Dediabn LAMP ISPConfig Fresh Install , Not Resolving Domain Correctly

Actually, regarding your tutorial, I post my notes (I keep notes as I do anything new)...

1.) Pictures are helpful, but the first picture cuts off DNSSEC checkbox, so the user has to "assume" that the default checked value for DNSSEC is correct.

2.) Its recognized in ISPconfig that the most common set-up is a single server setup with all services. However the tutorial written from the perspective from a multiserver setup. I immediately worked out that I should be using the IP for all my records, but for someone with less experience than me, that would be confusing right from the beginning.

Even if the tutorial had be longer, and broken into 2 parts: A.) Single-server set-up, and B.) Multi-server setup, it would make noobs like myself more comfortable. I would rather have "repetition", rather than confusion.

3.) While the manual did a great job of showing me what inputs should go into which record. I was hoping for / expected a minimal list of records that should be created based on single server set-up and desired services, ie:

Single-server Setup:
Nameserver
record 1
record 2
record 3
etc.

Multi-server Setup:
record 1
record 2
record 3

See below, for input examples of each of the above recommended, minimal records.

[the long list of different types of records with their inputs]

I eventually got exactly what I wanted from the wizard, but wizard did help with actually learning DNS records long-term.

4.) I just learning of the dig less than 40 days. While your current written intro of dig is solid. It is definitely an "early morning, just after coffee (or green tea)" type of introduction. If your dig tutorial had pictures with overlay text that correlated with outlined, explanatory text... it would probably be better absorbed by people like myself. "End of day, too tired to deeply focus on chunks of text"...(I am in Asia where it is 1 am and I am headed to bed soon).

5.) Given the "rectum-like" behavior of cpanel/whm in the market, I am sure that you guys are seeing an uptick in folks like me, lesser technical, but know enough to look for cpanel/whm alternatives. I think essentially selling a vbox test server is brilliant and my recent discovery of the autoinstaller is also brilliant. However, with regards to documentation, I would suggest aiming for the lowest level technical skill user, while keeping the advanced user stuff available as for users to "grow" into... (i.e. lead with single server tutorial of everything since that is dominant in the market, keep multi-server immediately thereafter)

6.) Many folks like me with lower,intermediate server skills like open-source as we are becoming increasingly aware of digital corporate "rectum-like" behaviors monitoring our every key stroke. While I and many others will gladly root for you guys and support you with the $60 bucks annually, there is a matter of usability / convenience. I mention this because I almost went with vestacp over you guys, simply because they were/are integrated with softaculous. I spent hours looking for an open-source alternative to softaculous, but end of the day, I know that I will need to install it because many people fleeing away from cpanel/whm right now are so accustom to using it. I have no problem paying the softaculous fee if it works, I just have learned not to trust proprietary anything. So if you guys know of an efficient open-source, one-click installer, I would suggest integrating with it, or at minimum softaculous until an open alternative is available.

bed time, tired :-0

 

Afternoon, fellas. I appear to stand corrected on multiple points. (I date women, so I often find myself being corrected ) I am ecstatic to learn that softaculous is officially integrated with ISPConfig. My weak & meager reasoning/defense behind my confusion was a quick google search of "ISPConfig Softaculous"... that yielded the results shown in the screenshot.

https://i.imgur.com/KtoT2tw.png

While I did bookmark the installation instructions at the address you posted above, when I also read the support thread, found here:

https://www.howtoforge.com/community/threads/softaculous-on-ispconfig-3-1.76125/

[The second search result]

I, obviously got the wrong impression that maybe it wasn't "officially integrated" with ISPConfig and the instructions that I had were perhaps the company's, unsupported / unofficial means of working with ISPConfig.

Just a suggestion, while I know that ispconfig.org is obviously dedicated to all things ispconfig, you may want to mention / briefly list all the well-known 3rd party add-ons that have been officially integrated with ISPConfig and optimize the add-on page's SEO, so when people do things like "ISPConfig Wordpress" the first and second results are your add-ons page and/or tutorials.

You guys have the best open-source server control panel by far. More people should know it.

