Jump to content

Recommended Posts

Posted (edited)

Just so things won't get lost in the way between pages:
 
I might got the time wrong with the first occurrence but please look at the above screenshots (which were taken in the second occurrence), I described the time and loads every 10 minutes with explanation. all the above was after undeployment and deployment. You say that Vesta updated itself right in that time twice? Also, It is still in the same version/build so I'm not sure what is updated so often?
 
What about the differences between the 2 cpus at the top and the cpus in the list? I didn't see any correlation when the high loads happened. I'm asking because I see high loads but I can't know what is causing it.
 
What is my exim version? There seem to be an upgrade needed to 4.92. Do I have this version?
 
If the load issues were due to my stuff, I'd go with doubling memory but if the problem is only when/because vesta update itself (are you sure the load issues in my screenshots are due to that?) I first want to rule this out. I've found the following in the documentation:
v-delete-cron-vesta-autoupdate
delete vesta autoupdate cron job
options: NONE
The function deletes vesta autoupdate cron job.
 
v-list-sys-vesta-autoupdate
list vesta autoupdate settings
options: [FORMAT]
The function for obtaining autoupdate setings.
 
I know you have other things but I see you were online so why not doing at least the urgent stuff like the problem with the email? I'm locked out.
My emails are not being sent anymore to anyone, can please someone follow the instructions form Krydos link? I tried to do it myself but I have no permissions to my own VPS (that could really save some efforts from you). I tried only restarting exim but it didn't help.
 
#Delete files:
rm /var/spool/exim4/db/*
rm /var/spool/exim4/input/*
rm /var/spool/exim4/msglog/*
rm /var/log/exim4/*</pre>

#Clear file:
/var/log/dovecot.log</pre>

#Then restart Exim4 OR Restart VPS
service exim4 restart
 
Do you know why the above happened? Do you know how to avoid it next time?
 
9:30am gmt+3 again my server is high due to update, this time it's mysql? even though you disabled it. Also what is python3 unattended upgrade? I don't understand why is it working so hard to update itself to death, specially things that are irrelevant. Can't this server just rest and do what it is told to do?
 
https://i.ibb.co/J7xxYpt/1.png
 1.png

Generally speaking, I don't know what disadvantages you are talking about, your support and patience with me were more than one can ask for when you setup my VPS. We went through issues and problems and you fixed them in no time. Whenever you were online, I knew my need was fulfilled. When we got to the last line suddenly you were less there and even when you got online, urgent issues I had were not addressed. I got locked out without the ability to do something about it, just like now with the emails. Apparently I don't have permissions to do things on my own, that could relieve you some of the things. That surprised me. That's all. I feel like we need few minutes to make this VPS work already as it should and just then, things are postponed and prolonged, not sure why.

Edited by Amoss
  • Replies 101
  • Created
  • Last Reply

Top Posters In This Topic

Posted (edited)

At first all failed with the following:

---

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  ...@gmail.com
    all hosts for 'gmail.com' have been failing for a long time (and retry time not reached)

---

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  ...@gmail.com
    host alt4.gmail-smtp-in.l.google.com [74.125.193.26]
    retry timeout exceeded

---

 

then I noticed that server->hostname was back to vps13 so I changed it to my domain and sent the emails again for testing. I will give it few hours to see if the other sides actually received those emails.

 

I looked in vestacp->web->domain->view logs->errorlog and there were a lot of them just from today. Any idea what is it?

 

My exim version is 4.91 while they recommend to update to 4.92 as soon as possible

Edited by Amoss
Posted (edited)

The problem happens ONLY with gmail. ALL gmail addresses are failing for the above messages of retry reached.

Do you see any errors on your side that can shed a light over this one?

If I remember correctly, you added spamassassin not long time ago? Maybe this has got something to do with it?

https://bobcares.com/blog/mail-error-450/

https://en.stealthsettings.com/fix-exim-error-hosts-domain-tld-failing-long-time-retry-time-reached.html

Did you also did the following from the link

#Delete files:
rm /var/spool/exim4/db/*
rm /var/spool/exim4/input/*
rm /var/spool/exim4/msglog/*
rm /var/log/exim4/*</pre>

#Clear file:
/var/log/dovecot.log</pre>

 

My exim version is 4.91 while they recommend to update to 4.92 as soon as possible

 

For some reason I don't have the view logs anymore - Did you remove this option somehow?

 

I saw that you increased the memory to 2gb but as mentioned before: If the only problem is the updates-to-death the server itself is doing for no apparent reason, then the solution might be just disabling those auto updates. As far as I noticed, when those updates are not happening, everything is smooth.

 

At least one good news is that I just redeployed my war and it went smooth. Not sure if it's just because the 2gb or also because no update-to-death process happened in between.

 

I hope the emails problem will be solved soon as I'm unable to email to people that are using Gmail and needless to say, it's kinda in use by most people :-)

Edited by Amoss
Posted

My exim version is 4.91 while they recommend to update to 4.92 as soon as possible

4.91 is the latest currently available through apt. You could install the latest version by compiling it from source, but that would likely break things worse than they already are.

 

If I remember correctly, you added spamassassin not long time ago? Maybe this has got something to do with it?

I didn't do anything with spamassassin. It's been installed since before you logged in to the vps for the first time.

 

For some reason I don't have the view logs anymore - Did you remove this option somehow?

I haven't done anything to your VPS since I last posted that I rebooted it for you.

 

I saw that you increased the memory to 2gb

Yes, I really think this is the main issue, and it doesn't cost you anything to try it.

