Hi,
I recently started getting some issues where some of my users can't send email to email addresses at LV.com (a UK insurance provider). Looking in the maillog when sending a test message to one of the support people at LV I get this in the mail log (I have changed the email addresses to be "user@unityfp.co.uk" and "user@lv.com" but in the real log these were the actual email addresses used):
Whilst communicating with LV support they asked me to run a TLS Check and I was able to connect to their server as shown below:
So I am baffled as to why their mail system is having problems when we send email to them?
If you can point me to what I can do I would be grateful as we do need email to get through to LV as part of our business.
The server details as follows:
Graham Sivill
I recently started getting some issues where some of my users can't send email to email addresses at LV.com (a UK insurance provider). Looking in the maillog when sending a test message to one of the support people at LV I get this in the mail log (I have changed the email addresses to be "user@unityfp.co.uk" and "user@lv.com" but in the real log these were the actual email addresses used):
Jun 18 09:22:06 unityserver postfix/smtpd[137893]: connect from localhost[127.0.0.1]
Jun 18 09:22:06 unityserver postfix/smtpd[137893]: 33C5810041D02B: client=localhost[127.0.0.1]
Jun 18 09:22:06 unityserver postfix/cleanup[141111]: 33C5810041D02B: message-id=<74bca4963f18bb39fce5b1f073c47286@unityfp.co.uk>
Jun 18 09:22:06 unityserver postfix/qmgr[402721]: 33C5810041D02B: from=<user@unityfp.co.uk>, size=710, nrcpt=1 (queue active)
Jun 18 09:22:06 unityserver postfix/smtpd[137893]: disconnect from localhost[127.0.0.1]
Jun 18 09:22:06 unityserver imaps[140974]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Jun 18 09:22:06 unityserver mailfilter: starting up (sender=user@unityfp.co.uk, recipients=user@lv.com, client_address=127.0.0.1)
Jun 18 09:22:06 unityserver imaps[140974]: login: localhost [::1] user PLAIN+TLS User logged in SESSIONID=<unityserver.unityfp.local-140974-1592468526-1>
Jun 18 09:22:06 unityserver postfix/smtpd[141116]: connect from localhost[127.0.0.1]
Jun 18 09:22:06 unityserver postfix/smtpd[141116]: 5972610041D043: client=localhost[127.0.0.1]
Jun 18 09:22:06 unityserver postfix/cleanup[141111]: 5972610041D043: message-id=<74bca4963f18bb39fce5b1f073c47286@unityfp.co.uk>
Jun 18 09:22:06 unityserver postfix/smtpd[141116]: disconnect from localhost[127.0.0.1]
Jun 18 09:22:06 unityserver postfix/qmgr[402721]: 5972610041D043: from=<user@unityfp.co.uk>, size=893, nrcpt=1 (queue active)
Jun 18 09:22:06 unityserver mailfilter: successfully completed (sender=user@unityfp.co.uk, recipients=user@lv.com, client_address=127.0.0.1, id=<74bca4963f18bb39fce5b1f073c47286@unityfp.co.uk>
Jun 18 09:22:06 unityserver postfix/pipe[141112]: 33C5810041D02B: to=<user@lv.com>, relay=mailprefilter, delay=0.24, delays=0.07/0.02/0/0.16, dsn=2.0.0, status=sent (delivered via mailprefilter service)
Jun 18 09:22:06 unityserver postfix/qmgr[402721]: 33C5810041D02B: removed
