Hi,
INTRO
I am hosting my box at coinshost.com, which does not seem to be the optimum
solution. Stay away from them if you are looking for a new hoster. They are
blocking DNS except to their own servers so I had to modify the box to be able
to work with it.
I am planning to go to annother hoster but as they do not offer any refunds I am
trying to make it work with them until the end of the period.
Because of problems with uptime, they recently changed their platform and gave
me a new VPS which I had to migrate to. I was almost successfull, the only thing
is that the status monitor is not working any more. I made the following changes
during setup:
CIRCUMSTANCES
added their nameservers to /etc/resolvconf/resolv.conf.d/head
because DNS would
not work otherwise.
also added their nameservers to /etc/bind/named.conf.options
forwarders {
NS.IP.IN.HERE;
2nd.NS.IP.HERE;
};
not sure if this is really necessary / will get overwritten with an update
anyway.
enabled IPv6 in /etc/sysctl.conf
(#net.ipv6.conf.all.disable_ipv6 = 1
) because
their image had it disabled
added a cronjob for root to make my backups world readable
30 23 * * * chmod 604 /home/user-data/backup/encrypted/*
the migration itself was done according to
Mail-in-a-Box Maintenance Guide but instead of the scp
command I used the following on the old box:
rsync -avr -e ssh /home/user-data/ rootatNEW.BOX.IP.HERE:/home/user-data/
PROBLEM
Now when I try to open the Status Checks page I get the following:
Something went wrong, sorry.
/var/log/syslog
shows the following during my attempt:
Jan 27 11:26:50 box dovecot: lmtp(11724): Connect from 127.0.0.1
Jan 27 11:26:50 box dovecot: lmtp(11732): Connect from 127.0.0.1
Jan 27 11:26:50 box dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<random/jibberjabber>
Jan 27 11:26:50 box postfix/smtpd[11728]: warning: hostname box.domain.tld does not resolve to address MY.BOXES.IP.HERE
Jan 27 11:26:50 box postfix/smtpd[11728]: connect from unknown[MY.BOXES.IP.HERE]
Jan 27 11:26:50 box postfix/submission/smtpd[11729]: warning: hostname box.domain.tld does not resolve to address MY.BOXES.IP.HERE
Jan 27 11:26:50 box postfix/submission/smtpd[11729]: connect from unknown[MY.BOXES.IP.HERE]
Jan 27 11:26:50 box dovecot: lmtp(11724): Disconnect from 127.0.0.1: Connection closed: Connection reset by peer (in banner)
Jan 27 11:26:50 box dovecot: lmtp(11732): Disconnect from 127.0.0.1: Connection closed (in banner)
Jan 27 11:26:50 box postfix/submission/smtpd[11729]: lost connection after CONNECT from unknown[MY.BOXES.IP.HERE]
Jan 27 11:26:50 box postfix/submission/smtpd[11729]: disconnect from unknown[MY.BOXES.IP.HERE]
Jan 27 11:26:50 box postfix/smtpd[11728]: lost connection after CONNECT from unknown[MY.BOXES.IP.HERE]
Jan 27 11:26:50 box postfix/smtpd[11728]: disconnect from unknown[MY.BOXES.IP.HERE]
Jan 27 11:26:50 box dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=MY.BOXES.IP.HERE, lip=MY.BOXES.IP.HERE, TLS handshaking: Disconnected, session=<random/jibberjaber>
Jan 27 11:26:50 box named[15298]: received control channel command ‘flush’
Jan 27 11:26:50 box named[15298]: flushing caches in all views succeeded
I do not know where the error warning: hostname box.domain.tld does not resolve to address MY.BOXES.IP.HERE
comes from, because it does.
When I run
localuseratbox:~/mailinabox$ management/status_checks.py
I get the following:
System
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
✓ All system services are running.
rndc: error: open: /etc/bind/rndc.key: permission denied
rndc: could not load rndc configuration
✓ SSH disallows password-based login.
There are 9 software packages that can be updated.
[NOTE: This is only a simulation!] ()
[ apt-get needs root privileges for real execution.] ()
[ Keep also in mind that locking is deactivated,] ()
[ so don’t depend on the relevance to the real current situation!] ()
libapt-pkg4.12 (1.0.1ubuntu2.11)
apt (1.0.1ubuntu2.11)
libapt-inst1.5 (1.0.1ubuntu2.11)
apt-utils (1.0.1ubuntu2.11)
apt-transport-https (1.0.1ubuntu2.11)
? Mail-in-a-Box version check disabled by privacy setting.
✓ System administrator address exists as a mail alias. [administratoratbox.domain.tld ↦ meatdomain.tld]
✓ The disk has xx.x GB space remaining.
Network
✓ Outbound mail (SMTP port 25) is not blocked.
✓ IP address is not blacklisted by zen.spamhaus.org.
multiprocessing.pool.RemoteTraceback:
“”"
Traceback (most recent call last):
File “/usr/lib/python3.4/multiprocessing/pool.py”, line 119, in worker
result = (True, func(*args, **kwds))
File “/usr/lib/python3.4/multiprocessing/pool.py”, line 47, in starmapstar
return list(itertools.starmap(args[0], args[1]))
File “management/status_checks.py”, line 295, in run_domain_checks_on_domain
check_dns_zone(domain, env, output, dns_zonefiles)
File “management/status_checks.py”, line 399, in check_dns_zone
check_dnssec(domain, env, output, dns_zonefiles)
File “management/status_checks.py”, line 482, in check_dnssec
dnsssec_pubkey = open(os.path.join(env[‘STORAGE_ROOT’], ‘dns/dnssec/’ + dnssec_keys[‘KSK’] + ‘.key’)).read().split(“\t”)[3].split(" “)[3]
PermissionError: [Errno 13] Permission denied: ‘/home/user-data/dns/dnssec/K_domain_.+numbers+randomnumbers.key’
“””
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File “management/status_checks.py”, line 917, in
run_checks(False, env, ConsoleOutput(), pool)
File “management/status_checks.py”, line 41, in run_checks
run_domain_checks(rounded_values, env, output, pool)
File “management/status_checks.py”, line 274, in run_domain_checks
ret = pool.starmap(run_domain_checks_on_domain, args, chunksize=1)
File “/usr/lib/python3.4/multiprocessing/pool.py”, line 268, in starmap
return self._map_async(func, iterable, starmapstar, chunksize).get()
File “/usr/lib/python3.4/multiprocessing/pool.py”, line 599, in get
raise self.value
PermissionError: [Errno 13] Permission denied: '/home/user-data/dns/dnssec/K_domain.+numbers+randomnumbers.key’
/var/log/syslog
Jan 27 11:35:18 box dovecot: lmtp(12730): Connect from 127.0.0.1
Jan 27 11:35:18 box dovecot: lmtp(12730): Disconnect from 127.0.0.1: Connection closed: Connection reset by peer (in banner)
Jan 27 11:35:18 box dovecot: lmtp(12730): Connect from 127.0.0.1
Jan 27 11:35:18 box dovecot: lmtp(12730): Disconnect from 127.0.0.1: Connection closed (in banner)
Jan 27 11:35:18 box dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<random/jibberjabber>
Jan 27 11:35:18 box postfix/smtpd[12734]: warning: hostname box.domain.tld does not resolve to address MY.BOXES.IP.HERE
Jan 27 11:35:18 box dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=MY.BOXES.IP.HERE, lip=MY.BOXES.IP.HERE, TLS handshaking: Disconnected, session=
Jan 27 11:35:18 box postfix/smtpd[12734]: connect from unknown[MY.BOXES.IP.HERE]
Jan 27 11:35:18 box postfix/smtpd[12734]: lost connection after CONNECT from unknown[MY.BOXES.IP.HERE]
Jan 27 11:35:18 box postfix/smtpd[12734]: disconnect from unknown[MY.BOXES.IP.HERE]
Jan 27 11:35:18 box postfix/submission/smtpd[12735]: warning: hostname box.domain.tld does not resolve to address MY.BOXES.IP.HERE
Jan 27 11:35:18 box postfix/submission/smtpd[12735]: connect from unknown[MY.BOXES.IP.HERE]
Jan 27 11:35:18 box postfix/submission/smtpd[12735]: lost connection after CONNECT from unknown[MY.BOXES.IP.HERE]
Jan 27 11:35:18 box postfix/submission/smtpd[12735]: disconnect from unknown[MY.BOXES.IP.HERE]
If I run the checks as root, all works
rootatbox:/home/localuser/mailinabox# management/status_checks.py
System
✓ All system services are running.
✓ SSH disallows password-based login.
There are 5 software packages that can be updated.
libapt-pkg4.12 (1.0.1ubuntu2.11)
apt (1.0.1ubuntu2.11)
libapt-inst1.5 (1.0.1ubuntu2.11)
apt-utils (1.0.1ubuntu2.11)
apt-transport-https (1.0.1ubuntu2.11)
? Mail-in-a-Box version check disabled by privacy setting.
✓ System administrator address exists as a mail alias. [administratoratbox.domain.tld ↦ meatdomain.tld]
✓ The disk has xx.x GB space remaining.
Network
✓ Outbound mail (SMTP port 25) is not blocked.
✓ IP address is not blacklisted by zen.spamhaus.org.
box.domain.tld
✓ Nameserver glue records are correct at registrar. [ns1/ns2.box.domain.tld ↦ MY.BOXES.IP.HERE]
✓ Domain resolves to box’s IP address. [box.domain.tld ↦ MY.BOXES.IP.HERE]
✓ Reverse DNS is set correctly at ISP. [MY.BOXES.IP.HERE ↦ box.domain.tld]
✓ The DANE TLSA record for incoming mail is correct (_25._tcp.box.domain.tld).
✓ Hostmaster contact address exists as a mail alias. [hostmasteratbox.domain.tld ↦ administratoratbox.domain.tld]
✓ Domain’s email is directed to this domain. [box.domain.tld ↦ 10 box.domain.tld]
✓ Postmaster contact address exists as a mail alias. [postmasteratbox.domain.tld ↦ administratoratbox.domain.tld]
✓ Domain is not blacklisted by dbl.spamhaus.org.
