ispconfig 3.3.11 debian 12 Code: ##### SERVER ##### IP-address (as per hostname): [localhost] [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 12 (bookworm) [INFO] uptime: 09:31:31 up 17 min, 1 user, load average: 0.22, 0.21, 0.26 [INFO] memory: total used free shared buff/cache available Mem: 15Gi 2.7Gi 11Gi 5.0Mi 1.3Gi 12Gi Swap: 973Mi 0B 973Mi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION 0 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.11 ##### VERSION CHECK ##### [INFO] php (cli) version is 8.2.7 [INFO] php-cgi (used for cgi php in default vhost!) is version 8.2.7 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening [WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 969) [INFO] I found the following mail server(s): Postfix (PID 2463) [INFO] I found the following pop3 server(s): Dovecot (PID 4476) [INFO] I found the following imap server(s): Dovecot (PID 4476) [INFO] I found the following ftp server(s): PureFTP (PID 1190) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:783 (622/perl) [localhost]:53 (656/unbound) [localhost]:10023 (523/postgrey) [anywhere]:12345 (4476/dovecot) [anywhere]:4190 (4476/dovecot) [localhost]:11211 (619/memcached) [localhost]:11334 (715/rspamd:) [localhost]:11332 (715/rspamd:) [localhost]:11333 (715/rspamd:) [anywhere]:465 (2463/master) [anywhere]:25 (2463/master) [anywhere]:21 (1190/pure-ftpd) [anywhere]:22 (647/sshd:) [anywhere]:110 (4476/dovecot) [anywhere]:143 (4476/dovecot) [anywhere]:993 (4476/dovecot) [anywhere]:995 (4476/dovecot) [anywhere]:587 (2463/master) [anywhere]:3306 (737/mariadbd) [localhost]:6379 (621/redis-server) [localhost]2345 (4476/dovecot) *:*:*:*::*:4190 (4476/dovecot) *:*:*:*::*:6379 (621/redis-server) *:*:*:*::*:11334 (715/rspamd:) *:*:*:*::*:11332 (715/rspamd:) *:*:*:*::*:11333 (715/rspamd:) *:*:*:*::*:443 (969/apache2) *:*:*:*::*:465 (2463/master) *:*:*:*::*:25 (2463/master) *:*:*:*::*:21 (1190/pure-ftpd) *:*:*:*::*:22 (647/sshd:) *:*:*:*::*:80 (969/apache2) [localhost]10 (4476/dovecot) [localhost]43 (4476/dovecot) *:*:*:*::*:993 (4476/dovecot) *:*:*:*::*:995 (4476/dovecot) *:*:*:*::*:587 (2463/master) *:*:*:*::*:3306 (737/mariadbd) *:*:*:*::*:10023 (523/postgrey) *:*:*:*::*:53 (656/unbound) *:*:*:*::*:783 (622/perl) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-dovecot 6 -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190 f2b-postfix-sasl 6 -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-sshd 6 -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input 0 -- [anywhere]/0 [anywhere]/0 ufw-before-input 0 -- [anywhere]/0 [anywhere]/0 ufw-after-input 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-input 0 -- [anywhere]/0 [anywhere]/0 ufw-track-input 0 -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-before-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-after-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-track-forward 0 -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output 0 -- [anywhere]/0 [anywhere]/0 ufw-before-output 0 -- [anywhere]/0 [anywhere]/0 ufw-after-output 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-output 0 -- [anywhere]/0 [anywhere]/0 ufw-track-output 0 -- [anywhere]/0 [anywhere]/0 Chain f2b-dovecot (1 references) target prot opt source destination REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN 0 -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN 0 -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT 17 -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 17 -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT 17 -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT 6 -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT 17 -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT 6 -- ***.***.***.***/28 [anywhere]/0 tcp dpt:3306 ACCEPT 6 -- ***.***.***.***/28 [anywhere]/0 tcp dpt:12345 Chain ufw-user-limit (0 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT 0 -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh This morning at 7.50am, emails seemed to stop working. server is up. when trying to connect thunderbird/outlook state "failed to connect" run Code: tail -f /var/log/mail.log ..... N802 MAILER-DAEMON@mx1 Tue Oct 17 09:26 35/1109 Postfix SMTP server: errors from o26.p37.mailjet.com[185.250.236.26] N803 MAILER-DAEMON@mx1 Tue Oct 17 09:26 34/1094 Postfix SMTP server: errors from unknown[51.155.53.9] N804 MAILER-DAEMON@mx1 Tue Oct 17 09:26 34/1094 Postfix SMTP server: errors from unknown[51.155.53.9] N805 MAILER-DAEMON@mx1 Tue Oct 17 09:26 34/1120 Postfix SMTP server: errors from 89-145-204-244.xdsl.murphx.net[89.145.204.244] N806 MAILER-DAEMON@mx1 Tue Oct 17 09:26 34/1120 Postfix SMTP server: errors from 89-145-204-244.xdsl.murphx.net[89.145.204.244] N807 MAILER-DAEMON@mx1 Tue Oct 17 09:27 34/1091 Postfix SMTP server: errors from unknown[51.155.53.9] N808 MAILER-DAEMON@mx1 Tue Oct 17 09:27 34/1094 Postfix SMTP server: errors from unknown[51.155.53.9] N809 MAILER-DAEMON@mx1 Tue Oct 17 09:27 34/1094 Postfix SMTP server: errors from unknown[51.155.53.9] N810 MAILER-DAEMON@mx1 Tue Oct 