MX or A record issues

user776720 asked:

We have a mail server (Mailenable) which we are using to sell email accounts to our clients.
We have one client that could not send email to a specific domain and they receieve this error from the domain’s email server:

Reason: The message could not be delivered because the domain name ourclientcompanyname.com does not have any DNS records.

The company that uses us for email does not have any DNS records for their domain ourclientcompanyname.com

MX records are fine but the domain has no other DNS records. Is that a possible error? What DNS records should the client should add?


I answered:

RFC 5321 (section 2.3.5) requires that domain names used in email be resolvable to addresses.

From the relevant parts:

Only resolvable, fully-qualified domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
in Section 5) are permitted, as are CNAME RRs whose targets can be
resolved, in turn, to MX or address RRs. Local nicknames or
unqualified names MUST NOT be used. There are two exceptions to the
rule requiring FQDNs:

  • The domain name given in the EHLO command MUST be either a primary
    host name (a domain name that resolves to an address RR) or, if
    the host has no name, an address literal, as described in
    Section 4.1.3 and discussed further in the EHLO discussion of
    Section 4.1.4.

If your mail server says EHLO company.example and company.example can’t be resolved to an address, then it’s perfectly valid to reject that connection. The same is true of the domain names used in the sender and recipient addresses (with the exception of postmaster, which doesn’t require a domain name at all).


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Nginx location redirecting improperly

Kevin Brown asked:

My nginx.conf:

http {
  include mime.types;

  default_type application/octet-stream;

  # click tracking!
  access_log /var/log/nginx/nginx.access.log combined;

  sendfile on;

  tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
  tcp_nodelay off; # on may be better for some Comet/long-poll stuff

  gzip on;
  gzip_http_version 1.0;
  gzip_proxied any;
  gzip_min_length 500;
  gzip_disable "MSIE [1-6].";

  include /etc/nginx/sites-enabled/*;



  upstream nvhbase {
    server unix:///tmp/nvhbase.sock fail_timeout=0;
  }

  upstream tracker {
    server unix:///tmp/tracker.sock fail_timeout=0;
  }

  server {

    listen 80;
    server_name hmaapp101;

    # Application root, as defined previously
    #root /var/www/nvh/public;
    #try_files $uri/index.html $uri.html $uri;
    location / {
        root /var/www/nvh/public;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_pass http://unix:///tmp/nvhbase.sock;
    }

    location ^~ /tracker/ {
        root /var/www/tracker/public;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_pass http://unix:///tmp/tracker.sock:/tracker/;
    }
  }
}

When I go to http://myapp/tracker I get redirected to myapp/tracker/tracker/users/sign_in instead of myapp/tracker/users/sign_in.

I have tried a million variations, but either get a 500 too many redirects, or this.

I changed a few things fiddling around, thought I changed it back, but now I’ve broken something…shoulda backed up.

Please assist. Is this bad practice to run two rails apps like this?


I answered:

You need to set root in the server block, not in the location block. This is one of the most common nginx mistakes.

In the location where you need to override the document root, use alias instead of root so that the path is translated properly.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Trying to install php-mcrypt

user3446561 asked:

[root@localhost ~]# yum install php-mcrypt
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirror.as43289.net
 * epel: ftp.colocall.net
 * extras: mirror.as43289.net
 * updates: mirror.as43289.net
Resolving Dependencies
--> Running transaction check
---> Package php-mcrypt.i686 0:5.3.3-3.el6 will be installed
--> Processing Dependency: php(zend-abi) = 20090626 for package: php-mcrypt-5.3.3-3.el6.i686
--> Processing Dependency: php(api) = 20090626 for package: php-mcrypt-5.3.3-3.el6.i686
--> Processing Dependency: libmcrypt.so.4 for package: php-mcrypt-5.3.3-3.el6.i686
--> Running transaction check
---> Package libmcrypt.i686 0:2.5.8-9.el6 will be installed
---> Package php-mcrypt.i686 0:5.3.3-3.el6 will be installed
--> Processing Dependency: php(zend-abi) = 20090626 for package: php-mcrypt-5.3.3-3.el6.i686
--> Processing Dependency: php(api) = 20090626 for package: php-mcrypt-5.3.3-3.el6.i686
--> Finished Dependency Resolution
Error: Package: php-mcrypt-5.3.3-3.el6.i686 (epel)
           Requires: php(zend-abi) = 20090626
           Installed: php-common-5.4.38-1.el6.remi.i686 (@remi)
               php(zend-abi) = 20100525-x86-32
           Available: php-common-5.3.3-38.el6.i686 (base)
               php(zend-abi) = 20090626
           Available: php-common-5.3.3-40.el6_6.i686 (updates)
               php(zend-abi) = 20090626
Error: Package: php-mcrypt-5.3.3-3.el6.i686 (epel)
           Requires: php(api) = 20090626
           Installed: php-common-5.4.38-1.el6.remi.i686 (@remi)
               php(api) = 20100412-x86-32
           Available: php-common-5.3.3-38.el6.i686 (base)
               php(api) = 20090626
           Available: php-common-5.3.3-40.el6_6.i686 (updates)
               php(api) = 20090626
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

Do i have to install everything from the start, or is there a way around this? Thank you in advance.

resolved:
https://www.conetix.com.au/blog/australian-remi-repository


I answered:

You installed PHP from the remi repository, but you disabled the repository. So yum can’t install additional packages from it.

