tickets #111188
closed
Added by pjessen almost 3 years ago.
Updated over 1 year ago.
Description
Every 15mins, anna/elsa receives a connection from mirrorcache-us.infra.opensuse.org[192.168.67.12], which is refused with "Relay access denied" because that network is not known. The mail is from mirrorcache@localhost to mirrorcache@localhost which also sounds pretty silly :-)
After one or two retries, the mail is then delivered from mirrorcache.infra.opensuse.org[192.168.47.23] (i.e. a known network), but it is immediately dropped as non-deliverable "mail for localhost loops back to myself".
I tried to log on to mirrorcache.infra.opensuse.org to have a look at the postfix config, but was unable to.
- Private changed from Yes to No
The issues as I see them -
- "new" network 192.168.67.0/24 - maybe mails should not be sent from this?
- sender/recipient the same
- sender/recipient @localhost
- no access to mirrorcache.i.o.o
- general postfix config needs revisiting.
- Assignee set to andriinikitin
- Assignee changed from andriinikitin to pjessen
- Private changed from No to Yes
pjessen wrote:
Every 15mins, anna/elsa receives a connection from mirrorcache-us.infra.opensuse.org[192.168.67.12], which is refused with "Relay access denied" because that network is not known. The mail is from mirrorcache@localhost to mirrorcache@localhost which also sounds pretty silly :-)
After one or two retries, the mail is then delivered from mirrorcache.infra.opensuse.org[192.168.47.23] (i.e. a known network), but it is immediately dropped as non-deliverable "mail for localhost loops back to myself".
I tried to log on to mirrorcache.infra.opensuse.org to have a look at the postfix config, but was unable to.
I am not good with access management, but you should be able to ssh to mirrorcache-us from provo-mirror.opensuse.org. Let me know if that doesn't work, maybe we can engage lars with this.
- Private changed from Yes to No
andriinikitin wrote:
pjessen wrote:
Every 15mins, anna/elsa receives a connection from mirrorcache-us.infra.opensuse.org[192.168.67.12], which is refused with "Relay access denied" because that network is not known. The mail is from mirrorcache@localhost to mirrorcache@localhost which also sounds pretty silly :-)
After one or two retries, the mail is then delivered from mirrorcache.infra.opensuse.org[192.168.47.23] (i.e. a known network), but it is immediately dropped as non-deliverable "mail for localhost loops back to myself".
I tried to log on to mirrorcache.infra.opensuse.org to have a look at the postfix config, but was unable to.
I am not good with access management, but you should be able to ssh to mirrorcache-us from provo-mirror.opensuse.org. Let me know if that doesn't work, maybe we can engage lars with this.
I'll try accessing it from provo-mirror, but shouldn't it just work over our VPN?
I thought it was a routing issue with the new network, but I see that route is added.
ssh from provo-mirror also fails, it asks for a password.
There must be something missing on mirrorcache-us, I think ?
I was not aware of that network, 192.168.67.0/24, but I guess it is safe to add it to anna/elsa.
pjessen wrote:
andriinikitin wrote:
I'll try accessing it from provo-mirror, but shouldn't it just work over our VPN?
It does, no need to go via provo-mirror. However...
ssh from provo-mirror also fails, it asks for a password.
... that's also what I see. Wild guess - nobody did run the initial salt highstate on mirrorcache-us yet? (Andrii, if I'm correct, please do that - maybe first with test=True to see what would be changed.)
Ping ?
The mail delivery attempts are now coming from mirrorcache-us-db.infra.opensuse.org[192.168.67.23], but otherwise nothing has changed. Trying to log on to mirrorcache-us-db.infra.opensuse.org, and I am still asked for a password.
- Assignee changed from pjessen to andriinikitin
Any Salt commands against this machine seem utterly slow. Even test.ping takes a while to return. The Postfix states are slower than compiling Postfix from scratch.
- Status changed from New to In Progress
- Assignee changed from andriinikitin to crameleon
Somehow this ticket got lost and I didn't remember it at all.
I've disabled problem cron job on mirrorcache-us-db and it shouldn't try to send spam every 15 min anymore.
Please feel free to run required/missing salt commands or write them down here and assign the ticket back to me and I will run them.
- Status changed from In Progress to Resolved
Thank you! I'll follow up with this separately as I notice we currently have some issues with the Salt states for machines in Provo due to mismatching name- and downloadservers.
Also available in: Atom
PDF