Hello HTF friends, Setup : ISPConfig with multiserver setup Ubuntu 20.04 After migrating my mail server, I can't seem to get SMTP to work. Managed to get IMAP running but SMTP keeps failing. After running the common issues report, I don't see anything that may cause issues with SMTP. Ports are all listening properly. The log only shows "SASL authentication failed". Nothing else out the ordinary. I wasn't able note any of the data because I had to reset the server. Mail server needs to remain running.
You could show the common issues raport in this thread in CODE tags, maybe there is useful info there. Try sending e-mail to yourself with Roundcube webmail. That should reveal some data points reading the mail log lines for that message. What kind of migration did you do? Did migration complete successfully for all hosts in the ISPConfig cluster?
. I managed to get a copy of the common issues report. You can ignore the MAIL SERVER CHECK warning, i made a quick change to test this. . I did a manual migration. Copy and replace files. . Roundcube gave me an error along the lines of "Could not connect to server". Code: [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Ubuntu 20.04.6 LTS [INFO] uptime: 03:07:02 up 2:18, 1 user, load average: 0.00, 0.00, 0.00 [INFO] memory: total used free shared buff/cache available Mem: 3.8Gi 2.8Gi 220Mi 0.0Ki 792Mi 698Mi Swap: 6.2Gi 626Mi 5.5Gi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION ● snap.lxd.activate.service loaded failed failed Service for snap application lxd.ac tivate LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.11p2 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.4.33 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.33 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening [WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening [WARN] Port 80 (Webserver) seems NOT to be listening [WARN] Port 443 (Webserver SSL) seems NOT to be listening [WARN] Port 465 (SMTP server SSL) seems NOT to be listening [WARN] Port 21 (FTP server) seems NOT to be listening ##### MAIL SERVER CHECK ##### [WARN] I found no "smtps" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this. ##### RUNNING SERVER PROCESSES ##### [WARN] I could not determine which web server is running. [INFO] I found the following mail server(s): Postfix (PID 40850) [INFO] I found the following pop3 server(s): Dovecot (PID 40871) [INFO] I found the following imap server(s): Dovecot (PID 40871) [WARN] I could not determine which ftp server is running. ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:25 (40850/master) [localhost]:953 (738/named) [anywhere]:4190 (40871/dovecot) [anywhere]:993 (40871/dovecot) [anywhere]:995 (40871/dovecot) [localhost]:11332 (35351/rspamd:) [localhost]:11333 (35351/rspamd:) [localhost]:11334 (35351/rspamd:) [localhost]:10023 (1020/postgrey) [localhost]:10024 (35347/amavisd-new) [localhost]:10025 (40850/master) [localhost]:10026 (35347/amavisd-new) [localhost]:10027 (40850/master) [localhost]:6379 (956/redis-server) [localhost]:11211 (737/memcached) [anywhere]:110 (40871/dovecot) [anywhere]:143 (40871/dovecot) ***.***.***.***:53 (738/named) [localhost]:53 (738/named) ***.***.***.***:53 (614/systemd-resolve) [anywhere]:22 (844/sshd:) *:*:*:*::*:25 (40850/master) *:*:*:*::*:953 (738/named) *:*:*:*::*:4190 (40871/dovecot) *:*:*:*::*:993 (40871/dovecot) *:*:*:*::*:995 (40871/dovecot) *:*:*:*::*:11332 (35351/rspamd:) *:*:*:*::*:11333 (35351/rspamd:) *:*:*:*::*:11334 (35351/rspamd:) *:*:*:*::*:10023 (1020/postgrey) *:*:*:*::*:10024 (35347/amavisd-new) *:*:*:*::*:10026 (35347/amavisd-new) *:*:*:*::*:3306 (34665/mysqld) *:*:*:*::*:6379 (956/redis-server) [localhost]10 (40871/dovecot) [localhost]43 (40871/dovecot) *:*:*:*::*:53 (738/named) *:*:*:*::*53 (738/named) *:*:*:*::**:*:*:*::*53 (738/named) *:*:*:*::*:22 (844/sshd:) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW B LOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW B LOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW A LLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW B LOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:4190 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LI MIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### Certbot is installed in /usr/bin/letsencrypt Also solved these 2 errors i think since they no longer show up in the log but might still give insight. Code: Feb 20 02:33:54 mail1 postfix/proxymap[36115]: error: unsupported dictionary type: mysql Feb 20 02:33:54 mail1 postfix/proxymap[36115]: error: unsupported dictionary type: mysql Feb 20 02:33:54 mail1 postfix/proxymap[36115]: error: unsupported dictionary type: mysql Feb 20 02:33:54 mail1 postfix/proxymap[36115]: error: unsupported dictionary type: mysql Feb 20 02:33:54 mail1 postfix/proxymap[36115]: error: unsupported dictionary type: mysql Feb 20 02:33:54 mail1 postfix/proxymap[36115]: error: unsupported dictionary type: mysql Feb 20 02:25:44 mail1 postfix/smtpd[35547]: fatal: no SASL authentication mechanisms
