Opened 3 months ago

Closed 3 months ago

Last modified 3 months ago

#31743 closed defect (fixed)

SMTP on carinatum

Reported by: atagar Owned by: anarcat
Priority: Very High Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: juga Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi lovely sysadmins. DocTor's last successfully sent notification was on July 8th.

Iirc we performed server upgrades of some sort around this time, and it seems we no longer have an SMTP daemon listening on localhost port 25...

09/07/2019 20:52:32 [ERROR] consensus_health_checker.py failed with:

Traceback (most recent call last):
  File "/srv/doctor.torproject.org/doctor/consensus_health_checker.py", line 995, in <module>
    main()
  File "/srv/doctor.torproject.org/doctor/consensus_health_checker.py", line 292, in main
    util.send(EMAIL_SUBJECT, body = body, cc = cc, bcc = bcc)
  File "/srv/doctor.torproject.org/doctor/util.py", line 145, in send
    server = smtplib.SMTP('localhost')
  File "/usr/lib/python2.7/smtplib.py", line 256, in __init__
    (code, msg) = self.connect(host, port)
  File "/usr/lib/python2.7/smtplib.py", line 318, in connect
    (code, msg) = self.getreply()
  File "/usr/lib/python2.7/smtplib.py", line 366, in getreply
    + str(e))
SMTPServerDisconnected: Connection unexpectedly closed: [Errno 104] Connection reset by peer

Mind if we re-enable that daemon?

Thanks! -Damian

Child Tickets

Change History (4)

comment:1 Changed 3 months ago by juga

Cc: juga added

comment:2 Changed 3 months ago by anarcat

Owner: changed from tpa to anarcat
Status: newassigned

comment:3 Changed 3 months ago by anarcat

Resolution: fixed
Status: assignedclosed

This is the problem:

Sep 16 15:21:45 carinatum/carinatum postfix/smtpd[18138]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
root@carinatum:/etc/postfix# postconf smtpd_relay_restrictions
smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
root@carinatum:/etc/postfix# postconf smtpd_recipient_restrictions
smtpd_recipient_restrictions =
root@carinatum:/etc/postfix# postconf compatibility_level
compatibility_level = 0

This is the last change to Postfix's main.cf before july 8th:

commit 0dbf5557fc3dec867c63482b0255ba9acffa4a29
Author: Peter Palfrader <peter@palfrader.org>
Date:   Thu Jun 27 09:02:42 2019 +0200

    set unverified_recipient_reject_code to 550, this should address #30911

diff --git a/modules/postfix/templates/main.cf.erb b/modules/postfix/templates/m
ain.cf.erb
index 4b789ca5..f713d407 100644
--- a/modules/postfix/templates/main.cf.erb
+++ b/modules/postfix/templates/main.cf.erb
@@ -99,6 +99,7 @@ maximal_queue_lifetime = 7d
 address_verify_map = btree:${data_directory}/verify
 address_verify_negative_refresh_time = 840s
 unverified_sender_reject_code = 450
+unverified_recipient_reject_code = 550
 address_verify_sender = <>
 
 <% if @hostname == "eugeni" -%>

I doubt it's related.

The host *may* have been upgraded to buster in July, however:

Start-Date: 2019-07-09  19:10:31
Commandline: apt dist-upgrade

So this could be a matter of upgrading the postfix config template to buster.

I fixed this on this specific host by adding compatibility_level=2 to the configuration, but I'll need to check this across the infra to make sure we don't have the problem elsewhere. Will open a different ticket on this, however (#31743).

thanks for the report, I hope this fixes it to your satisfaction. :)

comment:4 Changed 3 months ago by atagar

Wonderful anarcat, thank you! I just received a DocTor notification email so looks great on my end. Much appreciated. :)

Note: See TracTickets for help on using tickets.