Autoinstaller questions about amavis

Discussion in 'Developers' Forum' started by Valvaris, Jul 28, 2022.

  1. Valvaris

    Valvaris New Member

    Hey, I don't know if the topic is too old but I found the solution - there are 2 Major bugs with the ISPConfig autoinstaller script.
    • Amavis: There are 2 Ports configured: 127.0.0.1:10024 and 127.0.0.1:10026
      Amavis - per default - takes Emails to check on these ports and tries to report back on (Receiving Port + 1)
      --> You have to configure Postfix to open Ports 10025 and 10027 by postfix with master.cf
      Code:
      [email protected]:~# netstat -tlpen | egrep "amavis|master"
      tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      114        16227489   3611724/amavisd-new
      tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      0          16226582   3612250/master     
      tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      114        16227490   3611724/amavisd-new
      tcp        0      0 127.0.0.1:10027         0.0.0.0:*               LISTEN      0          16226586   3612250/master     
      
      Code:
      /etc/postfix/master.cf:
      127.0.0.1:10025 inet n    -       n       -       -     smtpd
          -o content_filter=
          -o smtpd_delay_reject=no
          -o smtpd_client_restrictions=permit_mynetworks,reject
          -o smtpd_helo_restrictions=
          -o smtpd_sender_restrictions=
          -o smtpd_recipient_restrictions=permit_mynetworks,reject
          -o smtpd_data_restrictions=reject_unauth_pipelining
          -o smtpd_end_of_data_restrictions=
          -o smtpd_restriction_classes=
          -o mynetworks=127.0.0.0/8
          -o smtpd_error_sleep_time=0
          -o smtpd_soft_error_limit=1001
          -o smtpd_hard_error_limit=1000
          -o smtpd_client_connection_count_limit=0
          -o smtpd_client_connection_rate_limit=0
          -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
          -o local_header_rewrite_clients=
      
      127.0.0.1:10027 inet n    -       n       -       -     smtpd
          -o content_filter=
          -o smtpd_delay_reject=no
          -o smtpd_client_restrictions=permit_mynetworks,reject
          -o smtpd_helo_restrictions=
          -o smtpd_sender_restrictions=
          -o smtpd_recipient_restrictions=permit_mynetworks,reject
          -o smtpd_data_restrictions=reject_unauth_pipelining
          -o smtpd_end_of_data_restrictions=
          -o smtpd_restriction_classes=
          -o mynetworks=127.0.0.0/8
          -o smtpd_error_sleep_time=0
          -o smtpd_soft_error_limit=1001
          -o smtpd_hard_error_limit=1000
          -o smtpd_client_connection_count_limit=0
          -o smtpd_client_connection_rate_limit=0
          -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
          -o local_header_rewrite_clients=
      
    • Second problem is with Greylisting: postgrey does not start if there is no complete socket defined in /etc/default/postgrey.
      The installer just sets the port 10023 which results in *:10023 and postgrey denies work without any log entry

      Code:
      /etc/default/postgrey:
      # postgrey startup options, created for Debian
      
      # you may want to set
      #   --delay=N   how long to greylist, seconds (default: 300)
      #   --max-age=N delete old entries after N days (default: 35)
      # see also the postgrey(8) manpage
      
      POSTGREY_OPTS="--inet=127.0.0.1:10023"
      
      # the --greylist-text commandline argument can not be easily passed through
      # POSTGREY_OPTS when it contains spaces.  So, insert your text here:
      #POSTGREY_TEXT="Your customized rejection message here"
      
    After reloading/restarting postfix, amavis and postgrey everything is fine.
    Should be included as a major bug to fix with the installer. :)
    System: Debian 11
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which command-line options did you use for the auto-installer? I install systems regularly using the auto-installer and they work always perfectly fine. E.g. I installed a system using the auto-installer yesterday on Debian 11, no manual changes needed, works out of the box incl. postgrey. Plus the autoinstaller does not use Amavis anymore, it uses Rspamd, so the ports you manually added in master.cf for Amavis may not exist on any recent ISPConfig install.

    My guess is that you just selected the wrong spam filter type under System > Server config > mail on your system. So the correct fix for your issue is to open System > server config > mail and choose Rspamd as Spamfilter and not amavis as that's the system configured by the auto installer. And take care to undo your manual changes to ensure you have a working and updatable system.
     
    Last edited: Jul 28, 2022
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    I moved your post to the developer forum now.
     
  4. Valvaris

    Valvaris New Member

    I used the official guide: www .howtoforge .com/ispconfig-autoinstall-debian-ubuntu/#-run-the-autoinstaller
    I used amavis instead of spamd, because i have a few scripts to migrate from another setup and skipped dns, ftp and used sigle-instance installation.
     
  5. Valvaris

    Valvaris New Member

    Here are the links I used (I had to post 2 Replies before I got the permission)

    I used amavis instead of spamd, because i have a few scripts to migrate from another setup and skipped dns, ftp and used sigle-instance installation.
    Code:
    wget -O - https://get.ispconfig.org | sh -s -- --unattended-upgrades --no-dns --use-certbot --use-php=7.4,8.0 --use-amavis --use-nginx --lang en|de
    Unfortunate there is no history entry for the setup so I had to recap the parameters.
     
    till likes this.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Ahh, ok,. This explains why I have not had such a issue yet as I don't use amavis anymore for quite some time. The solution for our problem would have probably been to set the correct spam filter under system > server config > mail or if it#s set correct, change to rspamd, save, change back to amavis, as this rewrites the confic. I'll do a test setup to see why the wrong filter seems to get selected in ISPConfig in case of amavis.
     
  7. Valvaris

    Valvaris New Member

    The filter setup is correct, but postfix needs to be configured with all amavis-ports +1 and Postgrey needs to be setup with socket 127.0.0.1:10023 instead of just 10023
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    the postfix amavis ports get (re)configured when you do what I suggested in post #6 and regarding postgrey, it works fine here when set up by ISPConfig, so most likely it's something specific to your base system.
     
  9. Valvaris

    Valvaris New Member

    Yeah it also does work, if I manually set these two options.

    The point is, that the installscript does the configuration incomplete and I think it should not hurt, to set postgrey to a complete tcp-socket including IP instead of port only and the ports configured for amavis are known, so there should be only little efford needed to include the configuration of the additional port to the master.cf of postfix.

    I have my system working, It does not matter to me. But it's a better solution to include the 2 options to the initial setup while amavis is still supported than "okay, you installed and it does not work, try update and reconfigure your freshly installed system"
    The siltent shutdown of postgrey not getting the full IP-Port combination is a known bug of postgrey but still not fixed - it does not effect all systems but some including Containers and different distributions like Debian since 8 (I found the problem discribed there to solve the problem) but also current version 11, Ubuntu and Centos.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page