When you complete the migration tool (meaning full-cpanel migration support), I think the unstoppable beast known as ISPConfig, will suddenly sprout wings and breathe fire, giving even King Kong (plesk) and Godzilla (cpanel) a good fight. Dare I say, a new alpha titan?

Have a good day fellas, time for me to test that autoinstaller.

 

Hey fellas,

Guess who is well caffeinated and typing again..? This Guy -->

Like, many users, I am not a higher-level coder and a lack firm conception of "how" one software package integrates with another package. While I do understand your point about "complaining" & people improperly blaming you guys for other people's crappy software, I would still say make a "risks" vs. "rewards" assessment and mitigate the risks as necessary because the reward of greatly expanding your audience probably outweighs 1% of "noobs" making silly, misguided complaints.

Instead of leaving "noob" users like me and the many, many, many other noobs fleeing cpanel looking for a "safe place to land" guessing, wondering, which 3rd-party software packages work well with ISPConfig (a factor that -does- make up a large component of user's decisions as to which control panel to use) I would still go my original recommendation because ultimately it expands your software's audience. However, given your clarification of the concept of software "integrations", as a means of mitigating the related "risks" that you mentioned.

1.) Generate a list of template responses for when people incorrectly make posts asking for support on 3rd party software packages. The template simply says "Package X is not supported in this forum. For assistance with Package X, please visit there support forum, located at https://packgex.org". Then, immediately close the thread. Noobs, like myself are accustom to being told that they are "off topic" thanks to stackexchange, askubuntu, etc..

2.) On the add-ons page you can also say, right on the page "The 3rd-party packages listed here are NOT supported by ISPConfig. If you use ISPConfig, but need technical support for any of these packages, please visit the relative support forums (listed below)."

Wordpress
https://www.wordpress.org/support
Softaculous
https://www.softaculous.com/support

Again, a little bit of SEO optimization results in getting search results for "ISPConfig WordPress", "ISPConfig Softaculous", "ISPConfig Joomla", to land directly on your site's add-on page and quickly answers the "should I try ISPConfig with Package X?" question that many potential users have.

3.) The add-ons page is also a great place to advertise / highlight your official autoinstaller, instead of a small, single line of text on a documentation page filled with small lines of text. In fact since you have described a nightmare situation with some other guys installer,... maybe you guys should add the autoinstaller one-line command directly to the isponconfig.org homepage, with a header saying "Install Now" and caption saying "ISPConfig Official Autoinstaller"... That will definitely generate an increase in end-user adopting use of the autoinstaller.

These three suggestions, definitely would have made me an ISPConfig superfan / financial contributor / potential interface translator a lot faster. (I have a BA in Mandarin Chinese and Minor in Comp. Sci., unfortunately my degree is from when HTML 1.0 was the new hot thing in the 90's)

In short, your add-ons & home pages could be maximized more to your advantage.

"Risks" vs "Rewards", mitigate risks, reap the rewards... anyway, just my two cents on the topic. More hits = more users = more installs = more revenue.... etc.. etc...etc..

One more small thing about the tutorial, itself. The anchors that SHOULD link to different sections of the tutorial don't work correctly. Sometimes they work as expected, but sometimes they lead to Instead they lead the user to the homepage (hard to reproduce).

In any case, the real reason for today's post is that -after- I tested the auto-installer, I reset the sever again and went back to the tutorial installation method. While I think the installer is a great idea that should be more widely advertised, I personally, prefer the tutorials because I get to actually learn what the key components & config files are... meaning that in the future, when things inevitably break, I at least have some knowledge of the system and can more likely troubleshoot it. With that said, again...

Excellent tutorial.

I have one strongly recommended suggestion. On step, "8 Install Postfix, Dovecot, MariaDB, rkhunter, and Binutils", include a short tip warning the user not to use special characters in the MariaDB password.

