hi all, after upgrading ubuntu to the latest LTS version and upgrading ISPConfig, I cannot send nor receive emails any more. I discovered that amavis was not installed and even running ISPConfig update script with --force and have services reconfigured didnt help. it seems Ispconfig setup even with reconfigure dooesnt check for missing services. After I installed amavis and run the updater with reconfigure again, it did do something with amavis: Operating System: Ubuntu 22.04.4 LTS (Jammy Jellyfish) This application will update ISPConfig 3 on your server. Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: yes Creating backup of "/usr/local/ispconfig" directory... Creating backup of "/etc" directory... Creating backup of "/root/.acme.sh" directory... Creating backup of "/etc/letsencrypt" directory... Checking MariaDB version 10.6.18 .. OK Checking ISPConfig database .. OK Starting incremental database update. Loading SQL patch file: /tmp/update_runner.sh.kSiMeEIz1I/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: yes Reconfigure Services? (yes,no,selected) [yes]: yes Configuring Postfix Configuring Dovecot Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring BIND Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring Ubuntu Firewall Configuring Database Updating ISPConfig ISPConfig Port [8080]: Create new ISPConfig SSL certificate (yes,no) [no]: Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Update finished. Now that amavis is installed and running, I can see it receives the emails, but then tries to connect to 127.0.0.1:* and fails. How can a connection to an IP ever success without any port? Does anybody know how to fix this? Thank you! Systemlog when me sending an Email via a mailbox on the server using Outlook: Aug 9 14:21:46 server postfix/submission/smtpd[1585769]: connect from xxxxx[xx.xxx.xxx.xxx] Aug 9 14:21:46 server postfix/submission/smtpd[1585769]: warning: connect to Milter service inet:localhost:11332: Connection refused Aug 9 14:21:46 server postfix/submission/smtpd[1585769]: NOQUEUE: filter: RCPT xxx.xx [xx.xxx.xxx.xxx]: <[email protected]>: Sender address triggers FILTER lmtp:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<SmtpClientHostName> Aug 9 14:21:47 server postfix/submission/smtpd[1585769]: 06658180562: client=xxxxx[xx.xxx.xxx.xxx], sasl_method=LOGIN, [email protected] Aug 9 14:21:47 server postfix/cleanup[1585777]: 06658180562: message-id=<[email protected]> Aug 9 14:21:47 server postfix/qmgr[1585407]: 06658180562: from=<[email protected]>, size=2715, nrcpt=1 (queue active) Aug 9 14:21:47 server named[1585665]: success resolving 'DestinationDomain.com.fresh.fmb.la/A' after disabling qname minimization due to 'ncache nxdomain' Aug 9 14:21:47 server amavis[1585442]: (1585442-01) (!)connect to 127.0.0.1:* failed, attempt #1: Can't connect to socket 127.0.0.1:* using module IO::Socket::IP: Connection refused Aug 9 14:21:47 server amavis[1585442]: (1585442-01) (!)KtyBn2Wrr7WG FWD from <[email protected]> -> <[email protected]>, 451 4.5.0 From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:127.0.0.1:*): id=1585442-01 Aug 9 14:21:47 server amavis[1585442]: (1585442-01) Blocked MTA-BLOCKED {TempFailedOutbound}, ORIGINATING LOCAL [127.0.0.1] [xx.xxx.xxx.xxx] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: KtyBn2Wrr7WG, Hits: -0.898, size: 2681, 668 ms Amavis logs while sending and receiving emails: Aug 09 14:25:41 server amavis[1585443]: (1585443-04) Blocked MTA-BLOCKED {TempFailedInbound}, [127.0.0.1] [149.72.23.238] <bounces+27272023-2282-receivingEmailAddress=receivingDomain.com@em7636.senderDomain> -> <[email protected]>, Message-ID: <7> Aug 09 14:25:42 server amavis[1585443]: (1585443-05) (!)connect to 127.0.0.1:* failed, attempt #1: Can't connect to socket 127.0.0.1:* using module IO::Socket::IP: Connection refused Aug 09 14:25:42 server amavis[1585443]: (1585443-05) (!)k3NTp4ZAZysq FWD from <[email protected]> -> <[email protected]>, 451 4.5.0 From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:127.0.0.1:*): id=1585443-05 Postfix MASTER.cf: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} Postfix MAIN.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # See COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_security_level = may smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level = dane smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination myhostname = server.domain.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = server.domain.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unixrivate/quota-status smtpd_use_tls = yes transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_reject_unlisted_sender = no smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining , permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = lmtp:unixrivate/dovecot-lmtp header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384HE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHAES-CBC3-SHA tls_preempt_cipherlist = yes address_verify_negative_refresh_time = 60s enable_original_recipient = no sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd smtp_sender_dependent_authentication = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_tls_security_options = noanonymous smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS address_verify_sender_ttl = 15686s smtp_dns_support_level = dnssec dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_milters = inet:localhost:11332 non_smtpd_milters = inet:localhost:11332 milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_default_action = accept message_size_limit = 0 authorized_flush_users = authorized_mailq_users = nagios, icinga smtputf8_enable = no can somebody please help me out here? all my inbound and outbound emails are not working any more Thank you!!!