To resolve the problem, re-enable the remi repository.

yum-config-manager --enable remi

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Nginx hosting with path appended to index.php

ironkeith asked:

I’m hosting an instance on Concrete5, and in addition to using a dynamic paths, they also use URLs in the weird form of www.mysite.com/index.php/path/to/page.

I have it mostly working, but I’m having issues getting Nginx to serve requests to www.mysite.com/, as it’s listing the directory instead of displaying index.php.

  • www.mysite.com/ -> lists the public directory, but should display index.php
  • www.mysite.com/index.php/path/to/page -> works!
  • www.mysite.com/some/other/path -> works!

Here’s my Nginx conf file:

server {

    root /srv/www/mysite.com/public_html;
    server_name mysite.com

    location / {
        try_files $uri $uri/ /index.php/$request_uri;
        autoindex on; # just for debugging...
    }

    location ~ .php($|/) {
        set $script $uri;
        if ($uri ~ "^(.+.php)(/.+)") {
            set $script $1;
        }
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$script;
        fastcgi_intercept_errors on;
        fastcgi_pass  unix:/var/run/php5-fpm.sock;
    }

}

I answered:

Your configuration is missing index index.php;.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Special characters in mysql password using mysqldump

Simeon Mitev asked:

I have the following ssh script:

#Here I am getting the mysql password for the root user
password=$(cat /root/.my.cnf | grep "password" |  awk -F" '{print $2}') 

#here I am trying to dump the database remotely
mysqldump -uroot -p$password $db |  ssh root@$destination_server "cat > /backup/mysql/$db.sql"

The thing is that I am getting the following error:

/bin/bash: -c: line 0: syntax error near unexpected token `)'
/bin/bash: -c: line 0: `mysqldump -uroot -pbyt)uy6 database_name '

I have tested quite a lot and I found that the error is caused due to the special character in the password. Since I am getting the password from the .my.cnf file I am unable to escape it by hardcoding the escape characters.

Can anyone offer me a way to maybe search for those special characters in the $password variable and add to those escape slashes (“”).

Best Regards!


I answered:

You don’t need to do any of this. As HBruijn mentioned in a comment, the $HOME/.my.cnf file already contains your credentials and MySQL’s command line tools will use them automatically without you needing to do anything special.

So just do:

mysqldump $db |  ssh root@$destination_server "cat > /backup/mysql/$db.sql"

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Failed to connect to 127.0.0.1 port 80

Al Che asked:

I have running nginx server (doesn’t matter which server):

$ sudo netstat -tulpn | grep 80

  tcp     0      0 0.0.0.0:80   0.0.0.0:*         LISTEN      4268/nginx      
  tcp6    0      0 :::80        :::*              LISTEN      4268/nginx

And then I sent request to 127.0.0.1

$ curl -v 127.0.0.1

* Rebuilt URL to: 127.0.0.1/
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* connect to 127.0.0.1 port 80 failed: Connection refused
* Failed to connect to 127.0.0.1 port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused

$ telnet localhost 80

Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

All right in /etc/hosts:

127.0.1.1   ubuntu-work
127.0.0.1   localhost

# The following lines are desirable for IPv6 capable hosts 
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

iptables disabled $ sudo iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

It’s interesting that I can connect to any address 127...* except 127.0.0.1 (localhost). And also I can connect with my subnet ip-address 10.0.2.15.
And If I change port 80 to another in server config (e.g. Listen 88) it works.

I tried $ sudo nmap -sS 127.0.0.1 -p 80 and got info – 80/tcp closed, but how it’s possible if running nginx server on port 80?

Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
PORT   STATE  SERVICE
80/tcp closed http

Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds

loopback interface is up: $ ifconfig

eth0  Link encap:Ethernet  HWaddr 08:00:27:86:5f:e3  
      inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
      inet6 addr: fe80::a00:27ff:fe86:5fe3/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:588 errors:0 dropped:0 overruns:0 frame:0
      TX packets:616 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000 
      RX bytes:262986 (262.9 KB)  TX bytes:103011 (103.0 KB)

lo    Link encap:Local Loopback  
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:276 errors:0 dropped:0 overruns:0 frame:0
      TX packets:276 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0 
      RX bytes:32750 (32.7 KB)  TX bytes:32750 (32.7 KB)

Other iptables tables

Output of $ sudo iptables -t nat -nvL:

Chain PREROUTING (policy ACCEPT 1 packets, 40 bytes)
pkts bytes target     prot opt in     out     source               destination         
0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 20559
0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 redir ports 20558

Chain INPUT (policy ACCEPT 1 packets, 40 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1043 packets, 65731 bytes)
pkts bytes target     prot opt in     out     source               destination         
0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:80 redir ports 20559
0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:443 redir ports 20558

Chain POSTROUTING (policy ACCEPT 1043 packets, 65731 bytes)
pkts bytes target     prot opt in     out     source               destination

I didn’t get any output of sudo iptables -t mangle -nVL, only version: iptables v1.4.21

Output of sudo iptables -t mangle -nL

   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         

   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         

   Chain FORWARD (policy ACCEPT)
   target     prot opt source               destination         

   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         

   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination 

Please help me if you have any ideas about what blocking localhost:80.