Jun 18 09:22:06 unityserver amavis[112596]: (112596-13) ESMTP :10024 /var/lib/amavis/tmp/amavis-20200618T051805-112596-p0ZTrxab: <user@unityfp.co.uk> -> <user@lv.com> SIZE=893 Received: from remote.unityfp.co.uk ([127.0.0.1]) by localhost (unityserver.unityfp.local [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <user@lv.com>; Thu, 18 Jun 2020 09:22:06 +0100 (BST)
Jun 18 09:22:06 unityserver amavis[112596]: (112596-13) Checking: nW0KUykh5xgz [127.0.0.1] <user@unityfp.co.uk> -> <user@lv.com>
Jun 18 09:22:06 unityserver amavis[112596]: (112596-13) p001 1 Content-Type: text/plain, size: 98 B, name:
Jun 18 09:22:06 unityserver imaps[140974]: USAGE user user: 0.031213 sys: 0.007283
Jun 18 09:22:07 unityserver amavis[112596]: (112596-13) dkim: candidate originators: From:<user@unityfp.co.uk>
Jun 18 09:22:07 unityserver amavis[112596]: (112596-13) dkim: not signing, empty signing domain, From: <user@unityfp.co.uk>
Jun 18 09:22:07 unityserver imaps[141083]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Jun 18 09:22:07 unityserver postfix/smtpd[141122]: connect from localhost[127.0.0.1]
Jun 18 09:22:07 unityserver postfix/smtpd[141122]: 48C9010045E4BA: client=localhost[127.0.0.1]
Jun 18 09:22:07 unityserver postfix/cleanup[141111]: 48C9010045E4BA: message-id=<74bca4963f18bb39fce5b1f073c47286@unityfp.co.uk>
Jun 18 09:22:07 unityserver imaps[141083]: login: localhost [::1] user PLAIN+TLS User logged in SESSIONID=<unityserver.unityfp.local-141083-1592468527-1>
Jun 18 09:22:07 unityserver postfix/smtpd[141122]: disconnect from localhost[127.0.0.1]
Jun 18 09:22:07 unityserver postfix/qmgr[402721]: 48C9010045E4BA: from=<user@unityfp.co.uk>, size=1352, nrcpt=1 (queue active)
Jun 18 09:22:07 unityserver amavis[112596]: (112596-13) nW0KUykh5xgz FWD from <user@unityfp.co.uk> -> <user@lv.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 48C9010045E4BA
Jun 18 09:22:07 unityserver amavis[112596]: (112596-13) Passed CLEAN {RelayedOutbound}, LOCAL [127.0.0.1]:50032 <user@unityfp.co.uk> -> <user@lv.com>, Queue-ID: 5972610041D043, Message-ID: <74bca4963f18bb39fce5b1f073c47286@unityfp.co.uk>, mail_id: nW0KUykh5xgz, Hits: -2.9, size: 893, queued_as: 48C9010045E4BA, 883 ms
Jun 18 09:22:07 unityserver amavis[112596]: (112596-13) TIMING-SA total 686 ms - parse: 1.93 (0.3%), extract_message_metadata: 4.4 (0.6%), get_uri_detail_list: 0.53 (0.1%), tests_pri_-1000: 2.7 (0.4%), tests_pri_-950: 1.14 (0.2%), tests_pri_-900: 0.77 (0.1%), tests_pri_-90: 6 (0.9%), check_bayes: 6 (0.8%), b_tokenize: 1.97 (0.3%), b_tok_get_all: 0.95 (0.1%), b_comp_prob: 1.01 (0.1%), b_tok_touch_all: 0.06 (0.0%), b_finish: 0.36 (0.1%), tests_pri_0: 125 (18.3%), check_dkim_adsp: 93 (13.5%), check_spf: 0.51 (0.1%), tests_pri_20: 220 (32.1%), check_razor2: 219 (31.9%), tests_pri_30: 2.0 (0.3%), check_pyzor: 0.31 (0.0%), tests_pri_500: 5 (0.8%), learn: 306 (44.6%), b_learn: 303 (44.1%), b_count_change: 3.1 (0.4%), get_report: 0.80 (0.1%)
Jun 18 09:22:07 unityserver postfix/smtp[141117]: 5972610041D043: to=<user@lv.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.97, delays=0.07/0.02/0/0.88, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 48C9010045E4BA)
