I resolved the issue however I would like to know your thoughts regarding how I have this setup to work with SME. Thanks.
centos 7 is on 10.1.1.0 network - server name = zenoss
dc (domain controller) 10.1.1.5 (see logs)
SME mail server is on 172.16.1.0 network - server name = mail
relay server is on 172.16.10.0 network
External MX mail.cyberwatchers.com
Internal Domain = cyberwatchers.local
currently my centos 7 box CAN send out logwatch mail as I am getting them every morning. they are send out using info@cyberwatchers.com via the logwatch.conf file. Why I am getting the below errors: root attempting to send to my email using .local vs .com I do not know. I see zenoss is trying to use domain.local (10.1.1.5) my domain controller for email delivery. I am not sure why this is. see below...
ISSUE:
This morning I awoke and checked those logs and see 16 deferred postfix emails. when looking at the logs on my centos server:
Feb 15 18:26:33 zenoss postfix/qmgr[25573]: C14C780D3559: from=<root@zenoss.cyberwatchers.local>, size=2817, nrcpt=1 (queue active)
Feb 15 18:26:33 zenoss postfix/qmgr[25573]: BA50080D355B: from=<root@zenoss.cyberwatchers.local>, size=2837, nrcpt=1 (queue active)
Feb 15 18:26:33 zenoss postfix/qmgr[25573]: 8EEA880D3560: from=<root@zenoss.cyberwatchers.local>, size=2837, nrcpt=1 (queue active)
Feb 15 18:26:33 zenoss postfix/qmgr[25573]: 2214A80D3561: from=<root@zenoss.cyberwatchers.local>, size=2817, nrcpt=1 (queue active)
Feb 15 18:26:33 zenoss postfix/smtp[25606]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused
Feb 15 18:26:33 zenoss postfix/smtp[25607]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused
Feb 15 18:26:33 zenoss postfix/smtp[25609]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused
Feb 15 18:26:33 zenoss postfix/smtp[25611]: connect to cyberwatchers.local[10.1.1.5]:25: Connection refused
Feb 15 18:26:33 zenoss postfix/smtp[25606]: C14C780D3559: to=<info@cyberwatchers.local>, relay=none, delay=35091, delays=35091/0.02/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused)
Feb 15 18:26:33 zenoss postfix/smtp[25607]: BA50080D355B: to=<info@cyberwatchers.local>, relay=none, delay=34925, delays=34925/0.02/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused)
Feb 15 18:26:33 zenoss postfix/smtp[25609]: 8EEA880D3560: to=<info@cyberwatchers.local>, relay=none, delay=11040, delays=11040/0.03/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused)
Feb 15 18:26:33 zenoss postfix/smtp[25611]: 2214A80D3561: to=<info@cyberwatchers.local>, relay=none, delay=10921, delays=10921/0.03/0/0, dsn=4.4.1, status=deferred (connect to cyberwatchers.local[10.1.1.5]:25: Connection refused)
It would seem I need to add my relay server which is on the 172 network so the postfix config am I correct? If that is so can you please give me a few examples as to how I can do this? I am sending logs from logwatch from a few other linux machines using .com and I am sure they are going outside my network. but I am not getting errors on those boxes like I am this one. The other boxes are using sendmail not postfix. CentOS 7 came with postfix. I would like to correct my security issue correctly thanks in advance.
side note:
currently I have OSSEC configured to use my internal relay server, (172.16.10.2) which forwards to my internal mail server just fine. My Firewall also forwards syslog msg's to relay also which then goes to my mail server also. I would like logwatch msg's to be forwarded to the relay then to the mail server.
what works:
OSSEC and my firewall logs get forwarded to my relay server, my relay server then using sendmail.mc file:
define(`SMART_HOST', `mail.cyberwatchers.local')
then gets forwarded to my mail server. this is done without ever having to go outside my network. Now I am currently sending my logwatch logs to mail.cyberwatchers.com and this is working. However I am getting the errors. I would prefer to send them like I do using the relay.
here is my postconf -n (I have attempted following some guides but I ended up breaking the conf file uninstalling and reinstalling.) root@zenoss postfix]#
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
############################
!!! RESOLVED !!!
I created an ALIAS on my DNS (domain controller) called relay.cyberwatchers.local pointing it to the relay server 172.16.10.2.