I recommend this because at step 19, "19 Install RoundCube Webmail (optional)", the special characters generate an error when running this command:

Code:

root@server1:/tmp# echo "CREATE DATABASE roundcube;" | mysql --defaults-file=/etc/mysql/debian.cnf
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

I, of course, searched for the error on the web and eventually found these How to Forge threads in which @till recommends adding ' ' around MariaDB passwords that contain special characters
https://www.howtoforge.com/community/threads/roundcube-installation-problem.82558/
https://www.howtoforge.com/communit...s-for-roundcube-phpmyadmin.82369/#post-391347

I, of course, edited /etc/mysql/debian.cnf to have ' ' around the passwords and, indeed that solved the error mentioned above. Then I was able to proceed with RoundCube installation. HOWEVER, once I got to:

Code:

apt-get install roundcube roundcube-core roundcube-mysql roundcube-plugins

Configure database for roundcube with dbconfig.common? <-- yes
MySQL application password for roundcube: <-- press enter

The install failed again with the same error:

Code:

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

screenshot:
https://i.imgur.com/hOnUwSO.png

So, I detoured, did some searching, figured out how to change the root user mysql password, and everything worked perfect from that point on. As you can imagine for a novice, figuring out all of this during the tutorial/installation process added easily added 45 minutes to an hour of time to overall installation time (searching, reading threads, changing passwords, etc.).

So now my original plan is back on track. Which was / is... start with Alibaba DNS (as a fallback), install ISPConfig, configure ISPConfig DNS, switch to ISPConfig nameservers, start other tasks. And sure enough, I have screwed up the DNS, and am currently using AlibabaDNS as the fallback while I figure out how to fix DNS.

How I screwed up DNS:

I ran the DNS wizard on example.com using the default template, exactly as shown in the manual. (Quick Note, the manual uses ".tld" abbreviation without explaining its meaning. Had to search around to figure that out..."noob" eyes)

The DNS wizard generated all the relevant records according to its default template and I incorrectly assumed that the task of configuring DNS was complete, so I went to Alibaba and changed my nameservers to ns1.example.com and ns2.example.com and went for a run... of course, I return and everything is offline as the DNS is not resolving correctly.

I noticed that a "server1" A record hadn't been created by the wizard, so I made one, but that failed to resolve the problem.

So I switch back to AlibabaDNS and read "Setting Up DNS" tutorial in much greater detail
https://www.howtoforge.com/tutorial/setting-up-your-own-name-service-with-ispconfig/

Firstly, here is the server report:

Code:

# cat htf_report.txt | more

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Debian GNU/Linux 10 (buster)
 
[INFO] uptime:  23:57:31 up 1 day, 10:41,  1 user,  load average: 0.04, 0.04, 0.00
 
[INFO] memory:
              total        used        free      shared  buff/cache   available
Mem:          3.9Gi       1.6Gi       942Mi        22Mi       1.3Gi       1.9Gi
Swap:         6.0Gi        24Mi       6.0Gi
 
[INFO] systemd failed services status:
  UNIT              LOAD   ACTIVE SUB    DESCRIPTION                            
● [email protected] loaded failed failed Postfix Mail Transport Agent (instance -)

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

1 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.4


##### VERSION CHECK #####

[INFO] php (cli) version is 7.3.27-1~deb10u1

##### PORT CHECK #####

[WARN] Port 25 (SMTP server) seems NOT to be listening
[WARN] Port 465 (SMTP server SSL) seems NOT to be listening
[WARN] Port 22 (SSH server) seems NOT to be listening
[WARN] Port 25 (SMTP server) seems NOT to be listening

