Hi I tried ISPconfig on Debian 11, which is supposedly going to be released on Saturday. Nearly everything works fine, but I have a problem which even a reconfigure with php update.sh --force could not fix. If I try to send emails from Thunderbird - I can receive Emails by the way - I get the following error message in mail.log: mail2 postfix/lmtp[1964521]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused I assume this is Postfix trying to connect to Amavis to scan my email which is running on port 10024. The strange thing: There is already a line : content_filter = lmtp:[127.0.0.1]:10024 in /etc/postfix/main.cf. How can I either a) make Amavis accept Emails on port 10026 or b) have them delivered by Postfix to 10024, where Amavis is already waiting. Yours sincerely Stefan
● amavis.service - Interface between MTA and virus scanner/content filters Loaded: loaded (/lib/systemd/system/amavis.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2021-07-26 16:09:21 CEST; 24h ago Docs: http://www.ijs.si/software/amavisd/#doc root@mail2:~# netstat -tulpen | grep amavis tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 114 3581946 1588212/amavisd-new tcp6 0 0 ::1:10024 :::* LISTEN 114 3581947 1588212/amavisd-new
Try to restart amavis. As a side note: Debian 11 is not supported yet, ISPConfig does not ship with a config file set for it nor is it able to recognize this OS. And for new systems, I highly recommend using Rspamd instead of Amavis.
Restarting did not fix the problem. I know that ISPConfig is not yet targetted at Debian 11, but it seemed at least worth trying considering that from Saturday on Debian 10 is going to be Oldstable. Setting up a new email Server on an Oldstable seemed counterproductive. But thanks for the advice, I will have a look at Rspamd.
See here for instructions on replacing amavis with rspamd on your system: https://www.howtoforge.com/replacing-amavisd-with-rspamd-in-ispconfig/ Not tested with Debian 11 yet But I see no reason why they should not work.
Hello I followed the Instructions, but reconfiguring services throw one error: Configuring Rspamd chgrp: Zugriff auf '/etc/rspamd/local.d/worker-controller.inc' nicht möglich: Datei oder Verzeichnis nicht gefunden chmod: Zugriff auf '/etc/rspamd/local.d/worker-controller.inc' nicht möglich: Datei oder Verzeichnis nicht gefunden The file worker-controller-inc exists and has the following permissions. It was changed three minutes ago, so the update script did modify it during its run. -rw-r--r-- 1 root root 242 28. Jul 11:47 worker-controller.inc -------------------------------------------------------------------------------------- root@mail2:/etc/rspamd/local.d# cat worker-controller.inc # Included from top-level .conf file type = "controller"; count = 1; password = "$2$7shazzwbbeb736ewytfptw5e78gc1eut$5md73mxrxnbof1u5cjmouwycsnti94hzeowi6ggk9u77y4zscfwb"; secure_ip = "127.0.0.1"; secure_ip = "::1"; -------------------------------------------------------------------------------------- Can I ignore these warning or is there something I would have to do manually? Yours sincerely Stefan
Good news. I can now send outgoing mails. I am going to test the setup at little with different mailclients. If anything of interest happens I will report back in a different thread since the topic of this thread has obviously changed from amavis to spamd. Yours sincerely Stefan
The file should be mode 640, group _rspamd: Code: -rw-r----- 1 root _rspamd 242 Apr 20 13:31 worker-controller.inc Perhaps there's an error in the updater that runs chown/chmod before having copied that template into place? I wouldn't expect that to be specific to Debian 11, but who knows.
Same problem on Debian 11 with last Ispconfig. I cannot send emails outside. I've followed the guide of Till and it works.
Same problem, Debian 11, mails don't go outside because of amavis. I followed the guide mentioned above, also changed the permissions for the worker-controller.inc file as told by @Jesse Norell. Rebooted the server, but problem is still there, mails don't go outside, they still want to connect to Amavis Code: status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused) Amavis still not listening to port 10026, and refuses to stop Code: # systemctl stop amavisd-new Failed to stop amavisd-new.service: Unit amavisd-new.service not loaded. # netstat -tap | grep amavis tcp 0 0 localhost:10024 0.0.0.0:* LISTEN 251/amavisd-new (ma tcp6 0 0 localhost:10024 [::]:* LISTEN 251/amavisd-new (ma What's strange is that rspamd reports activity? Edit: New mails go out, but thoses stuck in defered queue still try to connect to Amavis and stay there. Let's free them please
Recently I did a system upgrade from Debian 10 to Debian 11 and found out I have the same problem. Today I found a solution to the problem and at the same time I am reporting a bug with a developer. Unfortunately, installing rspamd did not solve the problem, but the tool is graphically very nice. chmod 644 /etc/amavis/conf.d/50-user #bug #3.2.7p1
The correct permissions for this file are 640 and not 644 and that's what the ISPConfig installer sets for this file. With your change to 644 you just opened up a huge security hole on your system, you should change that back immediately before your system gets taken over. Files that contain the password to the administration database of the system may never be world-readable, as any user or website on your system can read it now. And switching from Amavis to Rspamd as suggested fixes any Amavis related issue of course as Amavis is not even be used anymore on the system then.
Perhaps it is as you say, but by default in Debian this directory and files have root.root privileges not amavis so if you say it is dangerous then ispconfig should chgrp on amavis. In Debian, amavis works with amavis user privileges, not root. Same as named it works with bind privileges. root@mail:/etc/amavis/conf.d# ps -A -f|grep amavis amavis 197074 1 0 21:57 ? 00:00:03 /usr/sbin/amavisd-new (master) amavis 197100 1 0 21:57 ? 00:00:00 /usr/bin/perl -T /usr/sbin/amavis-mc -f amavis 197112 197074 0 21:57 ? 00:00:00 /usr/sbin/amavisd-new (virgin child) amavis 197113 197074 0 21:57 ? 00:00:00 /usr/sbin/amavisd-new (virgin child) amavis 197128 1 0 21:57 ? 00:00:00 /usr/bin/perl -T /usr/sbin/amavisd-snmp-subagent -f root 204765 203705 0 23:08 pts/2 00:00:00 grep amavis root@mail:/etc/amavis/conf.d# ps -A -f|grep named bind 196953 1 0 21:56 ? 00:00:04 /usr/sbin/named -f -u bind For me, Rspamd is new and I have updated the production server that has e-mail and websites so it has to work. root@mail:/var/log# netstat -tulpen|grep amav tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 117 1881973 205687/amavisd-new tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 117 1881975 205687/amavisd-new tcp6 0 0 ::1:10024 :::* LISTEN 117 1881974 205687/amavisd-new tcp6 0 0 ::1:10026 :::* LISTEN 117 1881976 205687/amavisd-new You can use chgrp amavis /etc/amavis/conf.d/50-user instead of chmod 644 /etc/amavis/conf.d/50-user My problem is I need a working solution for now. I did not expect such problems after the system upgrade.
That's just partially correct. On Debian until version 10, amavis has read its config files as root user and then dropped privileges to the amavis user afterward for security reasons, that's the way most daemons work on Linux incl. Apache etc. So amavis was always able to read files that only the root user can read and ISPConfig sets the permission correctly as root:root with 640 permission for all Debian versions incl. Debian 10. On Debian 11, the way amavis works has changed and amavis requires a different setup now. But on Debian 11, ISPConfig is not using Amavis anymore to filter Emails, it uses Rspamd as mentioned already earlier.