The update went through as usual yesterday night. I had two new emails from this morning in my inbox. When i wasnt getting an Email i was waiting for i checked the logs. mail2 postfix/smtpd[684]: NOQUEUE: reject: RCPT from a6-21.smtp-out.eu-west-1.amazonses.com[54.240.6.21]: 451 4.3.5 <[email protected]>: Recipient address rejected: Server configuration problem; Could not find a howto revert back from the backups made during installation, could someone please point me to the correct steps? Thanks.
I have seen Amazonses.com sending via TLSv1 and TLSv1.1 that is now blocked in 3.2, see if this helps you: https://www.howtoforge.com/community/threads/postfix-tlsv1-and-tlsv1-1-needed.85375/
I moved your thread to the ISPConfig 3 forum board. Did you reconfigure services when upgrading? If not, run the update again and choose to reconfigure services: Code: cd /tmp wget https://www.ispconfig.org/downloads/ISPConfig-3.2.tar.gz tar xvfz ISPConfig-3.2.tar.gz cd ispconfig3_install/install php -q update.php Check your mail.log aswell to see if there are any hints that point you to a potential issue. If you share your master.cf and main.cf of postfix we can check that aswell. It is possible to go back to the previous situation (before upgrading), a backup of the /etc and /usr/local/ispconfig directory is made on upgrade in /var/backup. But it's better to fix the issue instead of just reverting and using a outdated setup.
TLSv1 and TLSv1.1 are still enabled for Postfix as disabling it caused several issues like this. It could be a cipher issue though, will discuss this with the devs.
Yes! Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: no Checking ISPConfig database .. OK Starting incremental database update. Loading SQL patch file: /tmp/ispconfig3_install/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: Reconfigure Services? (yes,no,selected) [yes]: yes Configuring Postfix Configuring Dovecot Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring Database Updating ISPConfig ISPConfig Port [5151]: Create new ISPConfig SSL certificate (yes,no) [no]: chattr: Permission denied while setting flags on /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Update finished.
do not see anything relevant master.cf Code: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o smtp_bind_address= 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o milter_default_action=accept -o milter_macro_daemon_name=ORIGINATING -o disable_dns_lookups=yes
main.cf Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination myhostname = mail2.REMOVED.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = mail2.REMOVED.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfi$ smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps$ smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo,$ smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_acce$ smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, reject_rbl_client zen.spamhaus.org, permit_sasl_authenticated, reject_unauth_pipelining , permit smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = lmtp:unix:private/dovecot-lmtp header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = dane smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = lmtp:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES25$ tls_preempt_cipherlist = no address_verify_negative_refresh_time = 60s enable_original_recipient = no smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS address_verify_sender_ttl = 15686s smtp_dns_support_level = dnssec
I see you did not make a backup, so going back is not possible. Did you run the update as root / sudo? You could try the cipher fix from the thread mentioned earlier.
I found that i had a template for in conf-custom and removed it, did a reinstall and now i am seeing allot of warnings in mail.log Code: Oct 20 09:30:14 mail2 postfix/smtpd[1036]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:30:14 mail2 postfix/smtpd[1036]: fatal: no SASL authentication mechanisms Oct 20 09:30:14 mail2 postfix/smtpd[1037]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:30:14 mail2 postfix/smtpd[1035]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:30:14 mail2 postfix/smtpd[1035]: fatal: no SASL authentication mechanisms Oct 20 09:30:14 mail2 postfix/smtpd[1037]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:30:14 mail2 postfix/smtpd[1037]: fatal: no SASL authentication mechanisms Oct 20 09:30:14 mail2 postfix/smtpd[1038]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:30:14 mail2 postfix/smtpd[1039]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:30:14 mail2 postfix/smtpd[1039]: connect from localhost[127.0.0.1] Oct 20 09:30:14 mail2 postfix/smtpd[1039]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:30:14 mail2 postfix/smtpd[1039]: fatal: no SASL authentication mechanisms Oct 20 09:30:14 mail2 postfix/smtpd[1040]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:30:14 mail2 postfix/smtpd[1041]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:30:14 mail2 postfix/smtpd[1042]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:30:14 mail2 postfix/smtpd[1040]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:30:14 mail2 postfix/smtpd[1040]: fatal: no SASL authentication mechanisms Oct 20 09:30:14 mail2 postfix/smtpd[1043]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:30:14 mail2 postfix/smtpd[1041]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:30:14 mail2 postfix/smtpd[1041]: fatal: no SASL authentication mechanisms Oct 20 09:30:14 mail2 postfix/smtpd[1043]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:30:14 mail2 postfix/smtpd[1043]: fatal: no SASL authentication mechanisms Oct 20 09:30:14 mail2 postfix/smtpd[1044]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:30:14 mail2 postfix/smtpd[1042]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:30:14 mail2 postfix/smtpd[1042]: fatal: no SASL authentication mechanisms Oct 20 09:30:14 mail2 postfix/smtpd[1044]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:30:14 mail2 postfix/smtpd[1044]: fatal: no SASL authentication mechanisms Oct 20 09:30:15 mail2 postfix/smtpd[1038]: connect from mysrv1.lyonreflections.com[54.38.107.129] Oct 20 09:30:15 mail2 postfix/smtpd[1038]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:30:15 mail2 postfix/smtpd[1038]: fatal: no SASL authentication mechanisms Oct 20 09:30:15 mail2 postfix/master[504]: warning: process /usr/lib/postfix/sbin/smtpd pid 1013 exit status 1 Oct 20 09:30:15 mail2 postfix/master[504]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling Oct 20 09:30:15 mail2 postfix/master[504]: warning: process /usr/lib/postfix/sbin/smtpd pid 1016 exit status 1 Oct 20 09:30:15 mail2 postfix/master[504]: warning: process /usr/lib/postfix/sbin/smtpd pid 1015 exit status 1
also Code: Oct 20 09:33:19 mail2 postfix/master[504]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Did you reconfigure all services? Most importantly Postfix and Dovecot. Can you share your updated config files?