##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Apache 2 (PID 2092)
[WARN] I could not determine which mail server is running.
[INFO] I found the following pop3 server(s):
    Dovecot (PID 7278)
[INFO] I found the following imap server(s):
    Dovecot (PID 7278)
[INFO] I found the following ftp server(s):
    PureFTP (PID 7400)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[localhost]:10026        (7265/amavisd-new)
[localhost]:11211        (11507/memcached)
[anywhere]:110        (7278/dovecot)
[anywhere]:143        (7278/dovecot)
***.***.***.***:53        (7408/named)
[localhost]:53        (7408/named)
[anywhere]:21        (7400/pure-ftpd)
[anywhere]:470        (659/sshd)
[localhost]:953        (7408/named)
[anywhere]:993        (7278/dovecot)
[anywhere]:995        (7278/dovecot)
[localhost]:10023        (28036/postgrey)
[localhost]:10024        (7265/amavisd-new)
*:*:*:*::*:10026        (7265/amavisd-new)
*:*:*:*::*:3306        (7150/mysqld)
[localhost]10        (7278/dovecot)
[localhost]43        (7278/dovecot)
*:*:*:*::*:8080        (2092/apache2)
*:*:*:*::*:80        (2092/apache2)
*:*:*:*::*:8081        (2092/apache2)
*:*:*:*::*:53        (7408/named)
*:*:*:*::*:21        (7400/pure-ftpd)
*:*:*:*::*:953        (7408/named)
*:*:*:*::*:443        (2092/apache2)
*:*:*:*::*:993        (7278/dovecot)
*:*:*:*::*:995        (7278/dovecot)
*:*:*:*::*:10023        (28036/postgrey)
*:*:*:*::*:10024        (7265/amavisd-new)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       

FYI, ISPConfig will never learn the public IP of my server because with Alibaba ifconfig command always returns the private IP address, never the public IP address.

As you have noticed, postfix isn't running, so I used 'systemctl status bind9.service' and verified that the nameservers are running.

I also ran the various test from @Taleman's DNS settings tutorial, here are the outputs:

Code:

root@server1:~# host example.com XX.XXX.XXX.XXX
Using domain server:
Name: XX.XXX.XXX.XXX
Address: XX.XXX.XXX.XXX#53
Aliases:

Host example.com not found: 5(REFUSED)

********************************************************


root@server1:~# dig @XX.XXX.XXX.XXX example.com

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> @XX.XXX.XXX.XXX example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 32981
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: dff1315cc9ece87f18a89d736073d86993667309da1b824c (good)
;; QUESTION SECTION:
;example.com.        IN    A

;; Query time: 1 msec
;; SERVER: XX.XXX.XXX.XXX#53(XX.XXX.XXX.XXX)
;; WHEN: Mon Apr 12 13:19:37 CST 2021
;; MSG SIZE  rcvd: 77

NOTE: If, I run dig @localhost example.com, I get all of the correct output related to Aliababa's nameservers.

And finally, this is a screenshot of my current DNS records:
https://i.imgur.com/kioTLbd.png

My questions are:
1.) have I created all the DNS records that need to be created?
2.) If not, which ones do I need to make?
3.) Will fixing this problem also fix the problem of postfix failure?

 

That screenshot is pretty much useless with all the important info wiped out.
I do not know which name servers that uses, but if it is your ISPConfig name servers, they do not have A records.
If your ISPConfig hosts runs with private address space IP address, then you must set up port forwarding from the public IP address. But I find it strange to have this kind of setup, it just causes lots of problems. I would find a provider that gives routable IP addresses to hosts.

 

When I got the error in my screenshot, I had single quotes around the password in /etc/mysql/debian.cnf

1.) Is it alright for me to PM you an unedited list of the of the DNS zones that I have created?
2.) I want to be able to use ns1.example.com & ns2.example.com (not alibaba dns servers)
3.) I, checked the manual, is there a simple list of the basic DNS records someone with a single server setup would need? Or can you list them here? I know "how" to configure the DNS zones from the manual, I just don't know which ones to configure. (A link to a functional example would help)

FYI. I downloaded the .ova file from the tutorial so as to have a functional model that I could learn from. I ran into 2 issues: 1.) I ran in port problems, so can't access the GUI in my local browser after loading via vbox (potential issue with nordvpn), and 2.) I believe that you guys created the .ova using German input keyboards (obviously), the result is that I can't input certain keys as I am on a US EN input keyboard.... " | " on my keyboard returns a German character and " / " on my keyboard returns a " - ".... (this is a detour, I plan to open a separate thread about the .ova, consider this a heads up)

DNS is on port 53 and my alibaba firewall has port 53 open. This the nmap output on my public ip address

