Postgrey: 127.0.0.1:10023: Connection refused

Used the "Perfect Server Automated ISPConfig 3 Installation on Debian 10 - 11 and Ubuntu 20.04" for the install on a fresh Debian 11 VPS.
In the process of moving to a new server. The only issue seems to be with email. Here is the problem I'm seeing:

Code:

Oct 21 13:24:58 mail postfix/smtpd[28754]: warning: connect to 127.0.0.1:10023: Connection refused
Oct 21 13:24:58 mail postfix/smtpd[28754]: warning: problem talking to server 127.0.0.1:10023: Connection refused

I note that check_policy_service inet:127.0.0.1:10023 is no longer included with smtpd_recipient_restrictions.

Copy of main.cf:

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2



# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
myhostname = mail.writeworks.uk
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = mail.writeworks.uk, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, reject_unknown_helo_hostname, permit
smtpd_sender_restrictions = permit_mynetworks, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf,  permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender
smtpd_reject_unlisted_sender = no
smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining, permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = lmtp:unix:private/dovecot-lmtp
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
tls_preempt_cipherlist = yes
address_verify_negative_refresh_time = 60s
enable_original_recipient = no
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf
smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd
smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
authorized_flush_users =
authorized_mailq_users = nagios, icinga
smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS
address_verify_sender_ttl = 15686s
smtp_dns_support_level = dnssec
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_milters = inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept
message_size_limit = 0

Link to test script output (too large for here):
https://selfhost.uk/privatebin/?1827945229103205#7pTX8nESVS6C6Rp6NnDPiz9Csjsiy7Lrcmt4aqTgaQx7

 

I should have mentioned that I'd already:
service postgrey status
Which showed it was running fine.

Code:

root@mail:/tmp# service postgrey status
● postgrey.service - LSB: Start/stop the postgrey daemon
     Loaded: loaded (/etc/init.d/postgrey; generated)
     Active: active (exited) since Fri 2022-10-21 12:42:41 CEST; 2h 41min ago
       Docs: man:systemd-sysv-generator(8)
    Process: 24709 ExecStart=/etc/init.d/postgrey start (code=exited, status=0/SUCCESS)
        CPU: 238ms

Oct 21 12:42:41 mail postgrey[24715]: whitelisted: 213.143.66.210/32
Oct 21 12:42:41 mail postgrey[24715]: Pid_file "/var/run/postgrey.pid" already exists.  Overwriting!
Oct 21 12:42:41 mail postgrey[24717]: Process Backgrounded
Oct 21 12:42:41 mail postgrey[24717]: 2022/10/21-12:42:41 postgrey (type Net::Server::Multiplex) starting! pid(24717)
Oct 21 12:42:41 mail postgrey[24717]: Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Oct 21 12:42:41 mail postgrey[24717]: Resolved [localhost]:10023 to [::1]:10023, IPv6
Oct 21 12:42:41 mail postgrey[24709]: .
Oct 21 12:42:41 mail systemd[1]: Started LSB: Start/stop the postgrey daemon.
Oct 21 12:42:41 mail postgrey[24717]: Binding to TCP port 10023 on host 127.0.0.1 with IPv4
Oct 21 12:42:41 mail postgrey[24717]: Binding to TCP port 10023 on host ::1 with IPv6

Have also ran:
ispconfig_update.sh --force
Postgrey still not connectiong so did a report. No change in Postgrey's conection status.

 

Backedup the old /etc/default/postgrey file and have copy and pasted into a new /etc/default/postgrey file. Connections still refused.

Code:

Oct 21 16:15:49 mail postfix/smtpd[23910]: warning: problem talking to server 127.0.0.1:10023: Connection refused
Oct 21 16:15:50 mail postfix/smtpd[23910]: warning: connect to 127.0.0.1:10023: Connection refused

FWIW, here's the copy of what is at the server:

Code:

# postgrey startup options, created for Debian

# you may want to set
#   --delay=N   how long to greylist, seconds (default: 300)
#   --max-age=N delete old entries after N days (default: 35)
# see also the postgrey(8) manpage

POSTGREY_OPTS="--inet=10023"

# the --greylist-text commandline argument can not be easily passed through
# POSTGREY_OPTS when it contains spaces.  So, insert your text here:
#POSTGREY_TEXT="Your customized rejection message here"

 

Yes. Restarted postgrey.
This is a current extract from mail.log:

Code:

Oct 21 16:46:19 mail postfix/smtpd[28581]: connect from mercury.ucu.org.uk[46.33.155.176]
Oct 21 16:46:19 mail postfix/smtpd[28581]: warning: connect to 127.0.0.1:10023: Connection refused
Oct 21 16:46:19 mail postfix/smtpd[28581]: warning: problem talking to server 127.0.0.1:10023: Connection refused
Oct 21 16:46:20 mail postfix/smtpd[28581]: warning: connect to 127.0.0.1:10023: Connection refused
Oct 21 16:46:20 mail postfix/smtpd[28581]: warning: problem talking to server 127.0.0.1:10023: Connection refused
Oct 21 16:46:20 mail postfix/smtpd[28581]: NOQUEUE: reject: RCPT from mercury.ucu.org.uk[46.33.155.176]: 451 4.3.5 <[email protected]>: Recipient address rejected: Server configuration problem; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<mercury.ucu.org.uk>
Oct 21 16:46:50 mail postfix/smtpd[28581]: disconnect from mercury.ucu.org.uk[46.33.155.176] helo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5

 

netstat -ntap | grep 10023 returns nothing.

Code:

root@mail:~# netstat -ntap | grep 10023
root@mail:~#

From syslog:

Code:

Oct 21 17:14:42 mail systemd[1]: Starting LSB: Start/stop the postgrey daemon...
Oct 21 17:14:43 mail postgrey[30908]: Starting postfix greylisting daemon: postgrey
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 66.216.126.174/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 193.77.153.67/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted 2: 195.235.39.0/24
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 216.238.112.99/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 193.81.20.195/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 193.77.126.208/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 80.200.249.216/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 193.191.218.141/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 193.191.218.142/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 193.191.218.143/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 194.7.234.141/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 194.7.234.142/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 194.7.234.143/32
Oct 21 17:14:43 mail postgrey[30914]: whitelisted: 213.143.66.210/32
Oct 21 17:14:43 mail postgrey[30914]: Pid_file "/var/run/postgrey.pid" already exists.  Overwriting!
Oct 21 17:14:43 mail postgrey[30915]: Process Backgrounded
Oct 21 17:14:43 mail postgrey[30915]: 2022/10/21-17:14:43 postgrey (type Net::Server::Multiplex) starting! pid(30915)
Oct 21 17:14:43 mail postgrey[30915]: Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Oct 21 17:14:43 mail postgrey[30915]: Resolved [localhost]:10023 to [::1]:10023, IPv6
Oct 21 17:14:43 mail postgrey[30908]: .
Oct 21 17:14:43 mail systemd[1]: Started LSB: Start/stop the postgrey daemon.
Oct 21 17:14:43 mail postgrey[30915]: Binding to TCP port 10023 on host 127.0.0.1 with IPv4
Oct 21 17:14:43 mail postgrey[30915]: Binding to TCP port 10023 on host ::1 with IPv6
Oct 21 17:14:43 mail kernel: [ 4143.629438] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:48:05:0b:74:83:ef:4e:ad:b9:08:00 SRC=176.111.174.88 DST=38.242.142.220 LEN=40 

 

Just rebooted and am seeing the same error:

Code:

Oct 21 17:56:00 mail postfix/smtpd[32536]: warning: connect to 127.0.0.1:10023: Connection refused
Oct 21 17:56:00 mail postfix/smtpd[32536]: warning: problem talking to server 127.0.0.1:10023: Connection refused
Oct 21 17:56:01 mail postfix/smtpd[32536]: warning: connect to 127.0.0.1:10023: Connection refused
Oct 21 17:56:01 mail postfix/smtpd[32536]: warning: problem talking to server 127.0.0.1:10023: Connection refused

I also thought it looked as if the ports were opened and bound to localhost but as I don't get quite that deep on a daily basis I wasn't 100% sure.
I've no idea what might cause a refused connection to postgrey. Will continue to search for a solution and should you have anything to try or look at, please do let me know.

 

Noticed a suggestion to change this:

Code:

POSTGREY_OPTS="--inet=10023"

To this:

Code:

POSTGREY_OPTS="--inet=127.0.0.1:10023"

So far this seems to work:

Code:

root@mail:/etc/default# netstat -ntap | grep 10023
tcp        0      0 127.0.0.1:10023         0.0.0.0:*               LISTEN      43580/postgrey --pi
tcp        0      0 127.0.0.1:10023         127.0.0.1:40262         ESTABLISHED 43580/postgrey --pi
tcp        0      0 127.0.0.1:40262         127.0.0.1:10023         ESTABLISHED 44319/smtpd         
root@mail:/etc/default# service postfix status
● postfix.service - Postfix Mail Transport Agent
     Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
     Active: active (exited) since Fri 2022-10-21 18:20:02 BST; 3min 10s ago
    Process: 44317 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
   Main PID: 44317 (code=exited, status=0/SUCCESS)
        CPU: 2ms

Oct 21 18:20:02 mail systemd[1]: Starting Postfix Mail Transport Agent...
Oct 21 18:20:02 mail systemd[1]: Finished Postfix Mail Transport Agent

I believe this looks OK but wanted to check that there would be no adverse behaviour due to this change.

 

What is in /etc/hosts for localhost and 127.0.0.1?

 

Code:

127.0.0.1       localhost.localdomain   localhost
# This line should be changed to the correct servername:
38.242.142.220 mail.writeworks.uk  mail

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

 

Yes, it's running on a VPS using KVM.
https://contabo.com/blog/how-does-virtualization-work/#virtualization-at-contabo

 

Your problem: system has IPv6 disabled in sysctl.conf.