Jun 18 09:22:07 unityserver postfix/qmgr[402721]: 5972610041D043: removed
Jun 18 09:22:07 unityserver amavis[112596]: (112596-13) size: 893, TIMING [total 887 ms] - SMTP greeting: 2.2 (0%)0, SMTP EHLO: 0.7 (0%)0, SMTP pre-MAIL: 0.7 (0%)0, SMTP pre-DATA-flush: 3.1 (0%)1, SMTP DATA: 37 (4%)5, check_init: 0.6 (0%)5, digest_hdr: 1.3 (0%)5, digest_body_dkim: 0.2 (0%)5, collect_info: 3.1 (0%)5, mime_decode: 8 (1%)6, get-file-type1: 23 (3%)9, parts_decode: 0.2 (0%)9, check_header: 0.4 (0%)9, AV-scan-1: 25 (3%)12, spam-wb-list: 0.5 (0%)12, SA msg read: 0.8 (0%)12, SA parse: 3.1 (0%)12, SA check: 681 (77%)89, decide_mail_destiny: 5 (1%)90, notif-quar: 0.7 (0%)90, fwd-connect: 44 (5%)95, fwd-mail-pip: 3.6 (0%)95, fwd-rcpt-pip: 0.3 (0%)95, fwd-data-chkpnt: 0.1 (0%)95, write-header: 0.6 (0%)95, fwd-data-contents: 0.1 (0%)95, fwd-end-chkpnt: 29 (3%)99, prepare-dsn: 1.0 (0%)99, report: 1.9 (0%)99, main_log_entry: 6 (1%)100, update_snmp: 1.5 (0%)100, SMTP pre-response: 0.3 (0%)100, SMTP response: 0.2 (0%)100, unlink-2-files: 0.3 (0%)100, rundown: 0.7 (0%)100
Jun 18 09:22:07 unityserver imaps[141083]: USAGE user user: 0.035381 sys: 0.008415
Jun 18 09:22:07 unityserver postfix/smtp[141123]: 48C9010045E4BA: host cluster5.eu.messagelabs.com[85.158.142.200] said: 451 TLS/SSLv3 Connection required. (#4.7.1) (in reply to RCPT TO command)
Jun 18 09:22:07 unityserver postfix/smtp[141123]: 48C9010045E4BA: lost connection with cluster5.eu.messagelabs.com[85.158.142.200] while sending DATA command
Jun 18 09:22:07 unityserver imaps[140974]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Jun 18 09:22:07 unityserver imaps[140974]: login: localhost [::1] user PLAIN+TLS User logged in SESSIONID=<unityserver.unityfp.local-140974-1592468527-1>
Jun 18 09:22:07 unityserver imaps[140974]: USAGE user user: 0.007013 sys: 0.001454
Jun 18 09:22:08 unityserver imaps[141084]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Jun 18 09:22:08 unityserver imaps[141084]: login: localhost [::1] user PLAIN+TLS User logged in SESSIONID=<unityserver.unityfp.local-141084-1592468527-1>
Jun 18 09:22:08 unityserver imaps[141084]: USAGE user user: 0.030207 sys: 0.012822
Jun 18 09:22:08 unityserver postfix/smtpd[137837]: connect from unknown[46.38.145.250]
Jun 18 09:22:08 unityserver postfix/smtp[141123]: 48C9010045E4BA: to=<user@lv.com>, relay=cluster5.eu.messagelabs.com[85.158.142.203]:25, delay=0.94, delays=0.03/0.02/0.79/0.1, dsn=4.0.0, status=deferred (host cluster5.eu.messagelabs.com[85.158.142.203] said: 451 TLS/SSLv3 Connection required. (#4.7.1) (in reply to RCPT TO command))Whilst communicating with LV support they asked me to run a TLS Check and I was able to connect to their server as shown below:
[root@unityserver ~]# openssl s_client -connect lv.com:443 -tls1_2
CONNECTED(00000003)
depth=2 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
verify return:1
depth=0 C = GB, L = Bournemouth, O = Liverpool Victoria Friendly Society Limited, CN = lv.com