Code:

nmap -sT -p- XX.XXX.XXX.XXX-Public-IP
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-12 15:14 CST
Nmap scan report for herocloudhosting.com (XX.XXX.XXX.XXX-Public-IP)
Host is up (0.043s latency).
Not shown: 65517 filtered ports
PORT      STATE  SERVICE
21/tcp    open   ftp
22/tcp    closed ssh
53/tcp    open   domain
80/tcp    open   http
110/tcp   open   pop3
143/tcp   open   imap
443/tcp   open   https
587/tcp   closed submission
993/tcp   open   imaps
995/tcp   open   pop3s
3306/tcp  open   mysql
5060/tcp  open   sip
8080/tcp  open   http-proxy
29811/tcp closed unknown
29818/tcp closed unknown
29831/tcp closed unknown
29833/tcp closed unknown
29843/tcp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 306.14 seconds

I restarted postfix and this is the error log content of /var/log/mail.org:
[I don't know if it matters, but it is using my private IP rather than public IP]

Code:

Apr 12 14:15:02 server1 postfix/postqueue[28300]: warning: Mail system is down -- accessing queue directly
Apr 12 14:15:02 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<IIkcb8C/YpYAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:15:02 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<1okcb8C/rKEAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:20:01 server1 postfix/postqueue[28459]: warning: Mail system is down -- accessing queue directly
Apr 12 14:20:01 server1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<t+XygMC/zKEAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:20:01 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<uhHzgMC/gpYAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:25:01 server1 postfix/postqueue[28615]: warning: Mail system is down -- accessing queue directly
Apr 12 14:25:01 server1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<y5DXksC/5KEAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:25:01 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<HJ7XksC/mpYAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:30:01 server1 postfix/postqueue[28776]: warning: Mail system is down -- accessing queue directly
Apr 12 14:30:02 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<7SW+pMC/+qEAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:30:02 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<cUy+pMC/sJYAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:35:02 server1 postfix/postqueue[28933]: warning: Mail system is down -- accessing queue directly
Apr 12 14:35:02 server1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<TeCjtsC/EqIAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:35:02 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<NxaktsC/yJYAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:40:01 server1 postfix/postqueue[29193]: warning: Mail system is down -- accessing queue directly
Apr 12 14:40:01 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<dsp5yMC/6pYAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:40:01 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Rcx5yMC/NKIAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:45:01 server1 postfix/postqueue[29359]: warning: Mail system is down -- accessing queue directly
Apr 12 14:45:01 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Smlg2sC/UKIAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:45:01 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<AXBg2sC/BpcAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:50:02 server1 postfix/postqueue[29559]: warning: Mail system is down -- accessing queue directly
Apr 12 14:50:02 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<ddtH7MC/dKIAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:50:02 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<7fhH7MC/KpcAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:54:54 server1 dovecot: imap-login: Disconnected (no auth attempts in 10 secs): user=<>, rip=192.241.209.99, lip=XXX.XX.XX.XXX-PrivateIP, session=<89ew/cC/5IHA8dFj>
Apr 12 14:55:02 server1 postfix/postqueue[29720]: warning: Mail system is down -- accessing queue directly
Apr 12 14:55:02 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<+F0s/sC/jKIAAAAAAAAAAAAAAAAAAAAB>
Apr 12 14:55:02 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<umQs/sC/QpcAAAAAAAAAAAAAAAAAAAAB>
Apr 12 15:00:01 server1 postfix/postqueue[29878]: warning: Mail system is down -- accessing queue directly
Apr 12 15:00:01 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<HqMCEMG/WpcAAAAAAAAAAAAAAAAAAAAB>
Apr 12 15:00:01 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Dq0CEMG/pKIAAAAAAAAAAAAAAAAAAAAB>
Apr 12 15:05:01 server1 postfix/postqueue[30561]: warning: Mail system is down -- accessing queue directly
Apr 12 15:05:02 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<EZnoIcG/xqIAAAAAAAAAAAAAAAAAAAAB>
Apr 12 15:05:02 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<BK/oIcG/fJcAAAAAAAAAAAAAAAAAAAAB>
Apr 12 15:10:02 server1 postfix/postqueue[30800]: warning: Mail system is down -- accessing queue directly
Apr 12 15:10:02 server1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<gkvNM8G/3qIAAAAAAAAAAAAAAAAAAAAB>
Apr 12 15:10:02 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<W4DNM8G/lJcAAAAAAAAAAAAAAAAAAAAB>
Apr 12 15:14:02 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=185.189.161.164, lip=XXX.XX.XX.XXX-PrivateIP, TLS handshaking: read(size=1026) failed: Connection reset by peer, session=<UvkhQsG/ZKK5vaGk>
Apr 12 15:14:02 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=185.189.161.164, lip=XXX.XX.XX.XXX-PrivateIP, session=<9LYiQsG/8Ky5vaGk>
Apr 12 15:14:03 server1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=185.189.161.164, lip=XXX.XX.XX.XXX-PrivateIP, session=<XP8yQsG/doq5vaGk>
Apr 12 15:15:02 server1 postfix/postqueue[30966]: warning: Mail system is down -- accessing queue directly
Apr 12 15:15:02 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Jf6yRcG/rJcAAAAAAAAAAAAAAAAAAAAB>
Apr 12 15:15:02 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<7ACzRcG/9qIAAAAAAAAAAAAAAAAAAAAB>

