Hi y'all! So i cannot sign into my email that i made in ISPConfig. Lemme first give some information: DNS: mail.domain.tld -> server IP DNS: domain.tld -> server IP Inside ISPConfig, i made a new site for the domain i wanna have a email with. When i do `tail -f /var/log/mail.log` i see: root@yuki:/etc/dovecot/conf.d# tail -f /var/log/mail.log Mar 8 13:30:50 yuki postfix/master[14851]: warning: process /usr/lib/postfix/sbin/local pid 15933 exit status 1 Mar 8 13:30:50 yuki postfix/master[14851]: warning: /usr/lib/postfix/sbin/local: bad command startup -- throttling Mar 8 13:31:50 yuki postfix/local[15961]: warning: /etc/postfix/main.cf, line 54: overriding earlier entry: message_size_limit=20480000 Mar 8 13:31:50 yuki postfix/local[15961]: fatal: configuration error: mailbox_size_limit is limited but message_size_limit is unlimited Mar 8 13:31:51 yuki postfix/master[14851]: warning: process /usr/lib/postfix/sbin/local pid 15961 exit status 1 Mar 8 13:31:51 yuki postfix/master[14851]: warning: /usr/lib/postfix/sbin/local: bad command startup -- throttling Mar 8 13:32:51 yuki postfix/local[16034]: warning: /etc/postfix/main.cf, line 54: overriding earlier entry: message_size_limit=20480000 Mar 8 13:32:51 yuki postfix/local[16034]: fatal: configuration error: mailbox_size_limit is limited but message_size_limit is unlimited Mar 8 13:32:52 yuki postfix/master[14851]: warning: process /usr/lib/postfix/sbin/local pid 16034 exit status 1 Mar 8 13:32:52 yuki postfix/master[14851]: warning: /usr/lib/postfix/sbin/local: bad command startup -- throttling Mar 8 13:33:50 yuki dovecot: imap-login: Disconnected: Connection closed: SSL_read failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=10.0.0.5, lip=10.0.0.2, TLS: SSL_read failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42, session=<70cXytQvfAsKAAAF> Mar 8 13:33:52 yuki postfix/local[17542]: warning: /etc/postfix/main.cf, line 54: overriding earlier entry: message_size_limit=20480000 Mar 8 13:33:52 yuki postfix/local[17542]: fatal: configuration error: mailbox_size_limit is limited but message_size_limit is unlimited Mar 8 13:33:53 yuki postfix/master[14851]: warning: process /usr/lib/postfix/sbin/local pid 17542 exit status 1 Mar 8 13:33:53 yuki postfix/master[14851]: warning: /usr/lib/postfix/sbin/local: bad command startup -- throttling Mar 8 13:34:01 yuki dovecot: imap-login: Disconnected: Connection closed: SSL_read failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=10.0.0.5, lip=10.0.0.2, TLS: SSL_read failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42, session=<hCfBytQvUBkKAAAF> Mar 8 13:34:12 yuki dovecot: imap-login: Disconnected: Connection closed: SSL_read failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=10.0.0.5, lip=10.0.0.2, TLS: SSL_read failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42, session=<r5duy9QviCcKAAAF> Mar 8 13:34:23 yuki dovecot: imap-login: Disconnected: Connection closed: SSL_read failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=10.0.0.5, lip=10.0.0.2, TLS: SSL_read failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42, session=<7WMYzNQv7FIKAAAF> websites SSL certs are on the load balancer (hetzner). Can someone help me with this? I love ISPConfig so far! Keep up the good work
You must create a email domain in ISPConfig and then a mailbox if you want to use email. Websites are not mail related, so creating a website will not give you email. https://www.howtoforge.com/ispconfig-email-account/ Whcih tutorial did you see to set up your server and did you start with a freshly installed and empty system? It seems your setup has some problems in main.cf, which might result from starting from an unclean system. Please post your /etc/postfix/main.cf file.