17 09:28 34/1120 Postfix SMTP server: errors from 89-145-204-244.xdsl.murphx.net[89.145.204.244] N811 MAILER-DAEMON@mx1 Tue Oct 17 09:28 34/1120 Postfix SMTP server: errors from 89-145-204-244.xdsl.murphx.net[89.145.204.244] N812 MAILER-DAEMON@mx1 Tue Oct 17 09:28 34/1120 Postfix SMTP server: errors from 89-145-204-244.xdsl.murphx.net[89.145.204.244] N813 MAILER-DAEMON@mx1 Tue Oct 17 09:28 34/1120 Postfix SMTP server: errors from 89-145-204-244.xdsl.murphx.net[89.145.204.244] N814 MAILER-DAEMON@mx1 Tue Oct 17 09:28 34/1091 Postfix SMTP server: errors from unknown[51.155.53.9] N815 MAILER-DAEMON@mx1 Tue Oct 17 09:28 50/1588 Postfix SMTP server: errors from unknown[185.69.144.51] N816 MAILER-DAEMON@mx1 Tue Oct 17 09:28 34/1094 Postfix SMTP server: errors from unknown[51.155.53.9] Code: systemctl status postfix ● postfix.service - Postfix Mail Transport Agent Loaded: loaded (/lib/systemd/system/postfix.service; enabled; preset: enabled) Active: active (exited) since Tue 2023-10-17 09:16:34 BST; 20min ago Docs: man:postfix(1) Process: 2466 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 2466 (code=exited, status=0/SUCCESS) CPU: 2ms Oct 17 09:16:34 mx1 systemd[1]: Starting postfix.service - Postfix Mail Transport Agent... Oct 17 09:16:34 mx1 systemd[1]: Finished postfix.service - Postfix Mail Transport Agent. same for dovecot but this is at the end Code: Oct 17 09:38:14 mx1 dovecot[4481]: imap-login: Error: Failed to initialize SSL server context: Can't load SSL private key (ssl_key setting): Key is for a different cert than ssl_cert: user=<>, rip=51.146.133.62> Oct 17 09:38:14 mx1 dovecot[4481]: imap-login: Error: Failed to initialize SSL server context: Can't load SSL private key (ssl_key setting): Key is for a different cert than ssl_cert: user=<>, rip=51.146.133.62> Oct 17 09:38:15 mx1 dovecot[4481]: imap([email protected])<6413><ot4SceUHAdAfXgdG>: Disconnected: Logged out in=572 out=3548 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Oct 17 09:38:16 mx1 dovecot[4481]: imap-login: Login: user=<ch@domain..>, method=PLAIN, rip=31.94.7.70, lip=212.159.153.4, mpid=6442, session=<xzOoceUHgXgfXgdG> Oct 17 09:38:17 mx1 dovecot[4481]: imap-login: Error: Failed to initialize SSL server context: Can't load SSL private key (ssl_key setting): Key is for a different cert than ssl_cert: user=<>, rip=86.152.156.16> Oct 17 09:38:18 mx1 dovecot[4481]: imap-login: Error: Failed to initialize SSL server context: Can't load SSL private key (ssl_key setting): Key is for a different cert than ssl_cert: user=<>, rip=80.5.0.57, li> Oct 17 09:38:19 mx1 dovecot[4481]: imap-login: Error: Failed to initialize SSL server context: Can't load SSL private key (ssl_key setting): Key is for a different cert than ssl_cert: user=<>, rip=92.207.211.51> Oct 17 09:38:19 mx1 dovecot[4481]: imap-login: Error: Failed to initialize SSL server context: Can't load SSL private key (ssl_key setting): Key is for a different cert than ssl_cert: user=<>, rip=92.207.211.51> Oct 17 09:38:19 mx1 dovecot[4481]: imap-login: Error: Failed to initialize SSL server context: Can't load SSL private key (ssl_key setting): Key is for a different cert than ssl_cert: user=<>, rip=185.69.144.51> Oct 17 09:38:20 mx1 dovecot[4481]: doveadm: Error: SSL context initialization failed, disabling SSL: Can't load SSL private key (ssl_key setting): Key is for a different cert than ssl_cert i did start the changes for this link but undid then https://www.allerstorfer.at/rspamd-dovecot-ispconfig-automatic-spam-ham-training/
Especially your dovecot log is clear as glass. You have a mismatch between certificate and key. Postfix most likely encounters the same issue. Only your logs are way too brief to verify. There should be more relevant info before the connection errors. Check your certificate and key used by postfix and dovecot. Maybe a force renew wil help. Don't forget to restart the services after.
thank you.. turns out port 80 was blocked and i dont ever remember doing it., i unblocked it and now it verifies and generates valid cert from lets encrypt. lets encrypt needs to see the website to validate it, so having port 80 closed on firewall stopped this and as the cert renews every 3 or 4 months.. i wouldn't remember it anyway.. Code: https://www.sslshopper.com/ssl-checker.html#hostname=mx1.tlwebservices.co.uk it was valid. then i re followed https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/ and it worked like a dream. i felt over whelmed today. had customers on the phone, every few minutes.. i could'nt see the wood for the trees and of course the cert must have expired today or last night. now.. its calm, its sorted.
True, although it's every 2 month. And that explains the mismatch. Letsencrypt renewed the key but couldn't validate and therefor couldn't get the accompanying new certificate.
This is a lesson to implement monitoring for your SSL certs on the email ports. Especially when running a system for business purposes
You could use https://github.com/Matty9191/ssl-cert-check or set up a monitor with a monitoring service like Monit.
