Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
We have a website hosted on Windows 2008 (SP2), running iis 7.0
One of the pages on our website, when submitted, will send an informational email to info#mywebdomain.com. The email is sent to the localhost smtp server on the same server that the website runs on. This had been working until December 10th and now it always fails.
As best I can tell, it looks like I need to remove mywebdomain.com from the smtp server's domain block list. However, I cannot figure out how to do that. I got as far as figuring out that the smtp server running under iis 7.0 is actually configured via the iis 6.0 manager. I expanded "local computer", right-clicked "SMTP Virtual Server #1" (the only one in the list) and selected Properties. I didn't see anything in any of the tabs which looked like it could be used to unblock a domain.
Any help would be greatly appreciated!!! Details below:
mywebdomain - substituted to keep this posting hopefully anonymous; but this domain is hosted on our server and is available on the internet
mwd3.mwd.local - again substituted for anonymity; but this is effectively localhost
From: postmaster#mwd3.mwd.local
To: webadmin#mywebdomain.com
Date: Mon, 10 Dec 2012 11:29:29 -0600
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01CDCE88DCFE2F9B00000001mwd3.mwd.local"
X-DSNContext: 7ce717b1 - 1196 - 00000002 - 00000000
Message-ID: <f69aZbLAX00000001#mwd3.mwd.local>
Subject: Delivery Status Notification (Failure)
This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail program.
--9B095B5ADSN=_01CDCE88DCFE2F9B00000001mwd3.mwd.local
Content-Type: text/plain; charset=unicode-1-1-utf-7
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
info#mywebdomain.com
--9B095B5ADSN=_01CDCE88DCFE2F9B00000001mwd3.mwd.local
Content-Type: message/delivery-status
Reporting-MTA: dns;mwd3.mwd.local
Received-From-MTA: dns;mwd3.mwd.local
Arrival-Date: Mon, 10 Dec 2012 11:29:25 -0600
Final-Recipient: rfc822;info#mywebdomain.com
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;551 Mailhost is on domain's block list (Mode: normal)
--9B095B5ADSN=_01CDCE88DCFE2F9B00000001mwd3.mwd.local
Content-Type: message/rfc822
Received: from mwd3.mwd.local ([127.0.0.1]) by mwd3.mwd.local with Microsoft SMTPSVC(7.0.6002.18222);
Mon, 10 Dec 2012 11:29:25 -0600
From: <webadmin#mywebdomain.com>
To: info#mywebdomain.com
Subject: Consumer Q & A
Date: Mon, 10 Dec 2012 11:29:25 -0600
Message-ID: <20121210-11292530-342c#mwd3.mwd.local>
MIME-Version: 1.0
Return-Path: webadmin#mywebdomain.com
X-OriginalArrivalTime: 10 Dec 2012 17:29:25.0305 (UTC) FILETIME=[E6549290:01CDD6FB]
The following information was submitted at 12/10/2012 11:29:25 AM from Consumer Q&A.
Body of the email
Gregg,
Thanks for your comment. I marked it as adding something useful to the post, since it wasn't an answer.
It took me a while to figure out how to get an SMTP transcript.
For others reading this post, here is how I did it. Adapt it to your own situation. I was able to stop/start the Virtual SMTP Server because the client gave me permission since it wasn't accomplishing the purpose it was setup for anyway.
Again, note that IIS 6 is used to administer the SMTP server even when you're running IIS 7.
Open up "Internet Information Services (IIS) 6.0 Manager
I found instructions in the Help menu to enable logging:
To enable logging that uses an ASCII text format
... Select the SMTP virtual server, and then click Properties on the Action menu.
On the General tab, select Enable logging.
In the Active log format drop-down menu, select a log format.
Click Properties, and then on the General tab, specify the New log schedule.
If you select Hourly, Daily, Weekly, or Monthly, a new log file is created at those intervals.
If you select Unlimited file size, only a single log file is created.
If you select When file size reaches, you can specify the maximum size of the log file and a new log file is created when the current log file reaches that size.
On the General tab, under Log file directory, specify the location where the log files will be stored.