So i'm using an load balancer. That handles the SSL certs. So now i've made Postfix and Dovecot using unencrypted (from the LB to the servers goes inside a internal network) root@yuzuki:/var/www/clients/client7/web46/web# sudo systemctl restart postfix root@yuzuki:/var/www/clients/client7/web46/web# sudo ss -tuln | grep :143 tcp LISTEN 0 512 0.0.0.0:143 0.0.0.0:* tcp LISTEN 0 512 [::]:143 [::]:* root@yuzuki:/var/www/clients/client7/web46/web# sudo ss -tuln | grep :587 tcp LISTEN 0 100 0.0.0.0:587 0.0.0.0:* tcp LISTEN 0 100 [::]:587 [::]:* root@yuzuki:/var/www/clients/client7/web46/web# systemctl restart postfix root@yuzuki:/var/www/clients/client7/web46/web# sudo netstat -tuln | grep :25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp6 0 0 :::25 :::* LISTEN This is my main.cf: smtpd_tls_mandatory_ciphers = medium #tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 #tls_preempt_cipherlist = yes # Sender/Recipient Settings address_verify_negative_refresh_time = 60s enable_original_recipient = no sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd smtp_sender_dependent_authentication = yes # SASL Authentication smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_tls_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth # Amavis Content Filtering content_filter = amavis:[127.0.0.1]:10024 address_verify_virtual_transport = smtp:[127.0.0.1]:10025 address_verify_transport_maps = static:smtp:[127.0.0.1]:10025 # Misc Settings address_verify_sender_ttl = 15686s smtp_dns_support_level = dnssec smtputf8_enable = no dovecot_destination_recipient_limit = 1 # Timeout Settings smtp_connect_timeout = 30s smtp_helo_timeout = 60s smtp_mail_timeout = 60s smtpd_error_sleep_time = 2s smtpd_hard_error_limit = 10 smtpd_recipient_overshoot_limit = 600 smtpd_soft_error_limit = 5 smtpd_timeout = 60s # Miscellaneous message_size_limit = 0 authorized_flush_users = authorized_mailq_users = nagios, icinga smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS in_flow_delay = 1s smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination The master.cf: # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== #smtp inet n - y - - smtpd #submission inet n - n - - smtpd smtp inet n - n - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy # Choose one: enable submission for loopback clients only, or for any client. dovecot.conf: rotocol imap { mail_plugins = $mail_plugins quota imap_quota auth_verbose = yes } protocol pop3 { pop3_uidl_format = %08Xu%08Xv mail_plugins = $mail_plugins quota auth_verbose = yes } protocol lda { postmaster_address = mail_plugins = $mail_plugins sieve quota } protocol lmtp { postmaster_address = mail_plugins = $mail_plugins quota sieve } service stats { unix_listener stats-reader { user = vmail group = vmail mode = 0660 } #2.3+ unix_listener stats-writer { user = vmail group = vmail mode = 0660 } } service quota-status { executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } client_limit = 1 } plugin { quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full" } !include_try conf.d/99-ispconfig-custom-config.conf firewall is disabled for now to make debugging easier. In mail.log i do see: root@yasumi:/var/www/clients/client7/web46/web# tail -f /var/log/mail.log Mar 8 15:33:30 yasumi dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 0 secs): user=<>, rip=10.0.0.5, lip=10.0.0.3, session=<1VgWdtYvLlIKAAAF> Mar 8 15:33:49 yasumi dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 0 secs): user=<>, rip=10.0.0.5, lip=10.0.0.3, session=<ijMrd9YvCmUKAAAF> Mar 8 15:35:03 yasumi postfix/sendmail[21679]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:35:03 yasumi postfix/postqueue[21679]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:35:03 yasumi postfix/showq[21682]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:35:03 yasumi postfix/smtpd[21549]: connect from localhost[::1] Mar 8 15:35:03 yasumi postfix/smtpd[21549]: lost connection after CONNECT from localhost[::1] Mar 8 15:35:03 yasumi postfix/smtpd[21549]: disconnect from localhost[::1] commands=0/0 Mar 8 15:35:03 yasumi dovecot: imap-login: Disconnected: Connection closed (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<v86be9YvwLQAAAAAAAAAAAAAAAAAAAAB> Mar 