While troubleshooting, I ran across this command 'postconf -n|grep interfaces', which outputs:

Code:

postconf: fatal: file /etc/postfix/master.cf: line 18: bad field count

So I compared my production /etc/postfix/master.cf with the test server /etc/postfix/master.cf (.ova) and I did not see a difference (or my coffee coffee jolt is wearing off)

This is my /etc/postfix/master.cf content:

Code:

# cat /etc/postfix/master.cf
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
submission inet n       -       y       -       -       smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       -       smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix    -    n    n    -    2    pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o smtp_bind_address=


127.0.0.1:10025 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes


127.0.0.1:10027 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
        -o milter_default_action=accept
        -o milter_macro_daemon_name=ORIGINATING
        -o disable_dns_lookups=yes

About the completely useless screenshot, I posted... what I edited out are 2 elements: a.) the "example" part of example.com, and b.) my public IP address.

I mention this because, when I trying to manually configure the DNS entries before, the "suggestion" that always came up is my private IP, and one of your team told me to use the public IP address rather than the suggested private ip address.

Is the port forwarding setup via alibaba or ISPConfig?

 

You have removed the indent on these lines:

Code:

submission inet n       -       y       -       -       smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes

 

I do not know your setup, but it can not be done in ISPConfig.
Are you sure you can not use the public IP address on your ISPConfig host?

 

For clarity sake I am never entering alibaba dns information into ISPConfig.
This is the nameserver interface on alibaba.
https://i.imgur.com/snFOAyD.png

If I change these name servers to ns1.example.com and ns2.example.com, they stop working. If I change these entries to alibaba dns entires ns7.alidns.comns, 8.alidns.com everything resolves correctly.

Under alibaba DNS I have these A records:
https://i.imgur.com/1v45rbF.png
UPDATE
HAPPY HAPPY JOY JOY, @Taleman was correct, the ns1 / ns2 A records were missing, now the domain is resolving correctly:

Hot Tip: You guys should this page of your Admin Demo portal to visually show "noobs" like me how to get the DNS working (and the manual / tutorial ) should include the list of necessary records as well.



Good catch on the indents, didn't realize their importance, but no luck same problem. See below

New /etc/postfix/master.cf

Code:

# cat /etc/postfix/master.cf
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix    -    n    n    -    2    pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o smtp_bind_address=


127.0.0.1:10025 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes


127.0.0.1:10027 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
        -o milter_default_action=accept
        -o milter_macro_daemon_name=ORIGINATING
        -o disable_dns_lookups=yes

New server report:

Code:

# cat htf_report.txt | more

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Debian GNU/Linux 10 (buster)
 
[INFO] uptime:  16:37:06 up 2 days,  3:20,  1 user,  load average: 0.05, 0.01, 0.00
 
[INFO] memory:
              total        used        free      shared  buff/cache   available
Mem:          3.9Gi       1.7Gi       710Mi        25Mi       1.5Gi       1.9Gi
Swap:         6.0Gi        23Mi       6.0Gi
 
[INFO] systemd failed services status:
0 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.4