I answered:

Nothing is blocking port 80. You just have firewall NAT rules which are redirecting connections to that port to other ports, which aren’t open.

Chain PREROUTING (policy ACCEPT 1 packets, 40 bytes)
pkts bytes target     prot opt in     out     source               destination         
0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 20559
0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 redir ports 20558

Chain OUTPUT (policy ACCEPT 1043 packets, 65731 bytes)
pkts bytes target     prot opt in     out     source               destination         
0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:80 redir ports 20559
0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:443 redir ports 20558

Remove these rules to resolve the problem.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

NAT-ing with iptables rewrites source IP in logs

Zoli asked:

I have the following infrastructure in place:

 internet   [outside 81.x.x.x] router [inside 192.168.1.1] 
                                    |    [network 192.168.1.0/24] 
                                    | 
                                   mail server [192.168.1.2]

On the router (DD-WRT) with iptables. I have NAT enabled since I want my mailserver to respond for the outside IP.
I have the following setup:

iptables -t nat -I PREROUTING -d 81.x.x.x -j DNAT --to 192.168.1.2 
iptables -t nat -I POSTROUTING -s 192.168.1.2 -j SNAT --to 81.x.x.x 
iptables -I FORWARD -d 192.168.1.2 -p tcp --dport 25 -j ACCEPT

with some other open ports as well.

However, when mail arrives to the mailserver postfix show the following message:

postfix/smtpd[6964]: connect from unknown[192.168.1.1]

All mails coming from outside seems that is comming with the routers inside IP address. What am I missing, so that the original IP address is shown, instead of the routers inside IP?


I answered:

You appear to have set up a 1-to-1 NAT with the first two iptables rules, but then you’ve added a third, rather curious rule:

iptables -I FORWARD -d 192.168.1.2 -p tcp --dport 25 -j ACCEPT

Such rules aren’t necessary when doing 1-to-1 NAT, and don’t actually do anything useful. Of the information you’ve given, this appears to be the most likely cause of the problem. Simply remove it.

iptables -D FORWARD -d 192.168.1.2 -p tcp --dport 25 -j ACCEPT

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

AOL bounces with: AOL will not accept delivery of this message

moorray asked:

AOL started bouncing emails from my mail server with the following error:

521 5.2.1 :  AOL will not accept delivery of this message.
554 5.5.0 Remote protocol error

On the troubleshooting page AOL asks for specific error code but all I get is a generic message. The emails are sent from Outlook, without any attachments. I don’t send out any mass email/newsletters, only personal email.

What can cause this and how should I proceed? Without the specific code I can’t proceed with AOL. Have anyone had this problem?


I answered:

You can try submitting the form with no error code selected, and hope for the best. If you’re lucky, a human being might read it.

You can also try contacting AOL Postmaster by phone, on +1 703 265-4670 (reportedly AOL postmaster operations are now being handled in India; you’ve been warned).


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

AWS Billing : will i be charge if i only stop the instance not terminate it?

Subham Tripathi asked:

I have a query , that i have anEC2 instance which i need to use for running some tests but i do not need it to be up for 24×7 (only on office hours i need it to be running),

As one potential solution i am planning to stop the EC2 instance and then relaunch it

If i stop the instance (not terminate it ).
Will i still be eligible for billing ?


I answered:

When your instance is stopped, you are only charged for its associated storage (e.g. your personal AMIs or EBS volumes), but not the hourly compute charge. The hourly compute charge applies only when the instance is running.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

How to install Linux daemon using Kickstart

Dejan asked:

%post --log=/root/ks-post.log  --interpreter /bin/sh

exec < /dev/tty3 > /dev/tty3 2>&1
chvt 3    

cat > /mnt/sysimage/etc/init.d/daemon <<EOL
  #stuff goes here
EOL

chmod 755 /mnt/sysimage/etc/init.d/daemon 
ln -s /mnt/sysimage/etc/init.d/daemon /mnt/sysimage/etc/rc.d/rc3.d/S09daemon 
chvt 1

The problem is that daemon does not exist in /etc/init.d/
and when I remove /mnt/sysimage prefix, kickstart freezes in post install.


I answered:

There is no /mnt/sysimage directory in your freshly installed system.

Remember that %post operates within the chroot environment, unless you explicitly tell it not to do so.

To resolve the problem, use the correct pathnames.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.