Hey, I don't know if the topic is too old but I found the solution - there are 2 Major bugs with the ISPConfig autoinstaller script. Amavis: There are 2 Ports configured: 127.0.0.1:10024 and 127.0.0.1:10026 Amavis - per default - takes Emails to check on these ports and tries to report back on (Receiving Port + 1) --> You have to configure Postfix to open Ports 10025 and 10027 by postfix with master.cf Code: root@vmd91631:~# netstat -tlpen | egrep "amavis|master" tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 114 16227489 3611724/amavisd-new tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 0 16226582 3612250/master tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 114 16227490 3611724/amavisd-new tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 0 16226586 3612250/master Code: /etc/postfix/master.cf: 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= Second problem is with Greylisting: postgrey does not start if there is no complete socket defined in /etc/default/postgrey. The installer just sets the port 10023 which results in *:10023 and postgrey denies work without any log entry Code: /etc/default/postgrey: # postgrey startup options, created for Debian # you may want to set # --delay=N how long to greylist, seconds (default: 300) # --max-age=N delete old entries after N days (default: 35) # see also the postgrey(8) manpage POSTGREY_OPTS="--inet=127.0.0.1:10023" # the --greylist-text commandline argument can not be easily passed through # POSTGREY_OPTS when it contains spaces. So, insert your text here: #POSTGREY_TEXT="Your customized rejection message here" After reloading/restarting postfix, amavis and postgrey everything is fine. Should be included as a major bug to fix with the installer. System: Debian 11
Which command-line options did you use for the auto-installer? I install systems regularly using the auto-installer and they work always perfectly fine. E.g. I installed a system using the auto-installer yesterday on Debian 11, no manual changes needed, works out of the box incl. postgrey. Plus the autoinstaller does not use Amavis anymore, it uses Rspamd, so the ports you manually added in master.cf for Amavis may not exist on any recent ISPConfig install. My guess is that you just selected the wrong spam filter type under System > Server config > mail on your system. So the correct fix for your issue is to open System > server config > mail and choose Rspamd as Spamfilter and not amavis as that's the system configured by the auto installer. And take care to undo your manual changes to ensure you have a working and updatable system.
I used the official guide: www .howtoforge .com/ispconfig-autoinstall-debian-ubuntu/#-run-the-autoinstaller I used amavis instead of spamd, because i have a few scripts to migrate from another setup and skipped dns, ftp and used sigle-instance installation.
Here are the links I used (I had to post 2 Replies before I got the permission) I used amavis instead of spamd, because i have a few scripts to migrate from another setup and skipped dns, ftp and used sigle-instance installation. Code: wget -O - https://get.ispconfig.org | sh -s -- --unattended-upgrades --no-dns --use-certbot --use-php=7.4,8.0 --use-amavis --use-nginx --lang en|de Unfortunate there is no history entry for the setup so I had to recap the parameters.
Ahh, ok,. This explains why I have not had such a issue yet as I don't use amavis anymore for quite some time. The solution for our problem would have probably been to set the correct spam filter under system > server config > mail or if it#s set correct, change to rspamd, save, change back to amavis, as this rewrites the confic. I'll do a test setup to see why the wrong filter seems to get selected in ISPConfig in case of amavis.
The filter setup is correct, but postfix needs to be configured with all amavis-ports +1 and Postgrey needs to be setup with socket 127.0.0.1:10023 instead of just 10023
the postfix amavis ports get (re)configured when you do what I suggested in post #6 and regarding postgrey, it works fine here when set up by ISPConfig, so most likely it's something specific to your base system.
Yeah it also does work, if I manually set these two options. The point is, that the installscript does the configuration incomplete and I think it should not hurt, to set postgrey to a complete tcp-socket including IP instead of port only and the ports configured for amavis are known, so there should be only little efford needed to include the configuration of the additional port to the master.cf of postfix. I have my system working, It does not matter to me. But it's a better solution to include the 2 options to the initial setup while amavis is still supported than "okay, you installed and it does not work, try update and reconfigure your freshly installed system" The siltent shutdown of postgrey not getting the full IP-Port combination is a known bug of postgrey but still not fixed - it does not effect all systems but some including Containers and different distributions like Debian since 8 (I found the problem discribed there to solve the problem) but also current version 11, Ubuntu and Centos.
I've added an issue report here: https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller/-/issues/75
