lo is down

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

lo is down

Szépe Viktor

Good evening!

I am investigating a strange monitoring phenomenon.
localhost (lo interface) is monitored on port 25 with a program called Monit.
Monit generates a very small SMTP communication.
Usually it is OK.

When the Internet-facing interface (eth0) is down - for some reason  
but not DHCP - the test fails.

Of course couriertcpd binds on 127.0.0.1 only as "ADDRESS=127.0.0.1"

Could it be that Courier unbinds from localhost when eth0 is down?
Thanks.



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  [hidden email]  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Lindsay Haisley-3
On Wed, 2016-12-28 at 20:02 +0100, SZÉPE Viktor wrote:

> Good evening!
>
> I am investigating a strange monitoring phenomenon.
> localhost (lo interface) is monitored on port 25 with a program
> called Monit.
> Monit generates a very small SMTP communication.
> Usually it is OK.
>
> When the Internet-facing interface (eth0) is down - for some reason  
> but not DHCP - the test fails.
>
> Of course couriertcpd binds on 127.0.0.1 only as "ADDRESS=127.0.0.1"
>
> Could it be that Courier unbinds from localhost when eth0 is down?
> Thanks.

I also use Monit, although not to monitor the status of lo. I would
look, for the source of this phenomenon, to the configuration stanza in
/etc/monit/monitrc (or one of the config subfolders of /etc/monit).

--
Lindsay Haisley       | "UNIX is user-friendly, it just
FMP Computer Services |       chooses its friends."
512-259-1190          |          -- Andreas Bogk
http://www.fmp.com    |


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Sam Varshavchik
In reply to this post by Szépe Viktor
SZÉPE Viktor writes:

>
> Good evening!
>
> I am investigating a strange monitoring phenomenon.
> localhost (lo interface) is monitored on port 25 with a program called Monit.
> Monit generates a very small SMTP communication.
> Usually it is OK.
>
> When the Internet-facing interface (eth0) is down - for some reason
> but not DHCP - the test fails.
>
> Of course couriertcpd binds on 127.0.0.1 only as "ADDRESS=127.0.0.1"
>
> Could it be that Courier unbinds from localhost when eth0 is down?
Nope.

Sounds like either your entry in /etc/hosts for localhost refers to your  
public IP address, or your monitoring program is set up to monitor your  
public IP address.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

attachment0 (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Szépe Viktor
In reply to this post by Lindsay Haisley-3
Here it is.

    #  
https://bitbucket.org/tildeslash/monit/issue/112/smtp-error#comment-14395650
    #if failed host localhost port 25 type tcp protocol smtp retry 2  
times then restart
    if failed host localhost port 25 type tcp protocol smtp for 2  
cycles then restart

Full config:
https://github.com/szepeviktor/debian-server-tools/blob/master/monitoring/monit/services/courier-mta#L5-L7

Once I was even starting a shell script when Monit told me that  
Courier is not responding on 127.0.0.1:25
That included tcpdump, netstat etc. Revealed *nothing*

I appreciate your help and advise.



Idézem/Quoting Lindsay Haisley <[hidden email]>:

> On Wed, 2016-12-28 at 20:02 +0100, SZÉPE Viktor wrote:
>> Good evening!
>>
>> I am investigating a strange monitoring phenomenon.
>> localhost (lo interface) is monitored on port 25 with a program
>> called Monit.
>> Monit generates a very small SMTP communication.
>> Usually it is OK.
>>
>> When the Internet-facing interface (eth0) is down - for some reason  
>> but not DHCP - the test fails.
>>
>> Of course couriertcpd binds on 127.0.0.1 only as "ADDRESS=127.0.0.1"
>>
>> Could it be that Courier unbinds from localhost when eth0 is down?
>> Thanks.
>
> I also use Monit, although not to monitor the status of lo. I would
> look, for the source of this phenomenon, to the configuration stanza in
> /etc/monit/monitrc (or one of the config subfolders of /etc/monit).
>
> --
> Lindsay Haisley       | "UNIX is user-friendly, it just
> FMP Computer Services |       chooses its friends."
> 512-259-1190          |          -- Andreas Bogk
> http://www.fmp.com    |
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> courier-users mailing list
> [hidden email]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  [hidden email]  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Szépe Viktor
In reply to this post by Sam Varshavchik
Thank you for your answer.