libsasl2-modules is already the newest version (2.1.27~101-g0780600+dfsg-3ubuntu2.1). libsasl2-modules set to manually installed. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Yes, i did reconfigure ALL Services again, as always. I do not ever reconfigure Permissions in master Database, might that be a problem? Just a single server here. I just rebooted into the same errors and running another fresh update. Code: php -q update.php -------------------------------------------------------------------------------- _____ ___________ _____ __ _ ____ |_ _/ ___| ___ \ / __ \ / _(_) /__ \ | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ / | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \ \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/ __/ | |___/ -------------------------------------------------------------------------------- >> Update Operating System: Ubuntu 18.04.5 LTS (Bionic Beaver) This application will update ISPConfig 3 on your server. Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: no Checking ISPConfig database .. OK Starting incremental database update. Loading SQL patch file: /tmp/ispconfig3_install/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: Reconfigure Services? (yes,no,selected) [yes]: yes Configuring Postfix postalias: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol postmap: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol postmap: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Configuring Dovecot Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring Database Updating ISPConfig ISPConfig Port [5151]: Create new ISPConfig SSL certificate (yes,no) [no]: chattr: Permission denied while setting flags on /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter Reconfigure Crontab? (yes,no) [yes]: yes Updating Crontab Restarting services ... Update finished. Code: Oct 20 09:47:59 mail2 postfix/qmgr[2400]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:47:59 mail2 postfix/proxymap[2402]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:48:00 mail2 amavis[2421]: starting. /usr/sbin/amavisd-new at localhost amavisd-new-2.11.0 (20160426), Unicode aware, LC_ALL="C", LANG="C.UTF-8" Oct 20 09:48:00 mail2 amavis[2427]: Net::Server: Group Not Defined. Defaulting to EGID '120 120' Oct 20 09:48:00 mail2 amavis[2427]: Net::Server: User Not Defined. Defaulting to EUID '115' Oct 20 09:48:00 mail2 amavis[2427]: No $altermime, not using it Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .lrz, tried: lrzip -q -k -d -o -, lrzcat -q -k Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .lz4, tried: lz4c -d Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .rpm, tried: rpm2cpio.pl, rpm2cpio Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .zoo, tried: zoo Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .doc, tried: ripole Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .zip, tried: 7za, 7z Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .kmz, tried: 7za, 7z Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .jar, tried: 7z Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .swf, tried: 7z Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .lha, tried: 7z Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .iso, tried: 7z Oct 20 09:48:00 mail2 amavis[2427]: No ext program for .rpm, tried: 7z Oct 20 09:48:00 mail2 amavis[2427]: No decoder for .F Oct 20 09:48:00 mail2 amavis[2427]: No decoder for .doc Oct 20 09:48:00 mail2 amavis[2427]: No decoder for .iso Oct 20 09:48:00 mail2 amavis[2427]: No decoder for .jar Oct 20 09:48:00 mail2 amavis[2427]: No decoder for .lha Oct 20 09:48:00 mail2 amavis[2427]: No decoder for .lrz Oct 20 09:48:00 mail2 amavis[2427]: No decoder for .lz4 Oct 20 09:48:00 mail2 amavis[2427]: No decoder for .rpm Oct 20 09:48:00 mail2 amavis[2427]: No decoder for .swf Oct 20 09:48:00 mail2 amavis[2427]: No decoder for .zoo Oct 20 09:48:00 mail2 amavis[2427]: Using primary internal av scanner code for ClamAV-clamd Oct 20 09:48:00 mail2 amavis[2427]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan Oct 20 09:48:01 mail2 dovecot: master: Error: socket() failed: Address family not supported by protocol Oct 20 09:48:01 mail2 dovecot: master: Error: service(pop3-login): listen([::], 110) failed: Address family not supported by protocol Oct 20 09:48:01 mail2 dovecot: master: Error: socket() failed: Address family not supported by protocol Oct 20 09:48:01 mail2 dovecot: master: Error: service(pop3-login): listen([::], 995) failed: Address family not supported by protocol Oct 20 09:48:01 mail2 dovecot: master: Error: socket() failed: Address family not supported by protocol Oct 20 09:48:01 mail2 dovecot: master: Error: service(imap-login): listen([::], 143) failed: Address family not supported by protocol Oct 20 09:48:01 mail2 dovecot: master: Error: socket() failed: Address family not supported by protocol Oct 20 09:48:01 mail2 dovecot: master: Error: service(imap-login): listen([::], 993) failed: Address family not supported by