8 15:35:03 yasumi dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Tu+be9YvnsoAAAAAAAAAAAAAAAAAAAAB> Mar 8 15:38:23 yasumi postfix/anvil[21551]: statistics: max connection rate 4/60s for (smtp:10.0.0.5) at Mar 8 15:33:27 Mar 8 15:38:23 yasumi postfix/anvil[21551]: statistics: max connection count 1 for (smtp:10.0.0.5) at Mar 8 15:32:42 Mar 8 15:38:23 yasumi postfix/anvil[21551]: statistics: max cache size 1 at Mar 8 15:32:42 Mar 8 15:40:03 yasumi postfix/sendmail[21966]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:40:03 yasumi postfix/postqueue[21966]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:40:03 yasumi postfix/showq[21969]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:40:03 yasumi postfix/smtpd[21992]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:40:03 yasumi dovecot: imap-login: Disconnected: Connection closed (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<L4V4jdYv3r8AAAAAAAAAAAAAAAAAAAAB> Mar 8 15:40:03 yasumi postfix/proxymap[21995]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:40:03 yasumi postfix/smtpd[21992]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Mar 8 15:40:03 yasumi postfix/smtpd[21992]: connect from localhost[::1] Mar 8 15:40:03 yasumi postfix/smtpd[21992]: lost connection after CONNECT from localhost[::1] Mar 8 15:40:03 yasumi postfix/smtpd[21992]: disconnect from localhost[::1] commands=0/0 Mar 8 15:40:03 yasumi dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<zqZ4jdYvUrMAAAAAAAAAAAAAAAAAAAAB> Mar 8 15:40:36 yasumi dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 15 secs): user=<>, rip=139.99.35.42, lip=162.55.185.85, session=<bMxvj9Yvy4eLYyMq> Mar 8 15:45:03 yasumi postfix/sendmail[22179]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:45:03 yasumi postfix/postqueue[22179]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:45:03 yasumi postfix/showq[22182]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:45:03 yasumi postfix/smtpd[22205]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:45:03 yasumi dovecot: imap-login: Disconnected: Connection closed (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Kptkn9YvvMEAAAAAAAAAAAAAAAAAAAAB> Mar 8 15:45:03 yasumi postfix/proxymap[22209]: warning: /etc/postfix/main.cf, line 58: overriding earlier entry: message_size_limit=20480000 Mar 8 15:45:03 yasumi postfix/smtpd[22205]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Mar 8 15:45:03 yasumi postfix/smtpd[22205]: connect from localhost[::1] Mar 8 15:45:03 yasumi postfix/smtpd[22205]: lost connection after CONNECT from localhost[::1] Mar 8 15:45:03 yasumi postfix/smtpd[22205]: disconnect from localhost[::1] commands=0/0 Mar 8 15:45:03 yasumi dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Pb5kn9Yv9rEAAAAAAAAAAAAAAAAAAAAB> After trying to sign in. Thanks in advance
The postfix config is not from a normal ISPConfig system or was manually edited which cause your system to fail. You should format your system, install Debian 12 o Ubuntu 24.04 minimal installation on it and then run the auto installer: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/ to get a clean and fully working system. As mentioned before, you can not install ISPConfig on a system that you were using before or where you set up already any services beside ssh or used another control panel.
Ah thanks! Will do that. Question, it needs to run behind a loadbalancer who handles the SSL certs, so i need to modify the new postfix/dovecot too right? Because the certs live on the LB.
unless it's just a mistake when copy-pasting into the forum post.. the missing p in the protocal imap line is going to cause you problems... and your /etc/postfix/master.cf looks rather empty as well... on my mailserver, with just a default ispconfig install, looks llke: Code: smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy # Choose one: enable submission for loopback clients only, or for any client. #127.0.0.1:submission inet n - y - - smtpd submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING # Choose one: enable smtps for loopback clients only, or for any client. #127.0.0.1:smtps inet n - y - - smtpd smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no