✓ SSL certificate is signed & valid. The certificate expires in xx days on xx/xx/xx.
domain.tld
✓ Nameservers are set correctly at registrar. [ns1.box.domain.tld; puck.nether.net]
Secondary nameserver puck.nether.net is not configured correctly. (It resolved this domain as [timeout]. It should be MY.BOXES.IP.HERE.)
✓ Domain’s email is directed to this domain. [domain.tld ↦ 10 box.domain.tld]
✓ Postmaster contact address exists as a mail alias. [postmasteratdomain.tld ↦ administratoratbox.domain.tld]
✓ Domain is not blacklisted by dbl.spamhaus.org.
✓ Domain resolves to this box’s IP address. [domain.tld ↦ MY.BOXES.IP.HERE]
✓ SSL certificate is signed & valid. The certificate expires in xx days on xx/xx/xx.
? This domain’s DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. To set a DS record, you must follow the
instructions provided by your domain name registrar and provide to them this information:Key Tag: xxxxx
Key Flags: KSK
Algorithm: x / RSASHA1-NSEC3-SHA1
Digest Type: x / SHA-256
Digest: somelongrandomdigest
Public Key:mypublickey
Bulk/Record Format:
domain.tld. 3600 IN DS xxxxx x x somelongrandomdigest
“www.domain.tld”
✓ Domain resolves to this box’s IP address. [www.domain.tld ↦ MY.BOXES.IP.HERE]
✓ SSL certificate is signed & valid. The certificate expires in xx days on xx/xx/xx.
otherdomain.tld
✓ Nameservers are set correctly at registrar. [ns1.box.domain.tld; puck.nether.net]
Secondary nameserver puck.nether.net is not configured correctly. (It resolved this domain as [timeout]. It should be MY.BOXES.IP.HERE.)
✓ Domain’s email is directed to this domain. [otherdomain.tld ↦ 10 box.domain.tld]
✓ Postmaster contact address exists as a mail alias. [postmasteratotherdomain.tld ↦ administratoratbox.domain.tld]
✓ Domain is not blacklisted by dbl.spamhaus.org.
✓ Domain resolves to this box’s IP address. [otherdomain.tld ↦ MY.BOXES.IP.HERE]
✓ SSL certificate is signed & valid. The certificate expires in xx days on xx/xx/xx.
? This domain’s DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. To set a DS record, you must follow the
instructions provided by your domain name registrar and provide to them this information:DNSSEC info here
“www.otherdomain.tld”
✓ Domain resolves to this box’s IP address. [www.otherdomain.tld ↦ MY.BOXES.IP.HERE]
✓ SSL certificate is signed & valid. The certificate expires in xx days on xx/xx/xx.
/var/log/syslog
Jan 27 11:39:11 box dovecot: lmtp(12732): Connect from 127.0.0.1
Jan 27 11:39:11 box dovecot: lmtp(12792): Connect from 127.0.0.1
Jan 27 11:39:11 box dovecot: managesieve-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<random/jibberjabber>
Jan 27 11:39:11 box dovecot: lmtp(12732): Disconnect from 127.0.0.1: Connection closed: Connection reset by peer (in banner)
Jan 27 11:39:11 box dovecot: lmtp(12792): Disconnect from 127.0.0.1: Connection closed (in banner)
Jan 27 11:39:11 box dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=MY.BOXES.IP.HERE, lip=MY.BOXES.IP.HERE, TLS handshaking: Disconnected, session=
Jan 27 11:39:11 box postfix/smtpd[12796]: warning: hostname box.domain.tld does not resolve to address MY.BOXES.IP.HERE
Jan 27 11:39:11 box postfix/smtpd[12796]: connect from unknown[MY.BOXES.IP.HERE]
Jan 27 11:39:11 box postfix/submission/smtpd[12797]: warning: hostname box.domain.tld does not resolve to address MY.BOXES.IP.HERE
Jan 27 11:39:11 box postfix/submission/smtpd[12797]: connect from unknown[MY.BOXES.IP.HERE]
Jan 27 11:39:11 box named[15298]: received control channel command ‘flush’
Jan 27 11:39:11 box named[15298]: flushing caches in all views succeeded
Jan 27 11:39:11 box postfix/smtpd[12796]: lost connection after CONNECT from unknown[MY.BOXES.IP.HERE]
Jan 27 11:39:11 box postfix/smtpd[12796]: disconnect from unknown[MY.BOXES.IP.HERE]
Jan 27 11:39:11 box postfix/submission/smtpd[12797]: lost connection after CONNECT from unknown[MY.BOXES.IP.HERE]
Jan 27 11:39:11 box postfix/submission/smtpd[12797]: disconnect from unknown[MY.BOXES.IP.HERE]
MY GUESS
A permissions issue but I am not sure how to fix it. It could have come from using rsync during the migration instead of scp. Please let me know if you have any ideas.