protocol Oct 20 09:48:01 mail2 dovecot: master: Fatal: Failed to start listeners Oct 20 09:48:01 mail2 postfix/smtpd[2486]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:48:01 mail2 postfix/tlsmgr[2487]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:48:01 mail2 postfix/anvil[2489]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:48:01 mail2 postfix/smtpd[2486]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:48:01 mail2 postfix/smtpd[2486]: fatal: no SASL authentication mechanisms Oct 20 09:48:02 mail2 postfix/smtpd[2511]: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol Oct 20 09:48:02 mail2 postfix/smtpd[2511]: warning: SASL: Connect to private/auth failed: Connection refused Oct 20 09:48:02 mail2 postfix/smtpd[2511]: fatal: no SASL authentication mechanisms Oct 20 09:48:02 mail2 postfix/master[2396]: warning: process /usr/lib/postfix/sbin/smtpd pid 2486 exit status 1 Oct 20 09:48:02 mail2 postfix/master[2396]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling Oct 20 09:48:03 mail2 postfix/master[2396]: warning: process /usr/lib/postfix/sbin/smtpd pid 2511 exit status 1
master.cf Code: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce efer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o smtp_bind_address= 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o milter_default_action=accept -o milter_macro_daemon_name=ORIGINATING -o disable_dns_lookups=yes
main.cf Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination myhostname = mail2.REMOVED.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = mail2.REMOVED.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfi$ smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps$ smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo,$ smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_acce$ smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, reject_rbl_client zen.spamhaus.org, permit_sasl_authenticated, reject_unauth_pipelining , permit smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = lmtp:unix:private/dovecot-lmtp header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = dane smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = lmtp:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES25$ tls_preempt_cipherlist = no address_verify_negative_refresh_time = 60s enable_original_recipient = no smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS address_verify_sender_ttl = 15686s smtp_dns_support_level = dnssec Since i have these new errors will the tls_medium_cipherlist thread do me any good?
Seems like you have a network issue now. What is the output of Code: ifconfig and Code: ip a ? For me, network errors can be solved 9 out of 10 times with a reboot (or even 2).
Code: root@mail2:~$ systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2020-10-20 10:15:44 UTC; 24s ago Docs: man:dovecot(1) http://wiki2.dovecot.org/ Process: 149 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) Main PID: 149 (code=exited, status=89) Oct 20 10:15:44 mail2.REMOVED.com dovecot[149]: master: Error: socket() failed: Address family not supported by protocol Oct 20 10:15:44 mail2.REMOVED.com dovecot[149]: master: Error: service(pop3-login): listen([::], 995) failed: Address family not supported by protocol Oct 20 10:15:44 mail2.REMOVED.com dovecot[149]: master: Error: socket() failed: Address family not supported by protocol Oct 20 10:15:44 mail2.REMOVED.com dovecot[149]: master: Error: service(imap-login): listen([::], 143) failed: Address family not supported by protocol Oct 20 10:15:44 mail2.REMOVED.com dovecot[149]: master: Error: socket() failed: Address family not supported by protocol Oct 20 10:15:44 mail2.REMOVED.com dovecot[149]: master: Error: service(imap-login): listen([::], 993) failed: Address family not supported by protocol Oct 20 10:15:44 mail2.REMOVED.com dovecot[149]: Fatal: Failed to start listeners Oct 20 10:15:44 mail2.REMOVED.com dovecot[149]: master: Fatal: Failed to start listeners Oct 20 10:15:44 mail2.REMOVED.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 20 10:15:44 mail2.REMOVED.com systemd[1]: dovecot.service: Failed with result 'exit-code'. root@mail2:~$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 13: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:50:56:00:48:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 177.119.122.124/27 brd 177.119.122.127 scope global dynamic eth0 valid_lft 43168sec preferred_lft 43168sec ip a looks fine (changed the IP above from original, i feel vulnerable right now) reboot didnt help
dovecot running again, /etc/dovecot/dovecot.conf Code: listen = * since i have ipv6 disabled, forgot about this one. It is just weird that this error and the others didnt show up earlier, especially that Code: systemctl --state=failed didn't show dovecot had problems. Receiving emails again, thanks for the support!
I was about to comment that it seems like you don't have IPv6 enabled, but it was trying to bind to it Glad to hear it's working again.
