Failed to connect to socket /com/ubuntu/upstart: Cannot allocate memory

14 posts / 0 new
Topic locked
Last post
#1 Mon, 11/28/2011 - 09:02
pass

Failed to connect to socket /com/ubuntu/upstart: Cannot allocate memory

I cannot do a reboot: I get the error ' Failed to connect to socket /com/ubuntu/upstart: Cannot allocate memory' each time.

How does one determine the cause of this?

Mon, 11/28/2011 - 10:04
andreychek

Howdy,

It sounds like you may be dealing with memory problems there... what is the output of this command:

free -m

Mon, 11/28/2011 - 10:10
pass

It is is better than the other server, which is running well:

free -m
             total       used       free     shared    buffers     cached
Mem:          1024        747        276          0          0          0
-/+ buffers/cache:        747        276
Swap:         1024          1       1022
Mon, 11/28/2011 - 11:31
pass

So it seems that Postfix has been spewing spam like crazy, and this is eating all of my available memory. What can I do here? I have no logged in users, no mail in the queue, but 20K messages!!

Mon, 11/28/2011 - 11:58
andreychek

Hmm, what do you mean by 20k messages? Where are you seeing that number?

It's really unusual for Postfix to send a large number of messages without any appearing in the mail queue.

-Eric

Mon, 11/28/2011 - 12:10
pass

I know - but I flushed the mail queue, which reported 19621 messages:

postsuper -d ALL

Webmin showed zero.

Mon, 11/28/2011 - 12:12
pass

My concern is that somehow, on a system that has nothing other than the base OS + virtualmin, someone was able to make use of the resources.

Mon, 11/28/2011 - 12:33
andreychek

Well, if you see anything like that again -- what I'd suggest doing before deleting all those is to actually view one -- look at the full headers, as well as the message body -- as the emails in your mail queue contain the info you need in order to discover their origin.

You'd be able to determine what email account they originated from, and typically whether they were sent from a web app, or directly via Postfix.

Without a copy of any of those messages, it'd be difficult to determine their cause. The best you can do is review your mail logs for any activity during the time you were experiencing the problem, as well as review the web apps you have installed on your server, and make sure they're all up to date.

-Eric

Mon, 11/28/2011 - 12:37
pass

Here are the last two of them:

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 1A247103F405C 1845 Mon Nov 28 18:54:56 MAILER-DAEMON (host mail.sponsoremail.com[46.105.165.165] said: 450 4.7.1 <test@sponsoremail.cto RCPT TO command)) test@sponsoremail.com

F37CC103F414C 5988 Mon Nov 28 18:55:11 MAILER-DAEMON (host mail.sponsoremail.com[46.105.165.165] said: 450 4.7.1 <test@sponsoremail.cto RCPT TO command)) test@sponsoremail.com

I have no web apps installed at all.

Mon, 11/28/2011 - 12:42
pass

And:

Received: from [xxx.xxx.xxx.xxx] by usfamily.net

       (USFamily MTA v5/:PHRlc3RAc3BvbnNvcmVtYWlsLmNvbT48YW5nZWxtYXJnaWVAdXNmYW1pbHkubmV0Pg--)
       with SMTP id <20111123000740002984700014> for <angelmargie@usfamily.net>;
       Wed, 23 Nov 2011 00:07:40 -0600 (CST)
       (envelope-from test@sponsoremail.com)

Received: from User (203-113-207-177-static.TCS.netspace.net.au [203.113.207.177]) by MY.DOMAINNAME.HERE (Postfix) with ESMTPA id C1EFE103F562E; Tue, 22 Nov 2011 20:10:49 +0100 (CET) Reply-To: metro.bank@asia.com From: "Isabelle L. Taylor (Mrs)"test@sponsoremail.com Subject: ANTI-FRAUD UNIT. X-Source-Date: Wed, 23 Nov 2011 06:06:33 +1100 Date: Wed, 23 Nov 2011 00:07:40 -0600 (CST) MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 WORLD BANK GROUP GENEVA Working Together For A FRAUD FREE Society Email:metro.bank@asia.com Divisional Head Isabelle L. Taylor (Mrs) ANTI FRAUD UNIT.   Attn:Beneficiary   This is to officially notify you that the underlisted Bank has been mandated to finally approve and release your long awaited fund to you as the beneficiary. The World Bank and the International Monetary Fund (IMF) in our first quater general meeting held in Geneva January 2011 released to the below Bank over (FIVE BILLION UNITEDSTATES DOLLARS) to settle all outstanding payment (DEPT) emanating from Contract payments,Inherittance,Lotto Winning, Compensation and many others to qualified beneificiaries which you happen to be among.   If you are interested in your claim, urgently contact this bank reconfirming the following to them.And do ensure that you stop any further communication with any individual or organization henceforth regarding your payment as Meto Bank has been given the sole mandate for this programme.   YOUR FULL NAMES CONTACT ADDRESS WORKING PHONE/FAX NUMBERS YOUR EXPECTED AMOUNT IDENTIFICATION.   Contact Person:George S.K. Ty Metro Bank of (Asia) Philippines Metro bank Plaza Sen. Gil Puyat Avenue Makati City 1200, Philippines Website:www.metrobank.com.ph Email:metro.bank@asia.com   Regards Isabelle L. Taylor (Mrs)  

Mon, 11/28/2011 - 13:00
andreychek

So, you can use the information in that email you posted in order to determine the cause.

This line here may help you determine it:

Received: from User (203-113-207-177-static.TCS.netspace.net.au [203.113.207.177])
       by MY.DOMAINNAME.HERE (Postfix) with ESMTPA id C1EFE103F562E;
       Tue, 22 Nov 2011 20:10:49 +0100 (CET)

The "User" specified there, as well as the IP address following that, are likely the culprit.

That username may have had it's password compromised. So, I'd change the password of the user "User", and you might consider blocking that IP address at your firewall.

-Eric

Mon, 11/28/2011 - 13:17
pass

The thing is - I never created the user User - that is the actual name!

Mon, 11/28/2011 - 14:21
andreychek

What output do you receive if you run the command postconf -n?

Also, just to rule out this as a possibility, you may want to run an open relay test on your server... there's a number of ways to do that, including this site here:

http://www.abuse.net/relay.html

Mon, 11/28/2011 - 14:29
pass
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mydestination = localhost.localdomain, MY.DOMAINNAME.COM, localhost.DOMAINNAME.COM, localhost
myhostname = MY.DOMAINNAME.COM
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual

Relay test result All tests performed, no relays accepted.

Topic locked