The report shows Code: [WARN] Port 465 (SMTP server SSL) seems NOT to be listening Code: [WARN] I found no "smtps" entry in your postfix master.cf So you did not use Migration Tool? https://www.ispconfig.org/add-ons/ispconfig-migration-tool/ You wrote but what did you migrate to? Did you install a new ISPConfig multiserver system and then copied files? How was this new ISPCOnfig installed, following which Perfect Server Guide or was ISPConfig autoinstaller used? Seems the new ispconfig server is not working properly. You should explain more what has been done and what kind of system is the one now malfunctioning.
Those two errors can be ignored. It should still be able to work on 587 without SSL. [WARN] I found no "smtps" entry in your postfix master.cf <-- Also solved these 2 errors i think since they no longer show up in the log but might still give insight. Those have been solved already forgot to put "##### MAIL SERVER CHECK #####". Still not working. No migration tool, followed the migration script via https://gist.github.com/yorch/9410737. Don't have a second server. This server must remain active with the same IP and FQDN since it's a live server.
How is that possible? If you use that migration script, you have the SOURCE server, the old one, and the TARGET server, new server where you copy data to. That is two servers. ISPConfig has migration tool that includes copy tool, it may work better than the 9 year old script you used.
I used a modified version to use it offline. Saves the data to tar files. What files are important for the (mail) transfer? Currently : full mysql database dump /var/vmail /var/lib/mailman /var/lib/mysql /etc/postfix /etc/dovecot /backup
You must troubleshoot your setup, until you find what is wrong and figure out how to set it up properly. Are you still with Roundcube getting Troubleshoot that first. Common issues report showed only "snap.lxd.activate.service" as only service not running, so maybe the configuration is wrong for postfix, dovect et al?
How was the new server installed? Did you check it was working before you started copying old data to it? If you used ISPConfig autoinstaller, the system should be OK and work properly. If this is multiserver, did you add the new server to the old ISPConfig cluster? Can slave servers reach the ISPConfig master server, including using database? If server is important, consider business support to fix the setup for you: https://www.ispconfig.org/support/
Hello Taleman, How was the new server installed? Auto installer Did you check it was working before you started copying old data to it? Yes but impossible to fully check since it would not have some required files before transfer If this is multiserver, did you add the new server to the old ISPConfig cluster? Yes Can slave servers reach the ISPConfig master server, including using database? Yes
I actually manage to solve the issue. Everything is working. I wanted to try the migration software but i needed another live server for it to work. I noticed the below issues return after a reboot, maybe something went wrong : Code: [WARN] Port 8080 (ISPConfig) seems NOT to be listening [WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening [WARN] Port 80 (Webserver) seems NOT to be listening [WARN] Port 443 (Webserver SSL) seems NOT to be listening [WARN] Port 465 (SMTP server SSL) seems NOT to be listening [WARN] Port 21 (FTP server) seems NOT to be listening Updated postfix's /etc/postfix/main.cf and UFW firewall rules. I also fixed the "could not determine server's ip address by ifconfig" by updating the /etc/hosts file. I was also having trouble with updating due to the "Falsche Anfrage" issue, solved with Migrate MySQL to MariaDB
