Solved Postfix relayed message to switched off machine!

K

kjpetrie

This is a real curiosity. After I failed to receive an e-mail I checked my server logs and saw this:
Code: 
Dec 15 17:23:40 mailin postfix/smtp[75989]: C93D427371: to=<xxxx@xxxx>, orig_to=<yyyy@yyyy>, relay=zzzz.localdomain[192.168.1.64]:25, delay=0.51, delays=0.43/0.03/0.04/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as EE2BDDC0)
Dec 15 17:23:40 mailin postfix/qmgr[99260]: C93D427371: removed

So according to the server, postfix relayed the message successfully. I therefore checked my desktop machine's (192.168.1.64) postfix log:
Code: 
Dec 15 15:08:08 localhost postfix/postfix-script[19976]: stopping the Postfix mail system
Dec 15 15:08:08 localhost postfix/master[4913]: terminating on signal 15
Dec 15 17:42:52 localhost postfix[4859]: Postfix is running with backwards-compatible default se
ttings
Dec 15 17:42:52 localhost postfix[4859]: See http://www.postfix.org/COMPATIBILITY_README.html fo
r details
Dec 15 17:42:52 localhost postfix[4859]: To disable backwards compatibility use "postconf compat
ibility_level=2" and "postfix reload"
Dec 15 17:42:52 localhost postfix/postfix-script[4936]: starting the Postfix mail system
Dec 15 17:42:52 localhost postfix/master[4938]: daemon started -- version 3.2.2, configuration /
etc/postfix

As you can see, at the time the message was allegedly relayed the receiving machine was not running postfix, probably because it was switched off! I have checked the date command on both machines, just to be sure they agree.

I find this hard to explain. Any ideas?
 
You could try stopping postfix on 192.168.1.64 and using sockstat or lsof to see if there's something else (also) listening on port 25.

I'm not sure what happens if, for instance, you have sendmail running in a jail & listening on all interfaces rather than just the jail's IP address. In my experience, services running on the jail host get the traffic ahead of any services running in a jail, but I don't know if that's a happy accident or by design.
 
Thanks for the thought, but at the time the mail was allegedly delivered there was no machine at 192.168.1.64 since the log shows it was shut down at 15:08:09 and restarted at 17:42:40, so nothing could listen on that port on a switched-off computer!

At least, there shouldn't have been a machine at that IP address, since it's reserved in the router for the MAC address of my desktop.
 
Does the log on 1.64 show anything if you grep for the message id that it supposedly gave the message? (EE2BDDC0)

The sending machine clearly shows it connected to something and got an accepted response back.
 
Yes, and indeed it did.

I've now solved this. The machine was not switched off after all, but the OS was shut down because I had rebooted into a second test/development system I had recently installed - and I didn't realise that also had postfix running on it. I found the missing message in that OS's mail spool!

I have now disabled postfix on that second installation.

Thanks to all for the sound advice and support.
 
You must log in or register to reply here.
Back
Top