Hi, I'm having some difficulties trying to get Amavisd to start on a fresh ISPConfig 3.1 installation (CentOS 7). I've tried to troubleshoot the issue to the best of my ability, but due to the lack of information provided (there are no logs written anywhere) I'm not sure where to look at this point. Output of "systemctl status amavisd.service": Code: Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled; vendor preset: disabled) Active: failed (Result: start-limit) since Sat 2016-08-06 05:40:43 CEST; 9min ago Docs: http://www.ijs.si/software/amavisd/#doc Process: 2216 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=13) Aug 06 05:40:43 web1.*.net systemd[1]: amavisd.service: control process exited, code=exited status=13 Aug 06 05:40:43 web1.*.net systemd[1]: Failed to start Amavisd-new is an interface between MTA and content checkers.. Aug 06 05:40:43 web1.*.net systemd[1]: Unit amavisd.service entered failed state. Aug 06 05:40:43 web1.*.net systemd[1]: amavisd.service failed. Aug 06 05:40:43 web1.*.net systemd[1]: amavisd.service holdoff time over, scheduling restart. Aug 06 05:40:43 web1.*.net systemd[1]: start request repeated too quickly for amavisd.service Aug 06 05:40:43 web1.*.net systemd[1]: Failed to start Amavisd-new is an interface between MTA and content checkers.. Aug 06 05:40:43 web1.*.net systemd[1]: Unit amavisd.service entered failed state. Aug 06 05:40:43 web1.*.net systemd[1]: amavisd.service failed. I am assuming that there's a configuration issue somewhere, however, I have not touched the configuration of amavisd at any point. Where should I look next?
Ok, I have found the cause which prevented amavisd from starting, however, it's a very strange one and introduces a new issue. It turns out that amavisd was working just fine all along. The reason why amavisd eventually stopped working was due to DKIM. When I remove all DKIM records (or comment them out in the config file), amavisd starts up flawlessly. With a DKIM record, it fails. The /etc/amavisd/amavisd.conf file looks like this after ISPConfig adds a DKIM key: Code: $enable_dkim_verification = 1; $enable_dkim_signing = 1; # load DKIM signing code $signed_header_fields{'received'} = 0; # turn off signing of Received @dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); 1; # insure a defined return dkim_key('*', 'default', '/var/lib/amavis/dkim/*.private'); Naturally I assumed it was because the dkim_key was added after the '1;' line, but even when I manually move the dkim_key line in front of it, amavisd still refuses to start. Only when I completely remove the dkim_key line, amavisd starts correctly. What in the world is going on?
Hi florian, Oh, no, I just filtered out the domain name when I posted it here. In reality there's an actual domain
Hi till, Yeah, I'll use something more clear in future posts Output of 'ls -al /var/lib/amavis': Code: total 4 drwxr-x--- 3 root root 17 Aug 5 21:04 . drwxr-xr-x. 44 root root 4096 Aug 8 04:47 .. drwxr-x--- 2 amavis root 69 Aug 8 06:23 dkim Output of 'ls -al /var/lib/': Code: total 24 drwxr-xr-x. 44 root root 4096 Aug 8 04:47 . drwxr-xr-x. 23 root root 4096 Aug 8 04:47 .. drwxr-xr-x. 2 root root 62 Aug 5 18:51 alternatives drwxr-x--- 3 root root 17 Aug 5 21:04 amavis drwxr-xr-x 2 root root 6 Mar 1 21:50 awstats drwxr-xr-x. 2 chrony chrony 18 Aug 8 15:03 chrony drwxr-xr-x 2 clamupdate clamupdate 74 Aug 8 14:48 clamav drwxr-xr-x 2 root root 6 Jun 10 2014 cs drwx------ 2 apache apache 6 Jul 18 17:30 dav drwxr-xr-x. 2 root root 6 Aug 2 18:05 dbus drwxr-xr-x. 2 root root 6 Aug 8 04:47 dhclient drwxr-xr-x. 2 root root 6 Aug 6 2015 dnsmasq drwxr-x--- 2 dovecot dovecot 60 Aug 8 04:47 dovecot drwxr-xr-x 2 root root 29 Aug 8 15:17 fail2ban drwxr-xr-x. 2 root root 6 Aug 12 2015 games drwxr-xr-x. 2 root root 6 Jun 23 19:19 initramfs drwxr-xr-x 3 root root 20 Aug 5 19:19 letsencrypt -rw-r--r-- 1 root root 1334 Aug 8 03:28 logrotate.status drwx------. 2 root root 6 Aug 5 17:13 machines drwxrwsr-x 6 root mailman 55 Aug 5 19:32 mailman drwxr-xr-x. 2 root root 36 Aug 5 18:59 misc drwxr-xr-x 8 mysql mysql 4096 Aug 8 04:47 mysql drwxr-xr-x 4 root root 43 Aug 5 19:13 net-snmp drwxr-xr-x. 2 root root 4096 Aug 8 04:47 NetworkManager drwxr-xr-x 2 ntp ntp 6 May 31 12:29 ntp drwxr-xr-x. 2 root root 6 Jun 10 2014 os-prober drwxr-xr-x 5 root root 108 Aug 5 19:13 pear drwxr-xr-x 5 root root 50 Aug 5 19:13 php drwxr-xr-x 2 root root 91 Aug 8 04:47 php5-fpm drwxr-xr-x 5 root root 43 Aug 5 19:22 phpMyAdmin drwxr-xr-x. 2 root root 26 Aug 5 17:13 plymouth drwxr-x---. 3 root polkitd 27 Aug 5 17:13 polkit-1 drwx------. 2 postfix root 66 Aug 8 05:26 postfix drwx------ 3 root root 73 Aug 8 03:29 rkhunter drwxrwx--- 4 root apache 30 Aug 5 19:38 roundcubemail drwx------ 2 rpc rpc 6 Jun 23 20:15 rpcbind drwxr-xr-x. 2 root root 4096 Aug 8 05:04 rpm drwxr-xr-x. 2 root root 6 Aug 5 19:32 rpm-state drwx------. 2 root root 28 Aug 5 17:24 rsyslog drwxr-xr-x 3 root root 21 Aug 5 18:53 spamassassin drwxr-xr-x 3 root root 18 Aug 5 19:38 squirrelmail drwxr-xr-x. 4 root root 33 Aug 2 18:15 stateless drwxr-xr-x. 4 root root 53 Aug 2 19:08 systemd drwx------. 2 tss tss 6 Nov 20 2015 tpm drwxr-xr-x. 7 root root 88 Aug 5 19:38 yum I am indeed running CentOS 7. Also, when I run a 'amavisd testkeys' command it reports success, but amavisd refuses to start nonetheless: Code: TESTING#1 [removed].org: default._domainkey.[removed].org => pass
Thank you florian, that's it! Amavisd now starts successfully. I just sent out a test email and it was DKIM signed! Is this a CentOS specific thing? It seems a bit silly that amavisd gave itself insufficient permissions/ownership by default, or better said perhaps, that it didn't change the ownership to itself for this directory.
Did you choose reconfigure services during the ispconfg-update? Can you post the output from grep -o "^amavis:\|^vscan:" /etc/passwd ?