verify return:1
---
Certificate chain
0 s:/C=GB/L=Bournemouth/O=Liverpool Victoria Friendly Society Limited/CN=lv.com
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
2 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGyDCCBbCgAwIBAgIQa55TrfxQj5gAAAAAUP6mXDANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
MDAyMTExNTU1MjZaFw0yMTAyMTExNjI1MjVaMGoxCzAJBgNVBAYTAkdCMRQwEgYD
VQQHEwtCb3VybmVtb3V0aDE0MDIGA1UEChMrTGl2ZXJwb29sIFZpY3RvcmlhIEZy
aWVuZGx5IFNvY2lldHkgTGltaXRlZDEPMA0GA1UEAxMGbHYuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdc9iltHcNsH0xc8gUIJOsYsabLFscrO
lkHJw1BQqI4J9irTz7gsg3t//jbGNu9SVsUvmlV3O+9/5EXkso7HNNTOWG9+u9SY
CdY5AWmhGH3lF2UPRxaSBd17MoXvqnk5RJfGCVrrj/+hUNOXCqr2dxlyPs6D5Nna
FGSV5OfDpF5alKYqPW9IC3lOEw35uG8b8ywyZWE4VGTAZ2xwshkJtmmvBTsdKrjZ
xbsbX8uRyPqywLVRk1bwmrkkqDoWA8OIkEVN3V0wKSfH9WgVmwggiyHHv19aif0T
e+GDum/3HnNBowROAhVN/JpgAyNBitVdGLMrzxAd9Dn3lDp9hsDmNQIDAQABo4ID
FzCCAxMwKAYDVR0RBCEwH4IGbHYuY29tggp3d3cubHYuY29tgglvcC5sdi5jb20w
ggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB3AId1v+dZfPiMQ5lfvfNu/1aNR1Y2
/0q1YMG06v9eoIMPAAABcDUR2oQAAAQDAEgwRgIhAM9xJXRh3pUk30Sqqm5FL4CT
UtPLNbDdoIw/RUjEy3MBAiEAsvald0PLt5K13XawjJdBUGz3unJNR98K+viSNcCH
z4YAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXA1EdqTAAAE
AwBIMEYCIQDy8sP+M7vC2rIMMKXhrjBkPmB2XQEDKl5L7WmGGHhrmAIhANNMy2BD
xtjY0hXtkmO9adaiPsQs9fjPVmtPDQr2klpaAHUApLkJkLQYWBSHuxOizGdwCjw1
mAT5G9+443fNDsgN3BAAAAFwNRHaWAAABAMARjBEAiAlBOMutAnhUTMFdjwrT0Sv
yvNBexOQKvXRwXds9mY2PwIgI4uM2OsCPZarbGAANehmb9RQEZPUvMWh9wq+shg+
l6wwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVs
MWsuY3JsMEsGA1UdIAREMEIwNgYKYIZIAYb6bAoBBTAoMCYGCCsGAQUFBwIBFhpo
dHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwaAYIKwYBBQUHAQEE
XDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEF
BQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMB8G
A1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQWBBTOLr/9X2Bp
8h4E640GEKcZHvPfQTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQDSMYUX
tj7Gb+jZP33trLg6QOLVLRc5IyVLy6fK1Ym3pw4ne0navlBHpJES0wnW2BL3gv9i
aya3/zHTB4rnQcTAILFA6MQvO+JfrP8ZhzxkhcGZf36/dYJj9LLZ9HhmKqk6Mh4C
lvmV9DLbKEg7v5SkgkVB0YuM/bsdxxk/zCuU32ZcCF7rcQFvB1Z4TRzkvsJFgWLC
1t3Jmcnu9eLuQv3FzdRm1HRO45Q1aeOg+uBsqOtedGyzpVmlvLILjQpP0HksRXox
tkS9+J0RI7Rw3Qku8U+J4dckhw6BkadoSIjpiWnLaSvInbft5HXiRX+jnD581jop
ruxQJd2bHYekVpAE
-----END CERTIFICATE-----
subject=/C=GB/L=Bournemouth/O=Liverpool Victoria Friendly Society Limited/CN=lv.com
issuer=/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
---
No client certificate CA names sent
---
SSL handshake has read 4335 bytes and written 647 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
Session-ID: 5F2DE95FB7C2EA9474BA931970D3BC95517CB1BC18A114C8B29E518AFBD2BCF1
Session-ID-ctx:
Master-Key: D521C8515FFAF4820578F70313AB95BC446998CB3D15256BAF15C6353416A044F831243DE0920F0650469BAEF4232ADE
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1592404317
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---So I am baffled as to why their mail system is having problems when we send email to them?