 

At least one good news is that I just redeployed my war and it went smooth. Not sure if it's just because the 2gb

I'm pretty sure it went smoothly because of the extra memory.

 

It might be that gmail is blocking your emails because it thinks they're spam. You mentioned that your domain changed from stockdiv.com back to vps13 so maybe that's why google doesn't like this vps anymore. Can you send another email to https://www.mail-tester.com/ and post the result link?

Posted (edited)

1. So they are telling everybody to update to 4.92 but it's still not available? I agree with you that there is no reason to compile the source etc...

 

2. Here it is, 10/10 : https://www.mail-tester.com/test-07kmf&reloaded=1 I already changed back to my host. I just tried it again and failed. Do you see any errors from the mail server side?

 

Please read here: https://support.google.com/mail/thread/8130059?hl=en about the mail tester. The guy that replied said it's important.

You do not have a DMARC record

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC.

You do not have a DMARC record, please add a TXT record to your domain _dmarc.stockdiv.com with the following value:

v=DMARC1; p=none

Verification details:

  • mail-tester.com; dkim=pass (1024-bit key; unprotected) header.d=stockdiv.com header.i=@stockdiv.com header.b=XWeoplET; dkim-atps=neutral
  • mail-tester.com; dmarc=none header.from=stockdiv.com
  • mail-tester.com; dkim=pass (1024-bit key; unprotected) header.d=stockdiv.com header.i=@stockdiv.com header.b=XWeoplET; dkim-atps=neutral
  • From Domain: stockdiv.com
  • DKIM Domain: stockdiv.com

 

3. Generally, do you see any errors on the apache and/or tomcat side?

Edited by Amoss
Posted

1. So they are telling everybody to update to 4.92 but it's still not available? I agree with you that there is no reason to compile the source etc...

Once you have sorted your major issue out I would strongly consider doing this.

4.91 has a known exploit, hence the push to update.

https://nvd.nist.gov/vuln/detail/CVE-2019-10149

Cpanel also made a post:

https://blog.cpanel.com/exim-cve-2019-10149-protect-yourself/?utm_source=cpanel_forums&utm_medium=banner&utm_campaign=exim-cve-2019-10149

 

Also try the following, I already put the ID from the email that failed in post #11 in there, might shed some more light on why the email failed.

grep 1haCN9-000TIg-Ea /var/log/exim_mainlog
Posted

I agree with you but Krydos wrote 4.91 is the latest available and I sure don't want to compile the code of  4.92 and install it because it could break things. If 4.92 is available, I hope Krydos will install it.

 

Currently my main issue is not being able to send emails to Gmail, not sure it is related to the exim version.

 

Thank you for the grep insight, the thing is I don't have permissions to access those files so again, waiting for Krydos to do his thing. Though maybe adding the DMARC record will suffice as the person from Gmail forum has adviced.

Posted (edited)

I'm really trying to understand the behind the scenes of all this. For over a week I can't email to gmail, I posted here what can be done (I can't do it myself because I have no permissions to my own VPS) but only one person can do that and even when he is online, nothing is done and I'm left to wonder to myself what's going on.

 

I know there is no intonation in text so I'm not angry or something, I'm asking humbly why is it taking so long to try my suggestion?

Edited by Amoss
Posted

While we're happy to provide such assistance if we have the time, such support is not technically part of the service. As a result, it's low priority, and an immediate response should not be expected. Krydos is the only person around here who knows linux well enough to assist.

 

The provider is not supposed to administer a VPS for you. They just provide the hardware space for you to run it on. The whole reason most buy a VPS is so they can run whatever they please without needing the provider's assistance.

 

What you're asking for here is the equivalent of renting a house, then asking the landlord to decorate it and live in it for you too.

 

If you were using a normal commercial VPS provider, most providers would refuse to provide any support at all for the software you run inside your VM (you'd be told to ask the software maker for support on that). Support is usually limited to (re)installing the OS for you, and getting it online such that you can remote in and install your software. Unless they offer a turnkey solution of some kind, they generally will not install your software in your VM for you, nor will they maintain or troubleshoot it.

Posted (edited)

Hi wolstech and thank you for replying.

 

If I had permissions to do what needs to be done, I would have done it myself.

I tried entering the exim logging in order to see if there are any errors - no permissions on both users I have.

I tried adding DMARC record myself but vestacp tells me dns system is not enabled to my domain, on the other hand, Krydos already defined other settings like SPF for example, he has more permissions than me so even if I want to do things on my own, I can't.

 

A different example would be that after the last restart my emails went crazy (not just to gmail) and I realized that the vps name was renamed to its original name. I had the permissions to change it back and all was well (except gmail). What I'm saying is that if I have the permissions, I might nag much less.

Edited by Amoss
Posted

You should have root access to your own VPS...if you don't, that's an issue.

 

I can't speak to vesta or how it works as I've never used it, but is your box running its own DNS server? If so, you should be able to add those entries to the DNS server on your box. When setting up a domain, you would point your domains to your own name servers to host them on your VPS. If it was configured to use ours for some reason, yeah, Krydos would need to create those.

 

I do know that Krydos must create PTR records if they're needed.

 

I'll have to let him handle it since I don't know the configuration of the VPS in question though :(

Posted

wolstech,

 

Is your box running its own DNS server? I don't know. If I got the message dns system is not enabled, maybe it means it doesn't :)

 

And thanks.

Posted

Mine is not, but being an admin means I can just use the existing one easily so I have no reason to do so. I could run my own if I wanted though (since I run Windows Server, DNS server comes with the OS and can just be turned on if I need it).

Guest
This topic is now closed to further replies.

×
×
  • Create New...