Skip to main content

postfix can't connect to MySQL

I got this error in syslog when postfix was trying to connect to MySQL:

Apr 13 17:34:53 webmail postfix/smtpd[6726]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Apr 13 17:34:53 webmail postfix/smtpd[6726]: NOQUEUE: reject: RCPT from rv-out-0506.google.com[209.85.198.233]: 451 4.3.0 : Temporary lookup failure; from= to= proto=ESMTP helo=

I got a reference to MySQL database in my main.cf which triggered the error:

local_recipient_maps = mysql:/etc/postfix/sql-recipients.cf

From the error it was obvious postfix couldn't connect to MySQL. Email from outside wouldn't be received properly by dbmail. I checked MySQL service and it was running and I could log into MySQL manually. I found a solution after googling a bit. The cause was in file /etc/postfix/master.cf. I got smtp service of postfix to run chroot'ed (see y below).

#service type private unpriv chroot wakeup maxproc command + args
smtp inet n - y - - smtpd

So I changed the line to:

#service type private unpriv chroot wakeup maxproc command + args
smtp inet n - n - - smtpd


Voila!. It worked. See log below:

Apr 13 18:03:02 webmail postfix/smtpd[7039]: connect from rv-out-0506.google.com[209.85.198.239]
Apr 13 18:03:03 webmail sqlgrey: grey: domain awl match: updating 209.85.198(209.85.198.239), gmail.com
Apr 13 18:03:03 webmail postfix/smtpd[7039]: B3246A3075: client=rv-out-0506.google.com[209.85.198.239]
Apr 13 18:03:04 webmail postfix/cleanup[7042]: B3246A3075: message-id=<23c8d5620904130314j7f4c619di57c7d8c0d217ed62@mail.gmail.com>
Apr 13 18:03:04 webmail postfix/qmgr[7033]: B3246A3075: from=, size=2277, nrcpt=1 (queue active)
Apr 13 18:03:05 webmail postfix/smtpd[7046]: connect from webmail.myfakedomain.net[127.0.0.1]
Apr 13 18:03:05 webmail postfix/smtpd[7046]: 26BBFA3076: client=rv-out-0506.google.com[209.85.198.239]
Apr 13 18:03:05 webmail postfix/cleanup[7042]: 26BBFA3076: message-id=<23c8d5620904130314j7f4c619di57c7d8c0d217ed62@mail.gmail.com>
Apr 13 18:03:05 webmail postfix/qmgr[7033]: 26BBFA3076: from=, size=2751, nrcpt=1 (queue active)
Apr 13 18:03:05 webmail postfix/smtpd[7046]: disconnect from webmail.myfakedomain.net[127.0.0.1]
Apr 13 18:03:05 webmail dbmail/lmtpd[20480]: Message:[serverchild] serverchild.c,PerformChildTask(+349): incoming connection from [127.0.0.1] by pid [20480]
Apr 13 18:03:05 webmail postfix/lmtp[7043]: B3246A3075: to=, relay=127.0.0.1[127.0.0.1]:10025, delay=2, delays=0.96/0.01/0/1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=01032-05, from MTA([127.0.0.1]:10026): 250 2.0.0 Ok: queued as 26BBFA3076)
Apr 13 18:03:05 webmail postfix/qmgr[7033]: B3246A3075: removed

Comments

Anonymous said…
In a Serverfault/Stackoverflow question I was reading, if you use the magical keyword "localhost" with mysql, it will try to use the socket file on the filesystem.

So, when I ran into this problem, I realized that postfix is in a chroot, and that probably makes it so it can't get to the socket.

So, I tried specifying "127.0.0.1" in the postfix config instead of 'localhost' and it worked.

I was hesitant to follow your post, because I did not know what security implications it had (does it take postfix out of the chroot? Water down the chroot? I don't know).
zamri said…
Thanks for the tip. This is like a easy workaround if you happen to bump into. Of course, running postfix chrooted is better in terms of security.

However, thanks anyway. I might look into it again and try your suggestion. Have fun.

Popular posts from this blog

mplayer-gui error : Error in skin config file

After installing mplayer-gui package, I can't start it.

$ gmplayer MPlayer 1.1-4.8 (C) 2000-2012 MPlayer Team mplayer: could not connect to socket mplayer: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Error in skin config file on line 6: PNG read error in /usr/share/mplayer/skins/default/main Config file processing error with skin 'default'
After googling a bit, I found out that it was due to the png files in dir /usr/share/mplayer/skins/default. This is the default skin directory. To fix this error, I have to install ImageMagick package because I want to use the convert program to convert all of the png files to format png24. Thus, cd /usr/share/mplayer/skins/default; for FILE in *.png ; do sudo convert $FILE -define png:format=png24 $FILE ; done
Rerun gmplayer and all should be fine.
Have fun!
UPDATE (02-10-2017)

It doesn't work on Ubuntu 16.04 (xenial) but there's a workaround here.

You can update your syst…

Moving your mysql database to another hard disk

Recently, my server's only hard disk was almost full. I bought a new hard disk with bigger size and I decided to just add it as a second hard disk. Since I need to move it to the 2nd hard disk, I need to find a proper way to move the db with minimum downtime. So I googled around and found a solution.
First, I needed to format the 2nd hard disk and I chose xfs as the filesystem. I created 2 partitions using Linux's fdisk for this task. First partition is 10 GB and 2nd one is around 900 GB. That's approximately added up to 1 TB. Then I mounted the 2nd partition in current partition eg /media/hd2 as follows:
mount -t xfs /dev/sdb5 /media/hd2
where /dev/sdb5 is the partition and /media/hd2 is the mounting dir.
Stop mysql db before doing anything:
service mysql stop
Afterthat, I copied the entire db to newly mounted hard disk:
cp -rv /var/lib/mysql /media/hd2
It will take a while if you have huge databases.
Then, change the ownership of the dir to user and group of mysql:
chown -R mysql:…

Transparent proxy with squid 2.6

I have upgraded my squid from 2.5 STABLE13 to 2.6 STABLE18. Transparent proxy is setup differently in this version. You need this directives in squid.conf (usually in /etc or /usr/local/etc or /usr/local/squid/etc, check with your distro).

acl our_networks src 192.168.2.0/24 127.0.0.1
http_access allow our_networks
http_port 192.168.2.1:3128 transparent
always_direct allow all

where 192.168.2.1 is your proxy server IP address.


If you have flushed your iptables, create new rule:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

where 3128 is the port where squid is running.
References:
http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy