnYuEldIIJlmvHfESgKZwFJveMZZo/u5UZt+nrf+5UheXaL/K+aACt0ponDS5HWlYa3uOUbR0Zuh05YHzLMWHGxVRhMZ3f1pXwIDAQAB;  
     mail._domainkey.palstudenten.com    86400    TXT    0    v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNwgLmGYckK4G+3zFCe8bKBJ2Af4kChbWWWqiUA2qT5hrRzcrSol8dC98T6Tn3KI0YYmC5n38YMqa8K2v8p0LA/NTVSGh5DHmX9P1YRn/x2bxdBk1YE2y5c+TbFvlhe96w3kxNyWupCLiVhBDM8+R4n9UBF2+Fr9wfU390ADBjYwIDAQAB   
     palstudenten.com    86400    TXT    0    v=spf1 a mx ptr a:server.palstudenten.com ip4:79.143.179.239 ~all 
     _adsp._domainkey.palstudenten.com    86400    TXT    0    dkim=unknown   
     _dmarc.palstudenten.com    86400    TXT    0    v=DMARC1; pct=100; ruf=mailto:[email protected]; rua=mailto:[email protected]; p=reject    delete record
     _domainkey.palstudenten.com    86400    TXT    0    o=-

as u can see the result from mail tester display that my dkim Signatur is not valid !
u can see the result here http://www.mail-tester.com/web-FTWAzE

Thanks alot