I edited two parts of the postfix main.cf file:
mydestination = relay.cyberwatchers.com, relay.cyberwatchers.local #dont think I need the .com one
relayhost = relay.cyberwatchers.local
#############################
I have not gotten the above error messages since. Strange but I did get this strand ONCE about an hour after the fix and nothing more.
Feb 16 19:58:01 zenoss postfix/qmgr[2902]: C14C780D3559: from=<root@zenoss.cyberwatchers.local>, size=2817, nrcpt=1 (queue active)
Feb 16 19:58:01 zenoss postfix/smtp[3322]: C14C780D3559: to=<info@cyberwatchers.local>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=126979, delays=126979/0.04/0.05/0.07, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1ta019781 Message accepted for delivery)
Feb 16 19:58:01 zenoss postfix/qmgr[2902]: C14C780D3559: removed
Feb 16 19:58:01 zenoss postfix/smtp[3323]: BA50080D355B: to=<info@cyberwatchers.local>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=126813, delays=126813/0.02/0.05/0.08, dsn=2.0.0, status=sent (250 2.0.0 t1H0w14E019782 Message accepted for delivery)
Feb 16 19:58:01 zenoss postfix/qmgr[2902]: BA50080D355B: removed
Feb 16 19:58:01 zenoss postfix/smtp[3325]: 8EEA880D3560: to=<info@cyberwatchers.local>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=102928, delays=102928/0.03/0.05/0.09, dsn=2.0.0, status=sent (250 2.0.0 t1H0w19X019784 Message accepted for delivery)
Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 8EEA880D3560: removed
Feb 16 19:58:01 zenoss postfix/smtp[3326]: 2214A80D3561: to=<info@cyberwatchers.local>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=102809, delays=102809/0.04/0.05/0.09, dsn=2.0.0, status=sent (250 2.0.0 t1H0w14I019785 Message accepted for delivery)
Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 2214A80D3561: removed
Feb 16 19:58:01 zenoss postfix/smtp[3324]: 0E7D380D355C: to=<info@cyberwatchers.local>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=103853, delays=103853/0.03/0.06/0.11, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1rY019783 Message accepted for delivery)
Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 0E7D380D355C: removed
Feb 16 19:58:01 zenoss postfix/smtp[3322]: 2E2727B80D: to=<postmaster@zenoss.cyberwatchers.local>, orig_to=<info@cyberwatchers.com>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=25581, delays=25581/0.14/0.08/0.05, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1eS019793 Message accepted for delivery)
Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 2E2727B80D: removed
Feb 16 19:58:01 zenoss postfix/smtp[3327]: 1B1CD7B808: to=<postmaster@zenoss.cyberwatchers.local>, orig_to=<info@cyberwatchers.com>, relay=relay.cyberwatchers.local[172.16.10.2]:25, delay=25809, delays=25809/0.13/0.08/0.07, dsn=2.0.0, status=sent (250 2.0.0 t1H0w1Wj019792 Message accepted for delivery)
Feb 16 19:58:01 zenoss postfix/qmgr[2902]: 1B1CD7B808: removed
Feb 16 20:01:01 zenoss systemd: Starting Session 3 of user root.
Feb 16 20:01:01 zenoss systemd: Started Session 3 of user root.
Feb 16 20:01:01 zenoss CROND[3332]: (root) CMD (run-parts /etc/cron.hourly)
Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3332 starting 0anacron
Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3341 finished 0anacron
Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3332 starting 0yum-hourly.cron
Feb 16 20:01:01 zenoss run-parts(/etc/cron.hourly)[3347 finished 0yum-hourly.cron
Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: start interval Feb 16 19:58:01
Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: domain lookup hits=0 miss=2 success=0%
Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: address lookup hits=0 miss=2 success=0%
Feb 16 20:01:21 zenoss postfix/scache[3328]: statistics: max simultaneous domains=1 addresses=1 connection=2
I never added in info@cyberwatchers.local anywhere and I am sure it is auto changing from .com to .local because of my domain being .local. however the errors are gone and I am getting the daily logwatch email from relay to SME fine now.
IF ANYONE WANTS TO COMMENT OR HAS ANY INPUT OR ISSUES WITH THIS FIX PLEASE LET ME KNOW AS I WOULD LIKE TO SET THIS UP RIGHT. SEEMS TO BE WORKING FINE. THANKS. this can be deleted at will however I thought it was interesting so any input or direction is welcome thanks.
1 Replies
1917 Views