Good Day, I added a domain and activated SSL w LetsEncrypt. Now all sites are using this cert and the base domain of the server which receives a lot of email is rejecting all inbound email. I tried deactivating the cert, but the other site is still using it and email still being rejected. I can see in the /etc/letsencrypt/live directory that the new cert is still there and the original for the base site. So wondering on how I undo what I did to get the base site email working again. And then steps to get the hosted sites individual certs to work properly. Let me know what logs you may want to see, or snippets. Thanks, Mike
Please post log files. Mail and Web are two different services and can have two different problems. For Web: activate SSL for all webs or none. For IP setting, use either the real IP or * for all webs. For Mail: see maillog
Do not mix * and IP in the IPv4 field of sites, all sites m just use * or all sites must use the IP, don't mix that.
Okay, , yes also added a new site yesterday and it had the IP selected. I've now set it to * and the web servers are now responding with thier correct certs. Thanks on that one. On to the mail issue. Here is a snippet from the maillog for a user from a legit email sender. ====================== May 4 10:38:37 mx postfix/qmgr[1344]: 8011F834ABB: from=<SRS0=pw+9Rd=6R=email-marriott.com=marriottbonvoy-hp2v500000171dad7874e8fdb8a6e966a31b0165@cwprorg.fatcow.com>, size=71003, nrcpt=2 (queue active) May 4 10:38:37 mx postfix/error[19880]: 8011F834ABB: to=<[email protected]>, relay=none, delay=88619, delays=88619/0.2/0/0.01, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) May 4 10:38:37 mx postfix/error[19880]: 8011F834ABB: to=<[email protected]>, relay=none, delay=88619, delays=88619/0.2/0/0.01, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) ======================
You are using amavis for mail scanning and this is not accepting connections. This can be due to a firewall issue or just that amavis is not running See if it is running with: "netstat -tap | grep amavis" Try starting with "systemctl restart amavis"
Steini86, I'm running this on a Centos 8 server. [root@mx log]# netstat -tap | grep amavis got nothing So amavis is failing. Getting this error on start up. May 04 12:29:35 mx.MyDomain.com amavisd[9254]: Error in config file "/etc/amavisd/amavisd.conf": Error in config file "/etc/amavisd/60-dkim": Can't open PEM file /var/lib/amavis/dkim/MyDomain.com.private: Permission denied at /usr/sbin/amavisd line 638. May 04 12:29:35 mx.MyDomain.com systemd[1]: amavisd.service: control process exited, code=exited status=13 May 04 12:29:35 mx.MyDomain.com systemd[1]: Failed to start Amavisd-new is an interface between MTA and content checkers..
Steini86, Thanks for the help. I went into the ispconfig and disabled the DKIM on the one domain I had turned on yesterday, and restart amavis and all is good now. Many thanks, Mike
Well, the error message is quite clear? Try: Code: chown -R amavis:amavis /var/lib/amavis Which version of ISPC are you using? Could be a good idea to upgrade: https://git.ispconfig.org/ispconfig/ispconfig3/issues/4035 Said to be fixed 3 years ago ..