I did restart postgrey and tried to run strace afterwards on the pid, but the process was gone already. In the log I find only these lines: Code: May 14 09:22:55 postgrey[23637]: 2021/05/14-09:22:55 Server closing! May 14 09:22:55 postgrey[23637]: Couldn't unlink "/var/run/postgrey.pid" [Permission denied] May 14 09:22:55 postgrey[3090]: Process Backgrounded May 14 09:22:55 postgrey[3090]: 2021/05/14-09:22:55 postgrey (type Net::Server::Multiplex) starting! pid(3090) May 14 09:22:55 postgrey[3090]: Binding to UNIX socket file "/var/spool/postfix/postgrey/socket" May 14 09:22:55 postgrey[3090]: Setting gid to "991 991" May 14 09:22:55 postgrey[3090]: Setting uid to "994"
Ok, I ran strace without single quotes, that gave some output (I had to limit the contents due to limits set by the forum, so this is only the last lines): Code: strace systemctl restart postgrey ...... MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 200 recvmsg(3, {msg_namelen=0}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = -1 EAGAIN (Die Ressource ist zur Zeit nicht verfügbar) ppoll([{fd=3, events=POLLIN}], 1, NULL, NULL, 8) = 1 ([{fd=3, revents=POLLIN}]) recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\4\1\1!\2\0\0\v\0\0\0\226\0\0\0\1\1o\0001\0\0\0", iov_len=24}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24 recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="/org/freedesktop/systemd1/unit/p"..., iov_len=689}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 689 recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\4\1\1\354\2\0\0\f\0\0\0\226\0\0\0\1\1o\0001\0\0\0", iov_len=24}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24 recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="/org/freedesktop/systemd1/unit/p"..., iov_len=892}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 892 recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\4\1\1H\0\0\0\r\0\0\0\206\0\0\0\1\1o\0#\0\0\0", iov_len=24}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24 recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="/org/freedesktop/systemd1/job/77"..., iov_len=200}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 200 recvmsg(3, {msg_namelen=0}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = -1 EAGAIN (Die Ressource ist zur Zeit nicht verfügbar) ppoll([{fd=3, events=POLLIN}], 1, NULL, NULL, 8) = 1 ([{fd=3, revents=POLLIN}]) recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\4\1\1!\2\0\0\16\0\0\0\226\0\0\0\1\1o\0001\0\0\0", iov_len=24}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24 recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="/org/freedesktop/systemd1/unit/p"..., iov_len=689}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 689 recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\4\1\1\354\2\0\0\17\0\0\0\226\0\0\0\1\1o\0001\0\0\0", iov_len=24}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24 recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="/org/freedesktop/systemd1/unit/p"..., iov_len=892}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 892 recvmsg(3, {msg_namelen=0}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = -1 EAGAIN (Die Ressource ist zur Zeit nicht verfügbar) ppoll([{fd=3, events=POLLIN}], 1, NULL, NULL, 8) = 1 ([{fd=3, revents=POLLIN}]) recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\4\1\1M\0\0\0\20\0\0\0z\0\0\0\1\1o\0\31\0\0\0", iov_len=24}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24 recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="/org/freedesktop/systemd1\0\0\0\0\0\0\0"..., iov_len=197}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=1, uid=0, gid=0}}], msg_controllen=32, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 197 kill(5197, SIGTERM) = 0 kill(5197, SIGCONT) = 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- waitid(P_PID, 5197, {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=0}, WEXITED, NULL) = 0 kill(5198, SIGTERM) = 0 kill(5198, SIGCONT) = 0 waitid(P_PID, 5198, {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5198, si_uid=0, si_status=SIGTERM, si_utime=0, si_stime=0}, WEXITED, NULL) = 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5198, si_uid=0, si_status=SIGTERM, si_utime=0, si_stime=0} --- close(3) = 0 exit_group(0) = ? +++ exited with 0 +++
Maybe a poorly written systemd unit file which doesn't recognize that the process has died? Restart postgrey, then strace the trimming process (use -p pid).
That output looks like stuff related to systemd, not postgrey. Does postgrey stay running at all after a restart, or immediately dies? If it runs, attach to it's pid and get the output from when it dies; if it dies immediately, try just running it directly (without systemd), eg. on debian that would be something like "strace -f /usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=10023". You can strace output to a .txt file and upload that rather than pasting directly.
And to answer the other question: postgrey seems to die almost instantly, it takes less than a second. So I have no chance to run strace on the pid.
So to see why it dies, go to the end, back up just a bit (usually 100-200 lines to get context for what's happening), then find the error/reason for exiting, which seems to be: Code: write(2, "ERROR: at /usr/sbin/postgrey li"..., 40ERROR: at /usr/sbin/postgrey line 788. ) = 40 That's printed on file handle 2, ie. stderr, so you would see that same error by just running postgrey on the command prompt. So now edit postgrey to see what's on line 788, run searches for that error on centos, etc.
Yes, I noticed that too. Unfortunately, in that file there is on the said line only a routine that prints out the error message, but no obvious error. Unless, it's this routine. It just says: Code: die('ERROR: ' . $error); I have now installed rspamd, let's see how that works...
rspamd is running, I disabled postgrey and amavisd, but testmails don't get through. The rspamd dashboard shows that messages are being processed. There are no error messages in maillog. I just noticed that outgoing messages had been considered spam by the receiving mail service. That can be solved. Yet I have to figure out why messages aren't coming in...
If you ditch postgrey (which I'm doing on all rspamd systems, fwiw) you have to change smtpd_recipient_restrictions. Eg. I have this as part of /usr/local/ispconfig/server/conf-custom/install/postfix_custom.conf.master: Code: # get rid of greylisting till https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6150 is resolved smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_policy_service unix:private/quota-status
Can I use that 1:1? I noticed that it's an empty folder, and there is a file in that folder named empty.dir stating that this empty folder is needed by ispconfig. I guess that after adding a file postfix_custom.conf in that folder, I would need to restart ISPConfig. How would I do that? (sorry for that basic question)
After adding a (new) line to the postfix_custom.conf file, run a ISPConfige update: Code: ispconfig_update.sh --force
Thanks. Just to let you know: I figured out that enabling the option "greylisting" in the ISPConfigUI (EMail/Email Mailbox) the reception of new mails stopped. After duisabling the greylisting option it started again. I guess that this option is not needed with rspamd? Even after the update it's the same behaviour, and during the update ispconfig configured amavisd and rspamd and started both services.
If you stop or uninstall postgrey without fixing smtpd_recipient_restrictions, all accounts with grey listing enabled won't receive mail. If you fix that and want to use rspamd's greylisting, you will need to enable that setting in the account (eg probably in all accounts).
I did what you suggested in Post #30, but that seemed to have no effect. What happened when I updated ispconfig is described in post #33. I manually disabled postgrey and amavisd again and then had the described behaviour. I have now updated the line manually in /etc/postfix/main.cf and restarted postfix, now I could enable greylisting without any negative effect on mail reception, but I also noticed that rspamd was greylisting messages already much earlier - according to its history report, even though greylisting was disabled at that time in the account settings. Odd?
Yes, that's what you need for postfix's current configuration (which is what would happen following post #32); also make sure you put that in a conf-custom file (eg. postfix_custom.conf.master) so it's effective in future updates, if you haven't. rspamd greylists according to the settings in the domain/user spamfilter policy, and only for addresses which have greylisting enabled.