##### VERSION CHECK #####

[INFO] php (cli) version is 7.3.27-1~deb10u1

##### PORT CHECK #####

[WARN] Port 22 (SSH server) seems NOT to be listening

##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Apache 2 (PID 1399)
[INFO] I found the following mail server(s):
    Postfix (PID 2205)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 7278)
[INFO] I found the following imap server(s):
    Dovecot (PID 7278)
[INFO] I found the following ftp server(s):
    PureFTP (PID 7400)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[localhost]:10026        (7265/amavisd-new)
[localhost]:10027        (2205/master)
[anywhere]:587        (2205/master)
[localhost]:11211        (11507/memcached)
[anywhere]:110        (7278/dovecot)
[anywhere]:143        (7278/dovecot)
[anywhere]:465        (2205/master)
***.***.***.***:53        (7408/named)
[localhost]:53        (7408/named)
[anywhere]:21        (7400/pure-ftpd)
[anywhere]:470        (659/sshd)
[anywhere]:25        (2205/master)
[localhost]:953        (7408/named)
[anywhere]:993        (7278/dovecot)
[anywhere]:995        (7278/dovecot)
[localhost]:10023        (28036/postgrey)
[localhost]:10024        (7265/amavisd-new)
[localhost]:10025        (2205/master)
*:*:*:*::*:10026        (7265/amavisd-new)
*:*:*:*::*:3306        (7150/mysqld)
*:*:*:*::*:587        (2205/master)
[localhost]10        (7278/dovecot)
[localhost]43        (7278/dovecot)
*:*:*:*::*:8080        (1399/apache2)
*:*:*:*::*:80        (1399/apache2)
*:*:*:*::*:465        (2205/master)
*:*:*:*::*:8081        (1399/apache2)
*:*:*:*::*:53        (7408/named)
*:*:*:*::*:21        (7400/pure-ftpd)
*:*:*:*::*:25        (2205/master)
*:*:*:*::*:953        (7408/named)
*:*:*:*::*:443        (1399/apache2)
*:*:*:*::*:993        (7278/dovecot)
*:*:*:*::*:995        (7278/dovecot)
*:*:*:*::*:10023        (28036/postgrey)
*:*:*:*::*:10024        (7265/amavisd-new)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

 

Not sure at all.

I found these instructions for setting up postfix on alibaba. You guys have any thoughts? I don't want to change something on the alibaba side that will interfere with ISPConfig

https://www.alibabacloud.com/blog/h...uirrelmail-on-ubuntu-16-04-alibaba-ecs_594092

 

I have tried:

Code:

# nano /etc/cloud/cloud.cfg
     preserve_hostname true

# sudo nano /etc/hosts

127.0.0.1       localhost
127.0.1.1   server1.example.com server1
198.18.0.14  server1.example.com server1    <---  tried both public IP / private IP, reboot after each attempt

No luck... Server test script always shows postfix not working....

 

Progress, but haven't cracked the postfix egg yet.

Code:

# postconf -n|grep interfaces
OUTPUT:
inet_interfaces = all
smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining , permit

 

Got it... I just misread the report... thanks... for pointing that out... I already rolled back the changes I made from the other tutorial... great thing about alibaba is the easy rollback... I can "config & break" things, then easily rollback

 

Here's a "best practice" question: Now that I have my primary DNS Zone set up correctly. I realize that it is not connected to a "client". Should I assign the DNS Zone to a specific client (i.e. my name "John Smith"). Or should I leave it as is?

Additionally, when creating emails, I will need to create email addresses for subdomain server1.example.com (incorrect assumption?) and example.com. Is it best to leave these without a "client" as well?

And when I am ready to create a website for my hosting company (wordpress) , should I also leave that without a client as well?

If it is better practice to assign the default DNS Zone to an Admin Client, can I retroactively assign a client to the DNS Zone ("cave man clicking" didn't help, reading manual now.) Or should I export, delete current zone, create default client, import DNS Zone?

 

I assign DNS zones to the client that has that zone. Then the client can do some DNS changes using his/her own ISPConfig account.
I guess it works if you do not assing zones to clients, but then you must do all the changes because client can do nothing.