Centos 7 ISPConfig 3.0.5.4p9 Getting lots of spam, keep tightening the #s in ISPconfig, but dont see any changes. Set SPAM tag level at -100. Still dont see anything in headers. Assuming I have set something wrong in master.cf ... Tried re-rerunning the ispconfig install, but didnt change the problem. Would really love some suggestions, I'm really lost with postfix configs. I assume its all magic in master.cf that I've got wrong. I FINALLY got certs running correctly, but Spam and Viruses are killing me. # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} dovecot unix - n n - - pipe flags=DROhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
I may have fixed it myself. There was a newer ver of ispconfig out (I guess, the console looks different) So I downloaded it and did the update, having it not nothing but reconfigure apps, which made major changes to the master.cf, and (since spam tag was set to -100) EVERY email started showing up as "Possible Spam" Adjusted it back to 3, and will watch closely for a few days. My luck *seems* to be that I fix one thing and break 2 others!
Finally got some logging, but really don't know what most of it actually means, other than something is broken. 2016-09-02 11:14:19,139 fail2ban.jail [18792]: INFO Jail 'xmlrpc' stopped 2016-09-02 11:14:22,188 fail2ban.action [18792]: ERROR firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-xmlrpc src -j REJECT --reject-with icmp-port-unreachable ipset flush fail2ban-apache-xmlrpc ipset destroy fail2ban-apache-xmlrpc -- stdout: 'Not using slip\n' 2016-09-02 11:14:22,189 fail2ban.action [18792]: ERROR firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-xmlrpc src -j REJECT --reject-with icmp-port-unreachable ipset flush fail2ban-apache-xmlrpc ipset destroy fail2ban-apache-xmlrpc -- stderr: 'Traceback (most recent call last):\n File "/usr/bin/firewall-cmd", line 703, in <module>\n fw = FirewallClient()\n File "<string>", line 2, in __init__\n File "/usr/lib/python2.7/site-packages/firewall/client.py", line 52, in handle_exceptions\n return func(*args, **kwargs)\n File "/usr/lib/python2.7/site-packages/firewall/client.py", line 1594, in __init__\n self.bus = dbus.SystemBus()\n File "/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 194, in __new__\n private=private)\n File "/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 100, in __new__\n bus = BusConnection.__new__(subclass, bus_type, mainloop=mainloop)\n File "/usr/lib64/python2.7/site-packages/dbus/bus.py", line 122, in __new__\n bus = cls._new_for_bus(address_or_type, mainloop=mainloop)\ndbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.\nipset v6.19: The set with the given name does not exist\nipset v6.19: The set with the given name does not exist\n' 2016-09-02 11:14:22,190 fail2ban.action [18792]: ERROR firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-xmlrpc src -j REJECT --reject-with icmp-port-unreachable ipset flush fail2ban-apache-xmlrpc ipset destroy fail2ban-apache-xmlrpc -- returned 1 2016-09-02 11:14:22,197 fail2ban.actions [18792]: ERROR Failed to stop jail 'apache-xmlrpc' action 'firewallcmd-ipset': Error stopping action 2016-09-02 11:14:22,198 fail2ban.jail [18792]: INFO Jail 'apache-xmlrpc' stopped 2016-09-02 11:16:43,770 fail2ban.jail [1581]: INFO Creating new jail 'apache-xmlrpc' 2016-09-02 11:16:43,771 fail2ban.jail [1581]: INFO Jail 'apache-xmlrpc' uses systemd 2016-09-02 11:16:44,952 fail2ban.jail [1581]: INFO Creating new jail 'xmlrpc' 2016-09-02 11:16:44,952 fail2ban.jail [1581]: INFO Jail 'xmlrpc' uses systemd 2016-09-02 11:16:47,052 fail2ban.jail [1581]: INFO Jail 'apache-xmlrpc' started 2016-09-02 11:16:48,241 fail2ban.jail [1581]: INFO Jail 'xmlrpc' started 2016-09-02 11:16:48,783 fail2ban.action [1581]: ERROR ipset create fail2ban-apache-xmlrpc hash:ip timeout -28800 firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-xmlrpc src -j REJECT --reject-with icmp-port-unreachable -- stdout: '\x1b[91mFirewallD is not running\x1b[00m\n' 2016-09-02 11:16:48,783 fail2ban.action [1581]: ERROR ipset create fail2ban-apache-xmlrpc hash:ip timeout -28800 firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-xmlrpc src -j REJECT --reject-with icmp-port-unreachable -- stderr: "ipset v6.19: Syntax error: '-28800' is out of range 0-4294967\n" 2016-09-02 11:16:48,784 fail2ban.action [1581]: ERROR ipset create fail2ban-apache-xmlrpc hash:ip timeout -28800 firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-xmlrpc src -j REJECT --reject-with icmp-port-unreachable -- returned 252 2016-09-02 11:16:48,784 fail2ban.actions [1581]: ERROR Failed to start jail 'apache-xmlrpc' action 'firewallcmd-ipset': Error starting action
The errors above are from fail2ban, not the mail system. Please compare your fail2bn setup with the one from perfect server tutorial. You seem to have a rule fail2ban-apache-xmlrpc in your setup which is broken, but this ruke is not used in the perfect setup tutorial.
