Don Russell wrote:
Paul Howarth wrote:
Don Russell wrote:
On 4/4/2006 4:29 AM, Paul Howarth wrote:
Don Russell wrote:
I'm using FC5 and have the "nightly yum update" turned on.
My FC5 box runs a mail server.
Yesterday, there were no problems.
Today, I can't send mail from PCs on the network... the Thunderbird
client
says "Connected to 10...." and eventuaally times out.
From external machines I can telnet to port 25 and it takes anywhere
from
40-80 seconds to get a reply from the server.
If I'm on the same machine as the server, the connection is
immediate.
That tells me it is not smtp that's slow, but something relating to
external connections.
I have not changed any configurations... but with the nightly
updates,
what could account for introducing such a delay?
I'm thinking somethin like it's trying to a reverse dns look up to
check
the address connecting, and that's taking a long time?
Any ideas/suggestions?
Check that your nsswitch.conf has an appropriate hosts entry.
hmmm, I don't know what's "appropriate". :-(
The nsswitch.conf file looks pretty generic... the "hosts" line says:
hosts: files dns
That looks OK.
Guessing, I changed that to
hosts: files dns [NOTFOUND=return]
then "service network restart"
but that had no effect...
hmmm, do I need to have my PCs listed in /etc/hosts ?
No. Sendmail needs to look up MX records, which it can't get from a
hosts file anyway.
So why does the host line say "files dns" and not just "dns"? (Off
track... I'm just curious)
sendmail is only one of the programs that needs to look up hosts, and
its requirements are a little unusual (needing to look up MX records
before A records). Most applications only need the A records, which can
effectively be supplied by the hosts file.
Regardless... if sendmail is looking for an MX recod to be associated
with the sender address for me, it likely won't find one.
Mail servers fall back to A records in the absence of MX records.
But, that is
nothing new... I use DynDNS to map a name to my ISP IP address and run a
mail server at home.
Which should be fine.
If so, that means something changed because this was all working fine the
other day... could a "nightly yum" have wiped out my /etc/hosts file?
Which new packages were installed on the night in question? (check
/var/log/yum.log)
hmm, tons of stuff... I actually went back a day or to prior...
Mar 29 20:56:48 Updated: libselinux-devel.i386 1.30-1.fc5
Mar 29 20:57:25 Installed: kernel.i686 2.6.16-1.2080_FC5
Mar 29 20:57:30 Updated: libselinux.i386 1.30-1.fc5
Mar 29 20:57:32 Updated: libsemanage.i386 1.6-1.fc5
Mar 29 20:57:32 Updated: libselinux-python.i386 1.30-1.fc5
Mar 29 20:57:34 Updated: policycoreutils.i386 1.30.1-2.fc5
Mar 29 20:57:35 Updated: libsetrans.i386 0.1.20-1.fc5
Mar 29 20:57:41 Updated: selinux-policy.noarch 2.2.25-2.fc5
Mar 29 20:57:51 Updated: selinux-policy-targeted.noarch 2.2.25-2.fc5
> Mar 29 20:57:55 Erased: iiimf-libs
Mar 31 04:25:26 Updated: samba-common.i386 3.0.22-1.fc5
Mar 31 04:25:36 Updated: mrtg.i386 2.13.2-0.fc5.1
Mar 31 04:25:59 Updated: samba.i386 3.0.22-1.fc5
Mar 31 04:26:01 Updated: wpa_supplicant.i386 1:0.4.8-6.fc5
Mar 31 04:26:04 Updated: samba-client.i386 3.0.22-1.fc5
Apr 01 04:13:08 Updated: koffice-core.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:13:13 Updated: koffice-karbon.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:13:18 Updated: koffice-filters.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:13:24 Updated: koffice-kspread.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:13:27 Updated: koffice-kplato.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:13:43 Updated: koffice-kivio.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:13:51 Updated: koffice-kpresenter.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:13:54 Updated: koffice-kugar.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:13:57 Updated: koffice-kchart.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:14:04 Updated: koffice-kword.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:14:06 Updated: koffice-kformula.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:14:09 Updated: yumex.noarch 0.99.15-1.0.fc5
Apr 01 04:14:21 Updated: koffice-krita.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:14:28 Updated: koffice-kexi.i386 1.5.0-0.1.rc1.fc5
Apr 01 04:14:28 Updated: koffice-suite.i386 1.5.0-0.1.rc1.fc5
Apr 02 05:40:51 Updated: dia.i386 1:0.94-21
Apr 03 14:51:59 Updated: policycoreutils.i386 1.30.1-3.fc5
Nothing particularly stands out from that list.
Note: This policycoreutils update was done AFTER I discovered the
problem...
FYI: I run SELinux in permissive mode... so, I supose even if this is
some sort of SE issue, it should be transparent and show up as a
violation warning in my Logwatch report...
I don't think all avcs get reported by logwatch but you're right that
SELinux should be the issue in permissive mode.
Check that /etc/resolv.conf points to nameservers that are working.
Try using "dig" to check them out, e.g.
$ dig @first.name.server -x 212.56.100.58
See how long the lookups take.
I tried several times with the two dns addresses in /etc/resolv.conf
and
the longest query time was 180mSec, the shortest was 25mSec.
However, I also tried dig @dns-server - x 10.10.10.13
(the 10. address is my PC that tries to connect to my mail server at
10.10.10.250)
That timed out after 15 seconds.... expected, but far short of the
delay I
see when I "telnet 10.10.10.250 25" from 10.10.10.13
Actually it's curious that you get a timeout rather than an "NXDOMAIN"
response for a "dig -x 10.10.10.13".
See my other post where I notice my router firewall is blocking udp port
1078 coming from the DNS server. I have no idea why I'm getting udp 1078
traffic from a DNS server... but I'm not a DNS expert...
FWIW.. I also notice a slow down in connecting to this machine via ssh.
i.e. from an ssh client on 10.10.10.13 on Windows XP, ssh'ing to
10.10.10.250 (where my mail server is) takes longer to respond with the
password prompt than it used to.... so something is going on there too.
Thanks... I appreciate the tips.... :-)
Nothing much obvious here unfortunately. Can you check that your
system's hostname is set correctly, and that /etc/hosts has the right
name and address for your host and also localhost?
Paul.