If you can point me to what I can do I would be grateful as we do need email to get through to LV as part of our business.
The server details as follows:
Item Value
Version ClearOS release 7.6.0 (Final)
Kernel Version 3.10.0-957.21.3.v7.x86_64
System Time Thu Jun 18 09:59:59 BST 2020
CPU Model Intel(R) Xeon(R) Silver 4110 CPU @ 2.10GHz
Memory Size 15.24 GB
Uptime 8 Days 16.6 Hours
Load 0.01 0.02 0.05Graham Sivill
In SMTP Server
Share this post:
Responses (26)
-
Accepted Answer
Nick,
Thanks, I will give that a go.
I am certain it is working as I have now sent a number of emails to LV recipients and I can see the message now being sent in the maillog, where previously I was getting an error from the.
Their Support have confirmed the mail has been received successfully as well.
Thanks again.
Graham Sivill -
Accepted Answer
For completeness, you can check if TLS is being used for sending e-mails by sending a test e-mail at CheckTLS.com. Use their site to generate the e-mail. The response is pretty terse. -
Accepted Answer
-
Accepted Answer
Nick,
Just restarted the server and it now reports all software s up to date. Excellent!
I then checked the system reports and it now looks like this:
System Details
Item Value
Version ClearOS release 7.8.1 (Final)
Kernel Version 3.10.0-1127.10.1.el7.x86_64
System Time Thu Jun 18 22:20:19 BST 2020
CPU Model Intel(R) Xeon(R) Silver 4110 CPU @ 2.10GHz
Memory Size 15.27 GB
Uptime 0 Days 0.1 Hours
Load 0.19 0.46 0.30
So it will be interesting to see if a test email gets through tomorrow to an address at lv.com.
I will report back if it does and accept the answer to update the mail stuff as the anser to this question.
Graham Sivill -
Accepted Answer
-
Accepted Answer
Nick,
I ran that sequence of commands and now get this in System Info:
Version ClearOS release 7.8.1 (Final)
Kernel Version 3.10.0-957.21.3.v7.x86_64
System Time Thu Jun 18 17:23:13 BST 2020
CPU Model Intel(R) Xeon(R) Silver 4110 CPU @ 2.10GHz
Memory Size 15.24 GB
Uptime 9 Days 0 Hours
Load 0.00 0.01 0.05
As you can see if you compare to the bottom of my original post I was on 7.6.0 (Final) and now I am on 7.8.1 (Final), I am still on the same kernel version but I suppose that may change if I re-boot?
Does that look like I am now at the latest version, or will I need to restart it and then run the yum commands again so that any kernel specific updates are applied?
Graham Sivill. -
Accepted Answer
-
Accepted Answer
Nick,
If I wanted to kick off the 233 updates from the command line what would be the correct commands to do that, as I would like to force the issue especialy as here in the UK it's just turned 5pm so all the staff will be out soon and I could run the updates and or reboot if needed?
Graham Sivill -
Accepted Answer
I'd be a little surprised if all your servers had it. I've come across it a few times, but even where the servers are co-located it has not hit more than one. Most servers I see are not affected by either.
You should have had a constant stream of updates over time plus a couple of big updates. 7.7 Community came out sometime about last October and 7.8 Community on Tuesday night. My 7.8 updated c.180 apps but it does depend on what you have installed.
The October issue needed a patched file but, as it blocked updates, the user has to apply it. The Feb issue was a problem with one of our update servers locking up. This left yum processes running waiting for a reply they were never going to get and they may still be waiting. A reboot fixes it as does killing all yum processes. You didn't have any running. It tended to affect American based servers as the load is higher when they are updating because there are more of them. All you got from your grep command was the grep command coming back at you. -
Accepted Answer
Nick,
Following that sticky post pretty much is the same commands as you sent me earlier, I had no yum processes running so I didn't do anything as the other link in that pointed me to the one with the curl command that you linked me to earlier.
So I am hoping that overnight the machine will apply the 233 outstanding updates and the changes we have made today will make the LV email issue go away?
Is it best to leave the server alone and let it do its thing overnight, or should I reboot it once everyone finishes for the day?
Graham Sivill -
Accepted Answer
Nick,
I have looked in the yum.log and there are only entries from today and no others listed. So it looks like it has never updated since I installed it in the middle of last year. Unless there is another log that shows updates?
I will run through your sticky procedure and see if I can tickle that back into life!
Will there be some patches to fix the updating issues or do you have to do the procedure in your sticky post, as I am pretty sure most of my servers have this issue?
Graham Sivill -
Accepted Answer
There are two problems with the automatic updates, one from October/November which you had and one from mid-Feb. Both require manual intervention. If your update log shows nothing but clearsdn updates since Feb then you need to investigate. Details are in this sticky. Unfortunately both issues block automatic updates so cannot be fixed by automatic updates. Otherwise automatic updates should happen nightly, unless one is skipped with the machine down. Then it will be another week before it restarts. -
Accepted Answer
Nick,
Thanks for getting back to me.
I had a look at the software updates page and it now shows this:
Recent Software Activity
Package Action Date/Time
app-smtp-core-2.5.7-1.v7 Updated Jun 18, 14:14:14
app-smtp-2.5.7-1.v7 Updated Jun 18, 14:14:14
But also it shows that there are now 233 outstanding updates?
How does the software updater in the UI work as I have a number of ClearOS machines and I often click the "Update All" button after the list of available updates is built and it always goes to a message saying:
Progress
Software update is in progress. Please come back later.
So if you then log out of the UI and check back later to the updates screen you will find it is back at the list of available updates and it's as if nothing happened?
Also nearly all my machines seem to build up large numbers of outstanding updates and it does make me wonder if that update mechanism isn't working properly?
Is the normal process that you click "Update All" and it should then action that overight so that if you checked in the next day all the updates will have been applied?
To me if automatic updates is enabled (which it is on all my ClearOS servers) then I should never have to do the "Update All" thiing as they should just get applied as and when they appear?
I would appreciate if you could clear this up for me as it' one area of the ClearOS dashboard that I really don't understand.
Graham Sivill -
Accepted Answer
-
Accepted Answer
Nick,
You mentioned that the command I ran earlier to check if the server could make a successful TLS connection to the LV.COM mail domain was of no use, could you recommend one that would prove if this has worked tomorrow after the server updates occur overnight?
It would be nice to run some command that would give me a positive confirmation that the great help you have given me today has worked.
Graham Sivill -
Accepted Answer
Nick,
OK then ran the "update app-smtp" and get this:
[root@unityserver ~]# yum update app-smtp
Loaded plugins: clearcenter-marketplace, fastestmirror
ClearCenter Marketplace: fetching repositories...