If you have selected the World Wide Web Consortium (W3C) Extended Logging format, click the Advanced tab, and then select the extended logging options you want to track.
I set my logging destination to a new folder just to be sure it wouldn't get mixed up with other logging.
I turned on every option in the Advanced tab. Then I stopped and started the virtual server.
I sent an email using one of the website features which hadn't been working (Request Info)
When I tried to view the log, it said it was in use. So I stopped the Virtual SMTP Server, copied the contents of the log, and then started the Virtual SMTP Server again.
Effectively what I discovered is that the client was using mxlogic.net for spam filtering. He regularly contacts them when spam gets through their service. I suspect when he contacted them on December 10th they blocked his address instead of the offending spammer. But that is just speculation.
They acknowledged that his IP address was in a blocked IP range. They fixed it within a few minutes and the problem is now resolved.
You can see below in the transcript that the first OutboundConnectionResponse is initiating a conversation with an mxlogic.net server. The last line is a closing of the transmission channel with the mxlogic.net server. In between you can see a couple of messages stating, "551+Mailhost+is+on+domain's+block+list"
#Software: Microsoft Internet Information Services 7.0
#Version: 1.0
#Date: 2013-01-03 17:29:41
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-
win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)
2013-01-03 17:29:41 127.0.0.1 mwd3.mwd.local SMTPSVC1 MWD3 127.0.0.1 0 HELO - +mwd3.mwd.local 250 0 38 19 0 SMTP - - - -
2013-01-03 17:29:41 127.0.0.1 mwd3.mwd.local SMTPSVC1 MWD3 127.0.0.1 0 MAIL - +FROM:+<webadmin#mywebdomain.com> 250 0 45 33 0 SMTP - - - -
2013-01-03 17:29:41 127.0.0.1 mwd3.mwd.local SMTPSVC1 MWD3 127.0.0.1 0 RCPT - +TO:+<info#mywebdomain.com> 250 0 29 27 0 SMTP - - - -
2013-01-03 17:29:41 127.0.0.1 mwd3.mwd.local SMTPSVC1 MWD3 127.0.0.1 0 DATA - +<20130103-11294182-2d84#mwd3.mwd.local> 250 0 123 456 63 SMTP - - - -
2013-01-03 17:29:41 127.0.0.1 mwd3.mwd.local SMTPSVC1 MWD3 127.0.0.1 0 QUIT - mwd3.mwd.local 240 78 63 4 0 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionResponse SMTPSVC1 MWD3 - 25 - - 220+p02c12m113.mxlogic.net+ESMTP+mxl_mta-6.16.0-0+[4d461940.13484498.00-2360];+Thu,+03+Jan+2013+10:29:41+-0700+(MST);+NO+UCE,+INBOUND 0 0 133 0 47 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionCommand SMTPSVC1 MWD3 - 25 EHLO - mwd3.mwd.local 0 0 4 0 47 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionResponse SMTPSVC1 MWD3 - 25 - - 250-p02c12m113.mxlogic.net 0 0 26 0 63 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionCommand SMTPSVC1 MWD3 - 25 MAIL - FROM:<webadmin#mywebdomain.com> 0 0 4 0 63 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionResponse SMTPSVC1 MWD3 - 25 - - 250+Sender+Ok 0 0 13 0 94 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionCommand SMTPSVC1 MWD3 - 25 RCPT - TO:<info#mywebdomain.com> 0 0 4 0 94 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionResponse SMTPSVC1 MWD3 - 25 - - 551+Mailhost+is+on+domain's+block+list+(Mode:+normal) 0 0 53 0 188 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionCommand SMTPSVC1 MWD3 - 25 RSET - - 0 0 4 0 188 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionResponse SMTPSVC1 MWD3 - 25 - - 250+Reset+Ok 0 0 12 0 219 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionCommand SMTPSVC1 MWD3 - 25 RSET - - 0 0 4 0 266 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionResponse SMTPSVC1 MWD3 - 25 - - 