This is my Debian-way hosts file

127.0.0.1 localhost
127.0.1.1 localhost
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# Original PTR=$(host "$IP" || true)
${IP} ${H} ${H%%.*}

https://github.com/szepeviktor/debian-server-tools/blob/master/debian-setup/hostname#L22-L33



Idézem/Quoting Sam Varshavchik <[hidden email]>:

> SZÉPE Viktor writes:
>
>>
>> Good evening!
>>
>> I am investigating a strange monitoring phenomenon.
>> localhost (lo interface) is monitored on port 25 with a program  
>> called Monit.
>> Monit generates a very small SMTP communication.
>> Usually it is OK.
>>
>> When the Internet-facing interface (eth0) is down - for some reason
>> but not DHCP - the test fails.
>>
>> Of course couriertcpd binds on 127.0.0.1 only as "ADDRESS=127.0.0.1"
>>
>> Could it be that Courier unbinds from localhost when eth0 is down?
>
> Nope.
>
> Sounds like either your entry in /etc/hosts for localhost refers to  
> your public IP address, or your monitoring program is set up to  
> monitor your public IP address.



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  [hidden email]  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Gordon Messmer-2
In reply to this post by Szépe Viktor
On 12/28/2016 11:02 AM, SZÉPE Viktor wrote:
> Could it be that Courier unbinds from localhost when eth0 is down?


If Monit is testing SMTP on localhost, there are a bunch of possible
causes of failure.  The most likely, I would think, is that DNS is not
available so one of the SMTP commands issued by Monit fails.

Check the mail logs for errors at the time the test fails. You're likely
to find the answer there.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Szépe Viktor
Thank you Gordon!

After a quick tcpdump.
Monit sends:

EHLO localhost
QUIT



Idézem/Quoting Gordon Messmer <[hidden email]>:

> On 12/28/2016 11:02 AM, SZÉPE Viktor wrote:
>> Could it be that Courier unbinds from localhost when eth0 is down?
>
>
> If Monit is testing SMTP on localhost, there are a bunch of possible
> causes of failure.  The most likely, I would think, is that DNS is not
> available so one of the SMTP commands issued by Monit fails.
>
> Check the mail logs for errors at the time the test fails. You're likely
> to find the answer there.
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> courier-users mailing list
> [hidden email]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  [hidden email]  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Lindsay Haisley-3
On Wed, 2016-12-28 at 22:38 +0100, SZÉPE Viktor wrote:
> Thank you Gordon!
>
> After a quick tcpdump.
> Monit sends:
>
> EHLO localhost
> QUIT

The following lines, or something very like them, should always be in
/etc/hosts:

127.0.0.1 localhost ip4-localhost
::1      ip6-localhost ip6-loopback localhost

This generally removes any dependency on DNS for resolving "localhost".


> Idézem/Quoting Gordon Messmer <[hidden email]>:
>
> >
> > On 12/28/2016 11:02 AM, SZÉPE Viktor wrote:
> > >
> > > Could it be that Courier unbinds from localhost when eth0 is
> > > down?
> >
> > If Monit is testing SMTP on localhost, there are a bunch of
> > possible
> > causes of failure.  The most likely, I would think, is that DNS is
> > not
> > available so one of the SMTP commands issued by Monit fails.
> >
> > Check the mail logs for errors at the time the test fails. You're
> > likely
> > to find the answer there.
> >
> >
> > -----------------------------------------------------------------
> > -------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > courier-users mailing list
> > [hidden email]
> > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-u
> > sers
>
>
> SZÉPE Viktor
> https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
Lindsay Haisley       | "UNIX is user-friendly, it just
FMP Computer Services |       chooses its friends."
512-259-1190          |          -- Andreas Bogk
http://www.fmp.com    |


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Gordon Messmer-2
In reply to this post by Szépe Viktor
On 12/28/2016 01:38 PM, SZÉPE Viktor wrote:
> Thank you Gordon!
>
> After a quick tcpdump.
> Monit sends:
>
> EHLO localhost
> QUIT

What is the value for TCPDOPTS in /etc/courier/esmtpd?  That test should
work if you have -nodnslookup set (though I don't recommend that).  If
it's not set, as in the default case, then couriertcpd will spend a very
long time trying to look up the hostname of the connecting host in DNS,
and Monit will timeout.

