This will be the second machine I've set up based on Rocky Linux, this time using v9.3 as the starting spot. I can say that, following the Perfect Server CentOS 8 instructions, it went well. I think the only thing that didn't go as directed was Mailman - still don't think there's a way forward on that, and I don't use it anyway, so I skipped it. I did find some differences, but mainly in package versions, so I'll post those shortly. I also found another user (Clint) who, as of last year, had done a couple of these as well, and I used some of his instructions to simplify some things as well. I kept pretty good notes, so I'll document the differences by section later. I have NOT fully tested it yet either, so I probably haven't found all the mistakes yet, but it's looking good. My first issue at this point is clamd@amavisd - it won't start, throws an error, and my searching hasn't found an answer yet. I have a script that shuts down all the email-related services, and then restarts them (in order postfix, amavisd, clamd@amavisd, dovecot, postgrey, then reverses it). Here's the output: Code: postfix: Active: inactive (dead) amavisd: Active: failed (Result: exit-code) clamd@amavisd: Active: inactive (dead) dovecot: Active: inactive (dead) postgrey: Active: inactive (dead) All stopped... postgrey: Active: active (running) dovecot: Active: active (running) clamd@amavisd: Active: active (running) Job for amavisd.service failed because the control process exited with error code. See "systemctl status amavisd.service" and "journalctl -xeu amavisd.service" for details. amavisd: Active: activating (auto-restart) (Result: exit-code) postfix: Active: active (running) All Started "systemctl status amavisd.service" yields: Code: × amavisd.service - Amavis mail content checker Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled; preset: disabled) Active: failed (Result: exit-code) since Fri 2024-01-19 09:54:08 EST; 1min 37s ago Duration: 9h 42min 44.391s Docs: http://www.ijs.si/software/amavisd/#doc Process: 277858 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf $ARGS (code=exited, st> CPU: 367ms Jan 19 09:54:08 mail.example.com systemd[1]: amavisd.service: Scheduled restart job, restart counte> Jan 19 09:54:08 mail.example.com systemd[1]: Stopped Amavis mail content checker. Jan 19 09:54:08 mail.example.com systemd[1]: amavisd.service: Start request repeated too quickly. Jan 19 09:54:08 mail.example.com systemd[1]: amavisd.service: Failed with result 'exit-code'. Jan 19 09:54:08 mail.example.com systemd[1]: Failed to start Amavis mail content checker. I saw several older posts stating that amavisd.conf needed to have $myhostname set to a FQDN - mine is: Code: $myhostname = 'mail.example.com'; i do see this error in /var/log/maillog: Code: Jan 19 03:25:02 mail postfix/sendmail[223732]: warning: /etc/postfix/main.cf, line 803: overriding earlier entry: content_filter=amavis:[127.0.0.1]:10024 but i don't see any "content_filter" lines in the main.cf file - just that one at 803. everything else in the log file looks fine. any thoughts?
This might help you: https://serverfault.com/questions/8...-repeated-too-quickly-refusing-to-start-limit https://unix.stackexchange.com/ques...equest-repeated-too-quickly-on-custom-service
thanks - i found the second link already, but didn't think it really applied as that person was creating a custom service, and apparently did it wrong am i missing something there? the first one just makes it sound like the service just needs to be paused between restarts ,which my script does. but if it's failing and auto-restarting, then I'm assuming the failure is the main issue, not the restart pause. I'll play there though later today. is there a way to get amavisd to spew more details about the failure?
getting back to this. stopped and started amavisd.service manually, and there are zero lines written to the /var/log/maillog file. I did check the mail queue, and all the "your account has been created" emails are waiting to send out, but it complains that it cant because Code: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused so it's clearly not running
so I found this error in the messages log file: Code: Error reading config file "/etc/amavisd/amavisd.conf": Permission denied at /usr/share/perl5/vendor_perl/Amavis/Conf.pm line 1995 looking at my CentOS 8 system, it has permissions of Code: -r-------- 1 root root 34463 Nov 1 2022 amavisd.conf while the new RL9.3 system has Code: -rw-r----- 1 root root 34465 Jan 19 02:09 amavisd.conf i did a “chmod 400” on the file, and tried restarting, and got the same error. I also compared the amavis/clam groups on the CentOS 8 machine with the RL9.3 machine, and they are the same as well.
Try to change the file ownershipt to the user and group that amavis runs at. if this does not help, check permissions of /etc/amavisd folder.
on both system (CentOS 8 [working] and Rocky Linux 9.3 [not working]), both the /etc/amavisd/amavisd.conf and the /etc/clamd.d/amavisd.conf files list the "amavis" user and group as the user they run under. here are the folder/file permissions on each system: Code: old: drwxr-xr-x 2 root root 90 Jan 19 10:26 amavisd/ new: drwxr-xr-x 2 root root 62 Jan 23 14:15 amavisd/ old: -r-------- 1 root root 34463 Nov 1 2022 /etc/amavisd/amavisd.conf new: -r-------- 1 root root 34465 Jan 19 02:09 /etc/amavisd/amavisd.conf i tried changing the ownership of /etc/amavisd/amavisd.conf to amavis.amavis - did not work i tried changing the ownership of /etc/amavisd/ to amavis.amavis - did not work i've changed them both back to root.root ownership
well, this is annoying. i removed amavisd-new, rebooted, reinstalled it, only edited the "LocalSocket /var/spool/amavisd/clamd.sock" line of the /etc/amavisd/amavisd.conf file, and then restarted amavisd without an error. I just used "mail" and "mutt" to send out messages from the command line, and both of them went through. So not sure what the problem was, but it appears to be working now. Thanks for the help. Until I get this set up with real DNS entries pointing to it, i can't test it fully, but looks like it's working.
I am running Oracle Linux 9.3 and ran into the same exact issue. Removing amavisd-new, rebooting, reinstalling, enabling/starting, and editing the "Local Socket" followed by a reboot fixed my error. Thanks @jnewman67, your post on both locations helped me out a lot!
It's rare that I get to return the favors the internet has offered me, so glad you found it useful! As a general followup, in one of my other posts, i detailed all the differences from CentOS 8 that are required to get things installed and running under Rocky 9.3, and have a system I'm about to go live with for email. It all seems to be working as expected from my early testing - I'll be upgrading my other servers if that turns out to run well.
I kid you not - i just ran into this issue today after doing an update to a CentOS 8.x machine - actually had to look up my own answer because I couldn't remember the fix. Thanks for jogging my memory - a 3 hour fight turned into 10 minutes FYI - same fix for CentOS 8.x - uninstall amavisd-new, reboot, reinstall, modify amavisd.conf LocalSocket line, restart service, fixed Code: change the line: LocalSocket /run/clamd.amavisd/clamd.sock to LocalSocket /var/spool/amavisd/clamd.sock
I'll see if I can add official support for newer RHEL-based distributions again in the future. The main problem with the RHEL ecosystem is its fragmentation and the lack of a central repository for all packages; this often leads to problems when users mix in different repos and then suddenly get packages replaced from a different repo that uses another config or socket file path.
@jnewman67 I did do that when I first installed it prior to installing ISPConfig. At the end of the ISPConfig install when it restarts the services is where it ran into the problem and amavisd failed, but an uninstall/re-install fixed the issue. I didn't, but I should have looked at that configuration file to see what changes the installer made. I still have the base image that I saved, it is a base setup up to the point where you download and run the installer. I might go ahead and load it back up and do another install to see what those changes are. I don't have time today, but maybe this weekend... Jason
Understood. However, in my case - and maybe you can make this stipulation - I only use your Perfect Server guides to set up a machine. ISPConfig is 99% of my reason for setting up a server in the first place, so for me, I'm not interested in deviating from that base install as it may risk the integrity of my system and the services it provides. If I have some need for a server with another purpose, or that requires some other packages that might conflict (which is RARE), i'll just build another server using the recommendations for that software. Poeple seriously installing ISPConfig should have similar concerns, and should understand that sticking within the realm of the Perfect Server requirements is what it's tested under - deviate at your own risk. Dictate the repos that need to be used - they should expect issues if they don't.
Code: https://forum.howtoforge.com/threads/ispconfig3-on-rocky-linux-9.89493/ thats the link for the post where i detail more of the specifics that changed between the Perfect Server 8 CentOS and the Rocky Linux 9.x/9.4 installation procedures. just got done building a RL 9.4 server, and it went rather smoothly, some of the missing stuff is fixed. from an installation point, no real concerns making this a production server after a little testing (mainly email and website hosting - nothing fancy) python2, mod_python and Mailman seem to be the packages that aren't supported, for whatever reason. they don't affect me, so not worrying about it now.
it installed without an issue (no errors) but as it's not live yet, i can't say it's "working" Code: rpm -qa | grep fail2ban fail2ban-selinux-1.0.2-12.el9.noarch fail2ban-server-1.0.2-12.el9.noarch fail2ban-firewalld-1.0.2-12.el9.noarch fail2ban-sendmail-1.0.2-12.el9.noarch fail2ban-1.0.2-12.el9.noarch fail2ban-systemd-1.0.2-12.el9.noarch and i don't think I actually turned on iptables, so I just did that (i'll have to go look at my notes) Code: systemctl enable iptables systemctl start iptables same thing with fail2ban Code: systemctl enable fail2ban systemctl start fail2ban Code: iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination Code: systemctl status fail2ban ● fail2ban.service - Fail2Ban Service Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: disabled) Active: active (running) since Tue 2024-07-16 15:43:41 EDT; 3 days ago Docs: man:fail2ban(1) Main PID: 12283 (fail2ban-server) Tasks: 11 (limit: 100112) Memory: 19.7M CPU: 7min 34.106s CGroup: /system.slice/fail2ban.service └─12283 /usr/bin/python3 -s /usr/bin/fail2ban-server -xf start so it doesn't look like there are any issues, but maybe someone else will see something I missed.