250+Reset+Ok 0 0 12 0 297 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionCommand SMTPSVC1 MWD3 - 25 MAIL - FROM:<> 0 0 4 0 297 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionResponse SMTPSVC1 MWD3 - 25 - - 250+Sender+Ok 0 0 13 0 312 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionCommand SMTPSVC1 MWD3 - 25 RCPT - TO:<webadmin#mywebdomain.com> 0 0 4 0 312 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionResponse SMTPSVC1 MWD3 - 25 - - 551+Mailhost+is+on+domain's+block+list+(Mode:+normal) 0 0 53 0 406 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionCommand SMTPSVC1 MWD3 - 25 RSET - - 0 0 4 0 406 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionResponse SMTPSVC1 MWD3 - 25 - - 250+Reset+Ok 0 0 12 0 422 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionCommand SMTPSVC1 MWD3 - 25 QUIT - - 0 0 4 0 437 SMTP - - - -
2013-01-03 17:29:41 208.65.145.12 OutboundConnectionResponse SMTPSVC1 MWD3 - 25 - - 221+p02c12m113.mxlogic.net+Service+closing+transmission+channel+[13484498.00] 0 0 77 0 453 SMTP - - - -
Related
I'm facing a problem about GET logs of schema registry. When I check the log4j properties I see it is configured as log4j.appender.file.File=${schema-registry.log.dir}/schema-registry.log which is working as intended (log files are located under /confluent-7.0.1/logs/).
My problem is there are also files under /var/log/. It seems that they are recorded in seperate files from week to week.
-rw------- 1 root root 160273230 Jan 2 12:02 messages
-rw------- 1 root root 1831024355 Dec 18 03:10 messages-20221218
-rw------- 1 root root 706439179 Dec 25 03:07 messages-20221225
-rw------- 1 root root 1158507310 Jan 1 03:06 messages-20230101
Content of these files are like that:
Dec 25 03:15:09 server_name bash: [2022-12-25 03:15:09,995] INFO 192.168.181.21 - kafkauser [25/Dec/2022:00:15:09 +0000] "GET /subjects/TOPIC_NAME-key/versions/latest HTTP/1.1" 200 178 "-" "-" GETsT (io.confluent.rest-utils.requests:62)
Dec 25 03:15:10 server_name bash: [2022-12-25 03:15:10,018] INFO 192.168.181.21 - kafkauser [25/Dec/2022:00:15:10 +0000] "GET /subjects/TOPIC_NAME-value/versions/latest HTTP/1.1" 200 2197 "-" "-" GETsT (io.confluent.rest-utils.requests:62)
Dec 25 03:15:10 server_name bash: [2022-12-25 03:15:10,078] INFO 192.168.181.20 - kafkauser [25/Dec/2022:00:15:10 +0000] "GET /subjects/TOPIC_NAME-key/versions/latest HTTP/1.1" 200 178 "-" "-" GETsT (io.confluent.rest-utils.requests:62)
Dec 25 03:15:10 server_name bash: [2022-12-25 03:15:10,098] INFO 192.168.181.20 - kafkauser [25/Dec/2022:00:15:10 +0000] "GET /subjects/TOPIC_NAME-value/versions/latest HTTP/1.1" 200 2197 "-" "-" GETsT (io.confluent.rest-utils.requests:62)
Is this logging happening because of schema registry or is it just part of the Linux system? I mean, is it result of network logging or schema registry logging? Either way, how can I make it stop or configure to be recorded at somewhere else? Thanks in advance.
I assume you have installed Confluent Platform in a way that uses systemctl? If so, then yes, journalctl will write to /var/log/messages via the process's stdout/stderr logs.
You need to disable the ConsoleAppender in the log4j file to stop this.
My network environment is a follows. I have a Windows Server 2016 domain controller and a member server.
On the member server I have IIS and Visual Studio 2019 installed.
I created a webapi in VS2019 that writes data to a SQL server. I am using Postman for testing.
Everyting works fine when I runt postman on the member server and on the DC. However when I run postman from my workstation which is NOT a member of the domain I get error 500.
Below is a snipit from the IIS log.
192.168.100.222 is my DC
192.168.100.10 is my stand alone Windows 10 workstation.
2020-11-02 15:31:13 ::1 POST /api/SleepDiary sSleepGuy=guy2#there.com&sPilotName=Rick%20Doe 80 - ::1 PostmanRuntime/7.26.5 - 204 0 0 834
2020-11-02 15:31:52 192.168.100.223 POST /api/SleepDiary sSleepGuy=guy2#there.com&sPilotName=Rick%20Doe 80 - 192.168.100.222 PostmanRuntime/7.26.5 - 204 0 0 16
2020-11-02 15:32:14 192.168.100.223 POST /api/SleepDiary sSleepGuy=guy1#there.com&sPilotName=Rick%20Doe 80 - 192.168.100.10 PostmanRuntime/7.26.8 - 500 0 0 225
I think I am doing something wrong with HAProxy conf because my throughput drops to 25% in a real-world test done with HAProxy and one single AWS instance. Following is my relevant (extremely simple) configuration:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 20000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 30000
frontend localnodes
bind *:80
mode http
default_backend nodes
backend nodes
mode http
balance roundrobin
hash-type consistent
option httpchk /health
server w1 xx.xx.xx.xx:80 check id 1
I had enabled logging. A typical entry in log looks like this:
Dec 2 09:29:05 localhost haproxy[2782]: xx.xx.xx.xx:43908
[02/Dec/2016:09:29:05.940] localnodes nodes/w1 38/0/0/1/41 200 130 - -
---- 36/36/12/2/0 0/0 "GET /ep?key=123&message=XXQSYI HTTP/1.1" Dec 2 09:29:05 localhost haproxy[2782]: xx.xx.xx.xx:43920
[02/Dec/2016:09:29:05.941] localnodes nodes/web01 39/0/0/0/40 200 160
- - ---- 35/35/11/0/0 0/0 "GET /q1?key=123&val=123 HTTP/1.1" Dec 2 09:29:05 localhost haproxy[2782]: xx.xx.xx.xx:43933
[02/Dec/2016:09:29:05.955] localnodes nodes/web01 24/0/0/1/26 200 134
- - ---- 34/34/11/1/0 0/0 "GET /q1?key=123&val=123 HTTP/1.1"
My throughput is 25% of what a direct traffic to my instance would be. This is terrible performance. Am I doing something really wrong?
EDIT
Going down the log, some logs clearly show that time taken to reach server from HAProxy is too high
Dec 2 10:56:59 localhost haproxy[25988]: xx.xx.xx.xx:39789 [02/Dec/2016:10:56:58.729] main app/app1 0/0/1000/1/1002 200 449 - - ---- 13/13/13/7/0 0/0 "GET / HTTP/1.1"
Dec 2 10:56:59 localhost haproxy[25988]: xx.xx.xx.xx:39803 [02/Dec/2016:10:56:58.730] main app/app1 0/0/999/1/1000 200 377 - - ---- 12/12/12/7/0 0/0 "GET / HTTP/1.1"
Dec 2 10:56:59 localhost haproxy[25988]: xx.xx.xx.xx:39804 [02/Dec/2016:10:56:58.730] main app/app1 0/0/999/1/1000 200 277 - - ---- 11/11/11/7/0 0/0 "GET / HTTP/1.1"
From your log, most of your time is being spent connecting to the server. For example, you spend 1000, 999 and 999 milliseconds connecting. This may have to do with that you are closing the connection to the server immediately after each transaction by using option http-server-close. So, the TCP connection has to be re-established each time (if this is the same client between requests).
Overall, it looks like you're spending about 1 second per request, which doesn't sound horrible to me. What were you seeing before using HAProxy?
I have ran into an issue here that I can not seem to find a solutions for. I have a form that I am trying to deploy in IIS 7.5 and when I execute my script I get the following error...
Error Summary
HTTP Error 405.0 - Method Not Allowed
The page you are looking for cannot be displayed because an invalid method
(HTTP verb) is being used.