First, take care you ran an ispconfig update after you installed Amavis. If you did that, restart Amavis to find out why it fails to start. Also, are you sure you have a Amavis based system and not Rspamd, as all recently installed systems use Rspamd.
Hi Till, yes I did run the ISPConfig update after installing Amavis. That's why it started appearing int he ISPConfig update log. I can stop and start amavis just fine. What do you mean with "system based" and "rspamd"? I am sorry I'm not a linux pro. can you please elaborate?
ISPConfig can use Amavis or Rspamd as a spam filter, so it could be completely right that your system had no Amavis installed because it was not a system that is using Amavis. Which tutorial did you use to install the original system and did you follow our upgrade guides tp upgrade your system? When you log into ISPConfig, which spam filter is selected under system > server config mail?
Recent ISPConfig installations do not install Amavis. Rspamd is used. What shows command Code: apt policy amavis rspamd
thank you for the explanation! Apparently my system is using Rpsamd! I have removed Amavis again and run the update --force. The system was installed years ago. I cannot remember the manual used back then, but I'm sure it was an official or trusted one. it worked well until now. upgrades also worked flawlessly until now. apt policy amavis rspamd: amavis: Installed: (none) Candidate: (none) Version table: rspamd: Installed: (none) Candidate: 2.7-1build2 Version table: 3.9.1-1~82f43560f~focal -1 100 /var/lib/dpkg/status 2.7-1build2 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages root@server:/usr/local/ispconfig/server/scripts# service rspamd status ○ rspamd.service Loaded: masked (Reason: Unit rspamd.service is masked.) Active: inactive (dead) root@server:/usr/local/ispconfig/server/scripts# service rspamd start Failed to start rspamd.service: Unit rspamd.service is masked. removing amavis again and running the upgrade script with --force reverts back to the original error: Aug 9 16:25:06 server postfix/submission/smtpd[1600078]: NOQUEUE: filter: RCPT from clientHostname[clientIP]: <sendingUser@sendingDomain>: Sender address triggers FILTER lmtp:[127.0.0.1]:10026; from=<sendingUser@sendingDomain> to=<[email protected]> proto=ESMTP helo=<hostname> Aug 9 16:25:06 server kernel: [520174.203843] [UFW BLOCK] IN=eth0 OUT= MAC=MAC SRC=clientIP DST=mailServerIP LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=30979 PROTO=TCP SPT=56683 DPT=14979 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 9 16:25:06 server postfix/submission/smtpd[1600078]: A654218049F: client=clientHostname[clientIP], sasl_method=LOGIN, sasl_username=sendingUser@sendingDomain Aug 9 16:25:06 server postfix/cleanup[1600088]: A654218049F: message-id=<007501daea67$ee8d7530$cba85f90$@sendingDomain> Aug 9 16:25:06 server postfix/qmgr[1599474]: A654218049F: from=<sendingUser@sendingDomain>, size=2734, nrcpt=1 (queue active) Aug 9 16:25:06 server postfix/lmtp[1600090]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused Aug 9 16:25:06 server postfix/lmtp[1600090]: A654218049F: to=<[email protected]>, relay=none, delay=0.13, delays=0.12/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused) Aug 9 16:25:07 server dovecot: imap-login: Login: user=<sendingUser@sendingDomain>, method=PLAIN, rip=clientIP, lip=mailServerIP, mpid=1600093, TLS, session=<0PsB6UAf6/JP36jm> Aug 9 16:25:09 server postfix/submission/smtpd[1600078]: disconnect from clientHostname[clientIP] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8 When I googled for this error: "connect to 127.0.0.1[127.0.0.1]:10026" the results mentioned amavis, which is why I started debugging amavis.
How that I know I'm looking at Rspamd, I googled specificly for it and found a post where you Till recommended to set the ContentFilter to Amavis and back to Spamd. This actually fixed it! Thank you!
