Weird connectivity problems on Centos7 / DirectAdmin

sjaakfaal

Verified User
Joined
Feb 14, 2010
Messages
32
Hi,

I have a VPS with weird problems. Its a 2GB 1 core VPS from Transip with Centos7 and DirectAdmin pre-intstalled. On delivery; all was working fine.

No problems with:
- HTTP(S): i can get and post to Apache;
- SSH: i login (im using auth. keys to login);
- Directadmin in general;

Sometimes i have problems with updating:
- for example when i try to update custombuild; i says it cannot find custombuild.eu. When i try a second time it works;
- yum update; cannot find mirror .. trying another mirror .. and so on and so on ... eventually it works;
- command line "curl example.com" nothing happens for minute or so. When i try i again i see HTML source code of example;
- exim outbound (smtp): mails are queued or sent directly when i use PHP / PHPMailer;

Permanent problems with:
- exim inbound: i cannot receive emails. A few weeks ago; i could. When i email from Gmail to my server the email is always returned with error:
Delivery Status Notification (Failure) --> an in Dutch "message seems blocked" --> 550 Administrative prohibition.
Exim and rejectlog:
2020-02-09 09:37:50 H=mail-ot1-f41.google.com [209.85.210.41] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no rejected MAIL <xxxx@xxxxxxx.nl>
- sending out with for example Roundcube gives error always:
SMTP Error (550): Failed to set sender "xxxxxxx@xxxxx.org" (Administrative prohibition).

- yum-cron: /etc/cron.hourly/0yum-hourly.cron:
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64&infra=stock&content=centos error was
14: curl#35 - "Peer reports it experienced an internal error."
This all worked before.

I the past i installed fail2ban (disabled); CSF for DA (uninstalled). I also disabled NetworkManager.

There are no errors in /var/log/messages or exim log. I disabled all virtual hosts (4 others) in DirectAdmin except the one i use for testing.

Any help or suggestions would be very appreciated.
Many thanks.
 
Last edited:

jordivn

Verified User
Joined
Nov 4, 2016
Messages
52
Could it be your DNS sets? I also used transip but did an static config of my networkset including dnsservers of google (8.8.8.8 / 8.8.4.4).
 

sjaakfaal

Verified User
Joined
Feb 14, 2010
Messages
32
I changed the dnsservers (/etc/resolv.conf) tried 1.1.1.1, 8.8.8.8, 8.8.4.4 but no difference.
@ikkeben no it is a real transip VPS.
 

jordivn

Verified User
Joined
Nov 4, 2016
Messages
52
And if you shutdown the firewall?
Code:
systemctl stop firewalld
What happens if you ping the box and ping from the box (dig for example)?
 

sjaakfaal

Verified User
Joined
Feb 14, 2010
Messages
32
Code:
Warning: firewalld.service changed on disk. Run 'systemctl daemon-reload' to reload units.
First time curl example.com shows code; second time:

Code:
[root@ronald exim]# curl example.com
[root@ronald exim]#
Noting happens. Same problem.

Dig:


Code:
[root@ronald exim]# dig example.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26288
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com.            IN    A

;; ANSWER SECTION:
example.com.        65180    IN    A    93.184.216.34

;; AUTHORITY SECTION:
example.com.        65180    IN    NS    a.iana-servers.net.
example.com.        65180    IN    NS    b.iana-servers.net.

;; Query time: 1 msec
;; SERVER: 2a01:7c8:7000:195:0:8:195:8#53(2a01:7c8:7000:195:0:8:195:8)
;; WHEN: Mon Feb 10 14:18:41 CET 2020
;; MSG SIZE  rcvd: 104
Dig & ping no problems. Dig is sometimes a little slower.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,510
Location
Maastricht
Well that leaves your resolving issues with yum and curl. Hope you can fix those too.

You could try do to a "yum clean all", however, this would again not fix curl issues.
 

sjaakfaal

Verified User
Joined
Feb 14, 2010
Messages
32
It seems it is a IPV6 problem. Ping to a IPV6 address fails most of the times, IPV4 goes well
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,510
Location
Maastricht
The "I" here was ment generally. I was responding to you that you could disable it if you did not need it.
I know how to do it. :)

resolving a domainname based on IPV6 should be a standard procedure in a OS
On a OS maybe in the near future. I wouldn't know why on a shared server system. ;)
Heb die ongein zelfs in Windows 10 uitgeschakeld.
 

sjaakfaal

Verified User
Joined
Feb 14, 2010
Messages
32
I've edited:
- /usr/lib/sysctl.d//usr/lib/sysctl.d/
- executed: sysctl -p
- disabled ipv6 hosts in resolv.conf and added:

nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 8.8.4.4

- executed: sudo systemctl restart network

Server runs like a battleship!
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,510
Location
Maastricht
It's missing something. And I did not use /usr/lib/sysctl.d but /etc/sysctl.conf which is the recommended method.
I rather use the official guide:
which has some additional notes. You might have a look at it if you're interested.

But good to see things are fixed now.
 
Top