Detailed Error Information
Module StaticFileModule
Notification ExecuteRequestHandler
Handler StaticFile
Error Code 0x80070001
Requested URL http://localhost:80/Address.php
Physical Path C:\inetpub\wwwroot\Address.php
Logon Method Anonymous
Logon User Anonymous
I have tried everything under the sun. I have deleted the WebDavmodule....I have added the POST verb to the StaticFile Module....I have selected all verbs under the verbs tab. I have enabled the CGI.exe file...also I enabled the ISAPI module. I have read numerous articles on the issue and it seems a lot of people are having these issues and they didn't find a real fix for it. If there is any information someone could provide to help me get passed this I would be more than thankful. In addition, I checked the server log files. They are as follows...
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2015-04-08 13:33:24
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2015-04-08 13:33:24 ::1 GET /validation_data.js 233 80 - ::1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2272.118+Safari/537.36 200 0 0 171
2015-04-08 13:33:48 ::1 POST /Address.php - 80 - ::1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2272.118+Safari/537.36 405 0 1 3
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2015-04-08 13:48:12
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2015-04-08 13:48:12 ::1 GET /indv/ - 80 - ::1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2272.118+Safari/537.36 403 14 0 17
2015-04-08 13:48:54 ::1 GET /Address.html - 80 - ::1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2272.118+Safari/537.36 304 0 0 1
2015-04-08 13:48:54 ::1 GET /validation_data.js 341 80 - ::1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2272.118+Safari/537.36 200 0 0 25
2015-04-08 13:49:21 ::1 POST /Address.php - 80 - ::1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2272.118+Safari/537.36 405 0 1 2
2015-04-08 13:49:48 ::1 GET /validation_data.js 787 80 - ::1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2272.118+Safari/537.36 200 0 0 33
2015-04-08 13:50:12 ::1 POST /Address.php - 80 - ::1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2272.118+Safari/537.36 405 0 1 3
Ok. I am not getting the error anymore. This is what I did. I installed PHP Manger for IIS 7.5 64bit. After that I installed Visual C++ Redistributable for Visual Studio 2012 Update 4, which can be downloaded here http://www.microsoft.com/en-us/download/confirmation.aspx?id=30679!
For the life of me I cannot figure out how spammers are sendmail mail through my server with relaying off. I'm running Sendmail 8.14.7 on Slackware Linux 14.1. The spammers have not figured out a user's password and are therefore logging in first via SASL with AUTH LOGIN or I would see that in the log.
Heres an example from my logs, a spammer/bot from 182.234.55.47, off the top of someones head what would allow this? Any IP randomly in the world can do this, yet when I try it sendmail says "relaying denied...". I could not be more lost. I firewall them but it happens again an hour later from a different IP.
Feb 23 12:18:44 server sendmail[28315]: t1NHIIgY028315: <-- MAIL FROM: <re>
Feb 23 12:18:44 server sendmail[28315]: t1NHIIgY028315: --- 250 2.1.0 <re>... Sender ok
Feb 23 12:18:45 server sendmail[28315]: t1NHIIgY028315: <-- RCPT TO: <htucker566#gmail.com>
Feb 23 12:18:45 server sendmail[28315]: t1NHIIgY028315: --- 250 2.1.5 <htunhtunnaing.goldpot#gmail.com>... Recipient ok
Feb 23 12:18:47 server sendmail[28315]: t1NHIIgY028315: <-- DATA
Feb 23 12:18:47 server sendmail[28315]: t1NHIIgY028315: --- 354 Enter mail, end with "." on a line by itself
Feb 23 12:18:48 server sendmail[28315]: t1NHIIgY028315: from=<re>, size=496, class=0, nrcpts=5, msgid=<B3BE0AC12425C02A1FB8C9201EE5CB9E#jyvicegy>, proto=ESMTP, daemon=MTA, relay=host-47.55-234-182.cable.dynamic.kbtelecom.net [182.234.55.47]
Feb 23 12:18:48 central sendmail[28315]: t1NHIIgY028315: --- 250 2.0.0 t1NHIIgY028315 Message accepted for delivery