Courier won't be able to do much without an internet connection. You can
probably get it to accept local messages by providing a DNS server on
the host running Courier, but any mail submitted bound for domains that
aren't available in that DNS server is likely to be permanently lost, so
I'm not sure I'd recommend any changes.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Gordon Messmer-2
In reply to this post by Lindsay Haisley-3
On 12/28/2016 02:07 PM, Lindsay Haisley wrote:
> This generally removes any dependency on DNS for resolving "localhost".


Courier uses DNS for everything that comes to mind.  Modifying
/etc/hosts won't resolve the problem in question.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Lindsay Haisley-3
On Wed, 2016-12-28 at 15:44 -0800, Gordon Messmer wrote:
> On 12/28/2016 02:07 PM, Lindsay Haisley wrote:
> > This generally removes any dependency on DNS for resolving
> "localhost".
>
> Courier uses DNS for everything that comes to mind.  Modifying 
> /etc/hosts won't resolve the problem in question.

True.

Another problem which I've had on occasion, although it doesn't sound
as if this is Viktor's problem, is with firewall configuration. If the
default INPUT policy is DROP, and localhost and there's no firewall
rule allowing it, then localhost traffic will be blocked.

This more or less applies to Linux, although any OS with configurable
kernel-based firewall rules will probably have similar properties.

Viktor, when this happens, does "ifconfig" show an existing localhost
interface, "lo" or "lo0"?

--
Lindsay Haisley       | "UNIX is user-friendly, it just
FMP Computer Services |       chooses its friends."
512-259-1190          |          -- Andreas Bogk
http://www.fmp.com    |


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: lo is down

Szépe Viktor
Idézem/Quoting Lindsay Haisley <[hidden email]>:

> On Wed, 2016-12-28 at 15:44 -0800, Gordon Messmer wrote:
>> On 12/28/2016 02:07 PM, Lindsay Haisley wrote:
>> > This generally removes any dependency on DNS for resolving
>> "localhost".
>>
>> Courier uses DNS for everything that comes to mind.  Modifying 
>> /etc/hosts won't resolve the problem in question.
>
> True.
>
> Another problem which I've had on occasion, although it doesn't sound
> as if this is Viktor's problem, is with firewall configuration. If the
> default INPUT policy is DROP, and localhost and there's no firewall
> rule allowing it, then localhost traffic will be blocked.
>
> This more or less applies to Linux, although any OS with configurable
> kernel-based firewall rules will probably have similar properties.
>
> Viktor, when this happens, does "ifconfig" show an existing localhost
> interface, "lo" or "lo0"?

Thank you for your help.

I was running only netstat and tcpdump during Monit alerts.
I am going to add ifconfig the next time I debug this.

Usually it is a provider problem. It occurs when there is a network  
congestion or I don't know what.
 From the virtual instances "I" do not see the physical network. And  
the incident (no response from lo) usually takes 2 or 4 minutes then  
Monit restarts Courier and everything is back up again.






SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  [hidden email]  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

DNS, was lo is down

Alessandro Vesely
In reply to this post by Gordon Messmer-2
On Thu 29/Dec/2016 00:44:53 +0100 Gordon Messmer wrote:
>
> Courier uses DNS for everything that comes to mind.  Modifying
> /etc/hosts won't resolve the problem in question.

 From that, I derive that production mail servers should run a caching[*] DNS
server /locally/.  That's also necessary for DNSxL, SPF, DKIM, and the like.
Do you agree?

Ale

[*] Some settings, such as rsync'ed DNSxL served locally, may formally look
like master zones.  Semantically, however, they are cached, albeit using
different tools.
--













------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: DNS, was lo is down

Gordon Messmer-2
On 12/29/2016 02:16 AM, Alessandro Vesely wrote:
 From that, I derive that production mail servers should run a caching[*] DNS 
server /locally/.  That's also necessary for DNSxL, SPF, DKIM, and the like. 
Do you agree?


I think that a caching DNS server should be as near as possible to the email server, but I don't personally run them on the same host in most cases.  I know plenty of people who think it's best practice, but I don't have any strong feelings on the topic.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users