UPCP reports (& failing .forward file)

[friedmayofan]

Hi there fellow cpanellers,

So I've got 2 separate VPS's, running nearly ident environs. Auto updating to latest "RELEASE" tier I think. (11.42.0.21)

On my old server I always get daily an email like this: (where "my" is both domain and primary "super" user (aside from root):

From: Cron Daemon <[email protected]>
To: [email protected]
Subject: Cron <[email protected]> /usr/local/cpanel/scripts/upcp --cron


----------------------------------------------------------------------------------------------------
=> Log opened from cPanel Update (upcp) - Slave (21652) at Sun Feb 23 21:31:01 2014
[20140223.213101] ********Detected cron=1 (cron mode set from command line)
[20140223.213101] ********1% complete
[20140223.213101] ********Running Standardized hooks
[20140223.213102] ********2% complete
[20140223.213102] ********mtime on upcp is 1387431410 (Wed Dec 18 21:36:50 2013)
----------------------------------------------------------------------------------------------------
=> Log opened from /usr/local/cpanel/scripts/updatenow (21656) at Sun Feb 23 21:31:04 2014
[20140223.213104] ********Detected version '11.40.1.11' from version file.
[20140223.213104] ********Using mirror '72.233.42.250' for host 'httpupdate.cpanel.net'.
[20140223.213104] ********Target version set to '11.40.1.11'
[20140223.213104] ********Up to date (11.40.1.11)
=> Log closed Sun Feb 23 21:31:04 2014
[20140223.213104] ********17% complete
=> Log closed Sun Feb 23 21:31:04 2014
----------------------------------------------------------------------------------------------------
=> Log opened from /usr/local/cpanel/scripts/maintenance (21659) at Sun Feb 23 21:31:04 2014
[20140223.213104] ********21% complete

and it goes on like that for a long time. I use this report to cross reference other emails I get from the system to see if I indeed need to take one action or other. Unfortunately those too don't work on the new VPS… but that's another matter.


on the new VPS I get nothing, except for logwatch that I manually configured. I've tried messing around and going into cron and putting in emails and so on directly, and this has fixed some stuff, but putting the desired email in the UI in WHM just changes the .forward file if I'm not mistaken, and apparently that file has been ignored since this new VPS was setup. Even deleted and let system recreate, no luck. Also not getting csf emails of course, b/c that just seems to read the .forward file as well. I'll probably just put the correct address in csf manually. But, just in case someone has a new fix for .forward, that would be a bonus to solving the main problem of not getting the above quoted type emails on the new server.

To be clear, I want to be getting the UPCP reports quoted above on a server that is not sending them.

I think I tried most of the fixes suggested here: http://forums.cpanel.net/f5/what-does-mean-cpbackup-setting-i-o-priority-reduce-system-load-212772.html

my settings did seem to be a little different on the contact page. But I couldn't find the UPCP referenced directly, so it still doesn't make sense that page would be responsible. I've tested since.

Thanks so much,
f

 

[vanessa]

Go to WHM -> Basic cPanel & WHM Setup and set your email address as your contact email.

 

[cPanelMichael]

Hello

Yes, setup the contact address as mentioned by Vanessa in the previous post. Also, search /var/log/exim_mainlog for "root" to see if there are any details about the message. EX:

exigrep root /var/log/exim_mainlog

Thank you.

 

[friedmayofan]

Hi Vanessa, thanks, Yeah, I've updated all the stuff in the UI, sorry my edit to my post might have been buried in there or you had a cached copy.

So I previously looked at the logs with my VPS support. But now, I think we're closer. I don't remember this stuff showing up before so maybe half the problem was related to the UI fix Tristen originally mentioned in that linked thread.

Michael, this seems to be a relevant part. Thank you for having me look again! It looks like exim is failing to send the "message failed to send" message before actually sending the UPCP report?

2014-03-14 01:32:49 1WONVD-0007L1-H8 <= [email protected] U=root P=local S=22974 T="Cron <[email protected] 01:24:01 cwd=/root 2 args: /usr/sbin/exim -bpu

2014-03-14 01:30:03 cwd=/root 7 args: /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t

2014-03-14 01:32:49 1WONXt-000849-U3 <= <> R=1WONVD-0007L1-H8 U=mailnull P=local S=23839 T="Mail delivery failed: returning message to sender" for [email protected]
2014-03-14 01:32:50 1WONXt-000849-U3 remote host address is the local host: my.domain.com
2014-03-14 01:32:50 1WONXt-000849-U3 == [email protected] R=dkim_lookuphost defer (-1): remote host address is the local host
2014-03-14 01:32:50 1WONXt-000849-U3 ** [email protected]: retry timeout exceeded
2014-03-14 01:32:50 1WONXt-000849-U3 [email protected]: error ignored
2014-03-14 01:32:50 1WONXt-000849-U3 Completed

2014-03-14 01:32:49 1WONVD-0007L1-H8 <= [email protected] U=root P=local S=22974 T="Cron <[email protected]> /usr/local/cpanel/scripts/upcp --cron" for root
2014-03-14 01:32:49 1WONVD-0007L1-H8 remote host address is the local host: my.domain.com
2014-03-14 01:32:49 1WONVD-0007L1-H8 == [email protected] R=lookuphost defer (-1): remote host address is the local host
2014-03-14 01:32:49 1WONVD-0007L1-H8 ** [email protected]: retry timeout exceeded
2014-03-14 01:32:50 1WONVD-0007L1-H8 Completed

Here is a whole block show that it just loops in this manner for mysql report from csf:
(this starts right after the above

2014-03-14 01:36:14 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t

2014-03-14 01:36:14 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t

2014-03-14 01:36:14 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t

2014-03-14 01:36:14 1WONbC-00086c-1g <= [email protected] U=root P=local S=5414 T="lfd on my.domain.com: Suspicious process running under user ntp" for root
2014-03-14 01:36:14 1WONbC-00086c-1g remote host address is the local host: my.domain.com
2014-03-14 01:36:14 1WONbC-00086c-1g == [email protected] R=lookuphost defer (-1): remote host address is the local host
2014-03-14 01:36:14 1WONbC-00086c-1g ** [email protected]: retry timeout exceeded
2014-03-14 01:36:14 1WONbC-00086c-1g Completed

2014-03-14 01:36:14 1WONbC-00086m-5a <= <> R=1WONbC-00086c-1g U=mailnull P=local S=6279 T="Mail delivery failed: returning message to sender" for [email protected]
2014-03-14 01:36:14 1WONbC-00086m-5a remote host address is the local host: my.domain.com
2014-03-14 01:36:14 1WONbC-00086m-5a == [email protected] R=dkim_lookuphost defer (-1): remote host address is the local host
2014-03-14 01:36:14 1WONbC-00086m-5a ** [email protected]: retry timeout exceeded
2014-03-14 01:36:14 1WONbC-00086m-5a [email protected]: error ignored
2014-03-14 01:36:14 1WONbC-00086m-5a Completed

2014-03-14 01:36:14 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t

2014-03-14 01:36:14 1WONbC-00086i-4L <= [email protected] U=root P=local S=9001 T="lfd on my.domain.com: Suspicious process running under user dovenull" for root
2014-03-14 01:36:14 1WONbC-00086i-4L remote host address is the local host: my.domain.com
2014-03-14 01:36:14 1WONbC-00086i-4L == [email protected] R=lookuphost defer (-1): remote host address is the local host
2014-03-14 01:36:14 1WONbC-00086i-4L ** [email protected]: retry timeout exceeded
2014-03-14 01:36:14 1WONbC-00086i-4L Completed

2014-03-14 01:36:14 1WONbC-00086x-7u <= <> R=1WONbC-00086i-4L U=mailnull P=local S=9866 T="Mail delivery failed: returning message to sender" for [email protected]
2014-03-14 01:36:14 1WONbC-00086x-7u remote host address is the local host: my.domain.com
2014-03-14 01:36:14 1WONbC-00086x-7u == [email protected] R=dkim_lookuphost defer (-1): remote host address is the local host
2014-03-14 01:36:14 1WONbC-00086x-7u ** [email protected]: retry timeout exceeded
2014-03-14 01:36:14 1WONbC-00086x-7u [email protected]: error ignored
2014-03-14 01:36:14 1WONbC-00086x-7u Completed

and it goes on like that for another 60 lines or so 40 minutes past, and it starts again like above with lfd (csf) reporting. I've attached a file with those, but it's basically a lot of the same.

I'm currently working with this search criteria "exim remote host address is the local host:"
Could be an MX issue according to some posts… called away for something else atm unfortunately.

Edit: on the primary domain there was a blank MX entry with priority 10. I deleted it. But still same failure messages as above.

 

[cPanelMichael]

The error messages you provided typically indicate an issue with the DNS of the domain name, email routing, or the entry in /etc/localdomains or /etc/remotedomains. Feel free to open a support ticket so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[friedmayofan]

The error messages you provided typically indicate an issue with the DNS of the domain name, email routing, or the entry in /etc/localdomains or /etc/remotedomains. Feel free to open a support ticket so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

That was the fix! Thank you!

There was an entry in /etc/localdomains for some reason that was bad! remotedomains was empty. I saw that entry in the UI this morning under IP address Assignment, it was bound to the main server dedicated IP address (the unshared one) as linux.hostvps.com, and it should have been my.hostvps.com! Thanks so much for getting me there Michael. I would have probably tried to re-open a ticket with my host asking them if that was a new standard for them… apparently their auto-creation messed things up, or this was a bug in some part of cpanel setup/migration. I have no idea.

I did a couple other things like restart various services, DNS cleanup. used MXtoolbox and that pointed me to a poor DNS refresh & expire time then reported that it couldn't connect via http. so I pinged the domain from command line and indeed it didn't connect. Which was weird, because I had previously visited the front-end in a browser.

So it looks like all is well, and getting LFD alerts now too of course since it was the same issue.

Let me know if you're interested in looking at this further to determine why that happened, I'd be happy to help, open issues, etc.. Of course it's on to 11.42 for release tier now, and I think the actual creation of this VPS was two times under 11.40.

Thanks again,
f

 

[cPanelMichael]

I am happy to see the issue is now resolved. It's possible the hostname was not setup correctly when the server was setup. Let us know if you encounter any additional issues.

Thank you.