long time ispconfig 2 user, first time ispconfig 3 implementor. others might know about this issue, but I had a non-easy time solving this, so I'm posting this so others might have a easier time if they run into this same issue. after following the perfect server 14.04 dovecot bind (thanks falko) and it running fine for a week or so as I was transfering my ispconfig 2/ubuntu 10.04 web/email over to the new ispconf 3/ubuntu 14.04 system, I did a sa-update due to "DNS_FROM_AHBL_RHSBL" going bad: # sa-update restarted amavis via # service amavis restart noticed that mail was queuing up and amavisd was not running. # netstat -tlnp | grep 10024 mail.log showed incoming was being deferred with 127.0.0.1 connection refused. I discovered what I think was a mess up of perms starting at the dir tree: /var/lib/spamassassin I suspect by sa-update. after many hours I came up with a solution that seems to work; after the sa-update, I now do: # sa-update # find /var/lib/spamassassin -type d -exec chmod 775 {} \; # chmod -R 660 /var/lib/spamassassin/* # find /var/lib/spamassassin -type f -exec chmod o+r {} \; # chown -R debian-spamd:debian-spamd /var/lib/spamassassin # chmod 700 /var/lib/spamassassin/sa-update-keys # chmod 600 /var/lib/spamassassin/sa-update-keys/* # service amavis restart # cat /var/log/syslog | grep -iE 'error|issue|panic|warn|fail|auth' | grep -vE '[before|no] auth' --------------------------- below are some tests/cmds/ that helped me discover the issue, which might come in handy for others: # service amavis start # /etc/init.d/amavis debug # cat /var/log/syslog | grep -iE 'error|issue|panic|warn|fail|auth' | grep -vE '[before|no] auth' # netstat -tlnp | grep 10024 noticed the perms changed on ls -l /var/lib/spamassassin/compiled/5.018/3.004000/Mail/SpamAssassin/CompiledRegexps/body_0.pm to root ... so ended up doing the perm change set above ----- tests to help confirm the perms issue: # su - amavis amavis $> cat /var/lib/spamassassin/compiled/5.018/3.004000/Mail/SpamAssassin/CompiledRegexps/body_0.pm amavis $> spamassassin --lint amavis $> spamassassin --lint -D ---- logs that I saw along the way: Jan 16 00:59:55 mail1 amavis[20767]: (!)_DIE: Can't locate Mail/SpamAssassin/CompiledRegexps/body_0.pm: Permission denied at (eval 1135) line 1.\nBEGIN failed--compilation aborted at (eval 1135) line 1. from /etc/init.d/amavis debug: config: cannot open "/var/lib/spamassassin/3.004000/updates_spamassassin_org.cf": Permission denied Jan 16 00:40:37.691 mail1.domain.tld /usr/sbin/amavisd-new[20213]: (!!)TROUBLE in pre_loop_hook: config: no rules were found! Do you need to run 'sa-update'? Suicide () TROUBLE in pre_loop_hook: config: no rules were found! Do you need to run 'sa-update'?