Determining fastest mirrors
* clearos: mirror2-amsterdam.clearos.com
* clearos-centos: download2.clearsdn.com
* clearos-centos-sclo-rh: download2.clearsdn.com
* clearos-centos-updates: download2.clearsdn.com
* clearos-contribs: mirror2-amsterdam.clearos.com
* clearos-epel: download2.clearsdn.com
* clearos-fast-updates: download2.clearsdn.com
* clearos-infra: mirror2-amsterdam.clearos.com
* clearos-updates: mirror2-amsterdam.clearos.com
* private-clearcenter-dyndns: download2.clearsdn.com:80
* private-clearcenter-roundcubemail: download1.clearsdn.com:80
clearos | 3.7 kB 00:00
clearos-centos | 3.6 kB 00:00
clearos-centos-sclo-rh | 3.0 kB 00:00
clearos-centos-updates | 2.9 kB 00:00
clearos-contribs | 3.5 kB 00:00
clearos-epel | 2.9 kB 00:00
clearos-fast-updates | 3.0 kB 00:00
clearos-infra | 3.5 kB 00:00
clearos-updates | 3.5 kB 00:00
(1/14): clearos/7/group_gz | 1.6 kB 00:00
(2/14): clearos-centos/x86_64/group_gz | 166 kB 00:00
(3/14): clearos-contribs/7/updateinfo | 96 B 00:00
(4/14): clearos-contribs/7/primary_db | 66 kB 00:00
(5/14): clearos/7/primary_db | 1.0 MB 00:00
(6/14): clearos-fast-updates/x86_64/primary_db | 10 kB 00:00
(7/14): clearos-infra/7/updateinfo | 96 B 00:00
(8/14): clearos-infra/7/primary_db | 11 kB 00:00
(9/14): clearos-updates/7/updateinfo | 96 B 00:00
(10/14): clearos-updates/7/primary_db | 176 kB 00:00
(11/14): clearos-centos-updates/x86_64/primary_db | 7.1 MB 00:05
(12/14): clearos-centos/x86_64/primary_db | 6.0 MB 00:05
(13/14): clearos-centos-sclo-rh/x86_64/primary_db | 3.6 MB 00:05
(14/14): clearos-epel/7/x86_64/primary_db | 10 MB 00:08
private-clearcenter-dyndns | 3.0 kB 00:00
private-clearcenter-dyndns/primary_db | 2.6 kB 00:00
private-clearcenter-roundcubemail | 3.0 kB 00:00
private-clearcenter-roundcubemail/primary_db | 2.5 kB 00:00
Resolving Dependencies
--> Running transaction check
---> Package app-smtp.noarch 1:2.5.3-1.v7 will be updated
---> Package app-smtp.noarch 1:2.5.7-1.v7 will be an update
--> Processing Dependency: app-smtp-core = 1:2.5.7-1.v7 for package: 1:app-smtp-2.5.7-1.v7.noarch
--> Running transaction check
---> Package app-smtp-core.noarch 1:2.5.3-1.v7 will be updated
---> Package app-smtp-core.noarch 1:2.5.7-1.v7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
app-smtp noarch 1:2.5.7-1.v7 clearos-updates 17 k
Updating for dependencies:
app-smtp-core noarch 1:2.5.7-1.v7 clearos 82 k
Transaction Summary
================================================================================
Upgrade 1 Package (+1 Dependent package)
Total download size: 99 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): app-smtp-2.5.7-1.v7.noarch.rpm | 17 kB 00:00
(2/2): app-smtp-core-2.5.7-1.v7.noarch.rpm | 82 kB 00:00
--------------------------------------------------------------------------------
Total 431 kB/s | 99 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Updating : 1:app-smtp-core-2.5.7-1.v7.noarch 1/4
Updating : 1:app-smtp-2.5.7-1.v7.noarch 2/4
Cleanup : 1:app-smtp-2.5.3-1.v7.noarch 3/4
Cleanup : 1:app-smtp-core-2.5.3-1.v7.noarch 4/4
Verifying : 1:app-smtp-2.5.7-1.v7.noarch 1/4
Verifying : 1:app-smtp-core-2.5.7-1.v7.noarch 2/4
Verifying : 1:app-smtp-core-2.5.3-1.v7.noarch 3/4
Verifying : 1:app-smtp-2.5.3-1.v7.noarch 4/4
Updated:
app-smtp.noarch 1:2.5.7-1.v7
Dependency Updated:
app-smtp-core.noarch 1:2.5.7-1.v7
Complete!
[root@unityserver ~]#
So unless you can see something wrong, looks to have made it do the update successfully?
Graham Sivill -
Accepted Answer
Nick,
Ran the command in your pinned post, just for completeness this is the results:
[root@unityserver ~]# curl -LO https://mirror1-newyork.clearos.com/clearos/7/updates/x86_64/RPMS/$(curl -s https://mirror1-newyork.clearos.com/clearos/7/updates/x86_64/RPMS/|grep -oh yum-marketplace-plugin-.*rpm\"|grep -oh yum-marketplace-plugin.*rpm)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 14128 100 14128 0 0 26692 0 --:--:-- --:--:-- --:--:-- 26656
[root@unityserver ~]# rpm -Uvh yum-marketplace-plugin-*.rpm
Preparing... ################################# [100%]
Updating / installing...
1:yum-marketplace-plugin-2.4-1.v7 ################################# [ 50%]
Cleaning up / removing...
2:yum-marketplace-plugin-2.2-2.v7 ################################# [100%]
[root@unityserver ~]# yum clean all
Loaded plugins: clearcenter-marketplace, fastestmirror
ClearCenter Marketplace: fetching repositories...
Cleaning repos: clearos clearos-centos clearos-centos-sclo-rh
: clearos-centos-updates clearos-contribs clearos-epel
: clearos-fast-updates clearos-infra clearos-updates
: private-clearcenter-dyndns private-clearcenter-roundcubemail
Cleaning up list of fastest mirrors
Other repos take up 100 M of disk space (use --verbose for details)
[root@unityserver ~]#
I hope this looks what you'd expect?
Graham Sivill -
Accepted Answer
Nick,
I decided to run the killall anyway and then the yum update commands and get this:
[root@unityserver ~]# killall yum
yum: no process found
[root@unityserver ~]# yum update app-smtp
Loaded plugins: clearcenter-marketplace, fastestmirror
ClearCenter Marketplace: fetching repositories...
ClearCenter Marketplace: global name 'section_id' is not defined
Loading mirror speeds from cached hostfile
* clearos: mirror1-amsterdam.clearos.com
* clearos-centos: download4.clearsdn.com
* clearos-centos-sclo-rh: download4.clearsdn.com
* clearos-centos-updates: download4.clearsdn.com
* clearos-contribs: mirror1-amsterdam.clearos.com
* clearos-fast-updates: download4.clearsdn.com
* clearos-infra: mirror1-amsterdam.clearos.com
No packages marked for update
[root@unityserver ~]#
I was slightly concerned by the last line, does that mean that it won't apply the update?
Graham Sivill -
Accepted Answer
Nick,
I ran the command "ps aux | grep yum" and get this:
[root@unityserver ~]# ps aux | grep yum
root 159031 0.0 0.0 112708 984 pts/1 S+ 11:53 0:00 grep --color=auto yum
[root@unityserver ~]#
I am not sure what that response means as I am not familiar with what I am looking at, can you advise what I should do?
Graham Sivill -
Accepted Answer
-
Accepted Answer
Nick,
I have just checked the available updates and it does say there are 201 available updates.
Automatic Updating is enabled and has been since day one so not sure why it hasn't automatically updated.
Should I hit the "Update All" button, or is it better to run a YUM command that will make it do it in case there is some kind of issue with the Automatic Updates program in the User Interface?
Graham Sivill -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Nick,
ClearOS is V 7.6.0 final.
Output from postconf -n is:
[root@unityserver ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_queue_lifetime = 6h
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = mailprefilter
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = $alias_maps $virtual_alias_maps
luser_relay =
mail_owner = postfix
mailbox_size_limit = 102400000
mailbox_transport = mailpostfilter
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 51200000
message_strip_characters = \0
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = unityfp.co.uk
myhostname = remote.unityfp.co.uk
mynetworks = 127.0.0.0/8 [::1]/128, [::1]/128
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
recipient_delimiter = +
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/remote.unityfp.co.uk/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/remote.unityfp.co.uk/privkey.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $alias_maps, $virtual_maps, ldap:/etc/postfix/imap-aliases.cf, ldap:/etc/postfix/imap-groups.cf
[root@unityserver ~]#
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »