As instructed by Till (http://www.howtoforge.com/forums/showpost.php?p=266993&postcount=40) I am creating this new thread (similar to http://www.howtoforge.com/forums/showpost.php?p=266984&postcount=38 and http://www.howtoforge.com/forums/showpost.php?p=266984&postcount=40).


Since ISPConfig 3.0.4 supports SNI, I upgraded but the upstream CentOS5 repository does not provide Apache above 2.2.12 and Openssl-0.9.8f upwards. So I manually compiled the binaries from source and upgraded to Apache 2.2.21 and 1 with backward compatibility to 0.9.8f.


But when I tried to create a ssl certificate from the ISPCOnfig3 panel, it goes well but nothing seems to have been created as the SSL Certificate field not only remained blank, but the webserver died. Or I just missed something.

The error log follows:

# tail -n 50 /var/log/httpd/error_log
[Mon Nov 07 03:27:07 2011] [notice] Digest: done
[Mon Nov 07 03:27:08 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 07 03:27:08 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Mon Nov 07 03:27:08 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Mon Nov 07 04:04:20 2011] [notice] mod_fcgid: call /var/www/MYDOMAIN.TLD/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Mon Nov 07 10:10:35 2011] [notice] caught SIGTERM, shutting down
[Mon Nov 07 10:10:35 2011] [notice] mod_fcgid: process /var/www/MYDOMAIN.TLD/web/index.php(26991) exit(shutting down), terminated by calling exit(), return code: 0
[Mon Nov 07 10:10:36 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Nov 07 10:10:36 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 07 10:10:36 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Mon Nov 07 10:10:36 2011] [notice] Digest: generating secret for digest authentication ...
[Mon Nov 07 10:10:36 2011] [notice] Digest: done
[Mon Nov 07 10:10:37 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 07 10:10:37 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Mon Nov 07 10:10:37 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Mon Nov 07 10:34:42 2011] [notice] mod_fcgid: call /var/www/MYDOMAIN.TLD/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Tue Nov 08 00:36:44 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:36:44 2011] [notice] mod_fcgid: process /var/www/MYDOMAIN.TLD/web/index.php(19240) exit(shutting down), terminated by calling exit(), return code: 0
[Tue Nov 08 00:36:45 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:36:46 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 00:36:46 2011] [notice] Digest: done
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:36:47 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 00:37:50 2011] [notice] mod_fcgid: call /var/www/MYDOMAIN.TLD/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Tue Nov 08 00:42:43 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:42:43 2011] [notice] mod_fcgid: process /var/www/MYDOMAIN.TLD/web/index.php(11177) exit(shutting down), terminated by calling exit(), return code: 0
[Tue Nov 08 00:42:44 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
Use of uninitialized value in alarm at /usr/local/ispconfig/server/scripts/vlogger line 538.
[Tue Nov 08 00:42:45 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 00:42:45 2011] [notice] Digest: done
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:42:45 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 00:51:02 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:51:03 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:51:04 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:51:04 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:51:04 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 00:51:04 2011] [notice] Digest: done
[Tue Nov 08 00:51:05 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:51:05 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:51:05 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 00:52:06 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:52:07 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:52:10 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

Please note that in Centos5, I patched the libraries from Version 6 openssl.

# openssl version -a
OpenSSL 1.0.0d-fips 8 Feb 2011
built on: Mon Nov 7 23:51:57 CET 2011
platform: linux-elf
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORT$
OPENSSLDIR: "/etc/pki/tls"
engines: dynamic

I saw this thread (http://www.howtoforge.com/forums/showthread.php?t=41597) and to solve above problem, I tried with:

1) replacing the httpd.conf from the previous installation, didn't work! :-(
2) removing the NameVirutalhost:*.80 NameVirtualhost: *.443 and Include lines and changed the Directory to /var/www from default /var/www/html, the webserver starts, but gave me the default apache index pages to my domains.
3) So I did 'php -q update' with new ssl certificate, but when it reconfigures services, the running webserver segfaults.
4) Also tried to disable default certificates in /etc/httpd/conf.d/ssl.conf, but it prevents the server from starting.

Any hints or help appreciated! Thanks!

I guess the problem is related to your new openssl / apache etc. packages and not to the uspconfig update. Have you tried to to create a new ssl cert manually to see if openssl works at all?

Yes, I did create the ssl manaully by creating /etc/httpd/ssl directory and openssl works fine. Also made ssl related changes in the /etc/httpd/conf/sites-available/ispconfig.vhost, yet the server dies with the following log:

[Tue Nov 08 15:20:01 2011] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/
[Tue Nov 08 15:25:02 2011] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/
[Tue Nov 08 15:28:06 2011] [error] [client 61.135.249.162] Directory index forbidden by Options directive: /var/www/
[Tue Nov 08 15:30:02 2011] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/
[Tue Nov 08 15:31:51 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 15:32:02 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

Continue to dig the problem, anyway because this is in production server :-(

The file /etc/httpd/conf/sites-available/ispconfig.vhost is managed by the ispconfig installer and should not be edited manually. So which exact changes did you do there that caused apache to fail?

The messages in the log you posted are not related to ssl and they are no errors that may cause apache to fail.

If a server fails due to a ssl certificate problem, then follow these steps to resolve that:

1) Delete the symlink of the website where you enabled the ssl certificate in the sites-enabled directory.
2) Start apache
3) Login to ispconfig and idsable the ssl checkbox for the site and click save.

Then you can create new ssl certificates in ispconfig. Almost all errors related to ssl certificate creation are caused by using any special chars in the ssl fields as openssl is picky about that and will not create a ssl cert then. Better use only characters a-z and 0-9.

The file /etc/httpd/conf/sites-available/ispconfig.vhost is managed by the ispconfig installer and should not be edited manually. So which exact changes did you do there that caused apache to fail?

The messages in the log you posted are not related to ssl and they are no errors that may cause apache to fail.

I followed http://www.faqforge.com/linux/controlpanels/ispconfig3/enable-ssl-for-the-ispconfig-3-controlpanel/ to make the changes.

Actually I tried to create a certificate for a virtual domain and it created problem.

Your second reply above helped me to restart the httpd server. However, SNI/SSL does not seem to be working with the newly created certificate.

/var/log/httpd/error.log states:

[Tue Nov 08 16:01:18 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 16:01:52 2011] [notice] mod_fcgid: call /var/www/thehumanape.org/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Tue Nov 08 16:02:02 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 16:02:03 2011] [notice] mod_fcgid: process /var/www/mydomain.tld/web/index.php(6375) exit(shutting down), terminated by calling exit(), return code: 0
[Tue Nov 08 16:02:13 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 16:02:16 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 16:02:16 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 16:02:16 2011] [notice] Digest: done
[Tue Nov 08 16:02:17 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations


and /var/log/httpd/ssl_error.log states almost nothing (last few lines among several):

[Tue Nov 08 16:01:14 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 16:01:17 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 16:01:18 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 16:02:16 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 16:02:17 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)


Just wondering how to make SNI work with a single IP to cater several ssl connections to virtual domains?

I followed http://www.faqforge.com/linux/contro...-controlpanel/ to make the changes.

Thats for ISPConfoig < 3.0.3 only (see first sentence of the guide), as ISPConfig 3.0.3 and later use different ssl paths and have the ssl cert creation included into the installer. Please undo the changes that you did in the ispconfig.vhost file.

Actually I tried to create a certificate for a virtual domain and it created problem.

I posted you instructions to solve that above.

While trying to fix the SNI stuffs, now the mailserver broke down with:

Nov 8 16:35:17 server1 postfix/smtpd[12310]: warning: SASL: Connect to private/auth failed: No such file or directory
Nov 8 16:35:17 server1 postfix/smtpd[12310]: fatal: no SASL authentication mechanisms
Nov 8 16:35:18 server1 postfix/master[12303]: warning: process /usr/libexec/postfix/smtpd pid 12310 exit status 1
Nov 8 16:35:18 server1 postfix/master[12303]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling


:-( fyi

The dovecot auth socket is missing which normally means that dovecot is not running, try to restart dovecot and check the maillog for errors. The openssl library is used by many services on a system, so if you updated it this might break other applications that use openssl.

nope, I am using courier-imap. and it is running:

[root@server1 install]# netstat -ntlp | grep courier*
tcp 0 0 :::993 :::* LISTEN 15102/couriertcpd
tcp 0 0 :::995 :::* LISTEN 15114/couriertcpd
tcp 0 0 :::110 :::* LISTEN 15108/couriertcpd
tcp 0 0 :::143 :::* LISTEN 15095/couriertcpd

I also tried to remove the imap and pop certificates and recreated new in /usr/lib/courier-imap/share/ folder, but the problem persists. :-(

Your server seems to be configured for dovecot though. Please post the output of:

which dovecot

Make a backup of the postfix main.cf file, search for the lines:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

and comment them out. Then searc for the line:

virtual_transport = dovecot

and change it to:

virtual_transport = maildrop

and then restart postfix.

Thanks Till.

Your server seems to be configured for dovecot though. Please post the output of:

which dovecot

[QUOTE]/usr/bin/which: no dovecot in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/lib/courier-imap/sbin:/usr/lib/courier-imap/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)


smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

No idea how come dovecot appeared in my main.cf? hmmmmm...


virtual_transport is already maildrop

Postfix restared, can send emails but not receive!

Postfix restared, can send emails but not receive!

Please post the errors from the maillog.

# tail -n 20 /var/log/maillog

Nov 8 18:05:05 server1 postfix/smtpd[2256]: lost connection after CONNECT from server1.freeregistrar.net[127.0.0.1]
Nov 8 18:05:05 server1 postfix/smtpd[2256]: disconnect from server1.freeregistrar.net[127.0.0.1]
Nov 8 18:05:07 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:05:07 server1 imapd: LOGIN, user=my@email.tld, ip=[::ffff:127.0.0.1], port=[33924], protocol=IMAP
Nov 8 18:05:07 server1 imapd: LOGOUT, user=my@email.tld, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4102, time=0
Nov 8 18:05:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:05:19 server1 imapd: LOGIN, user=my@email.tld, ip=[::ffff:127.0.0.1], port=[33931], protocol=IMAP
Nov 8 18:05:19 server1 imapd: LOGOUT, user=my@email.tld, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4102, time=0
Nov 8 18:06:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:06:20 server1 imapd: LOGIN, user=my@email.tld, ip=[::ffff:127.0.0.1], port=[33935], protocol=IMAP
Nov 8 18:06:20 server1 imapd: LOGOUT, user=my@email.tld, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4102, time=0
Nov 8 18:07:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:07:19 server1 imapd: LOGIN, user=my@email.tld, ip=[::ffff:127.0.0.1], port=[34322], protocol=IMAP
Nov 8 18:07:19 server1 imapd: LOGOUT, user=my@email.tld, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4102, time=0
Nov 8 18:08:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:08:19 server1 imapd: LOGIN, user=my@email.tld, ip=[::ffff:127.0.0.1], port=[34333], protocol=IMAP
Nov 8 18:08:19 server1 imapd: LOGOUT, user=my@email.tld, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4102, time=0
Nov 8 18:09:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:09:19 server1 imapd: LOGIN, user=my@email.tld, ip=[::ffff:127.0.0.1], port=[34344], protocol=IMAP
Nov 8 18:09:19 server1 imapd: LOGOUT, user=my@email.tld, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4102, time=0

#getenforce
Disabled

#netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 server1.myhostdomain.:smtp *:* LISTEN 29088/sendmail: MTA
tcp 0 0 server1.myhostdomain:10024 *:* LISTEN 15025/amavisd (mast
tcp 0 0 server1.myhostdomain:10025 *:* LISTEN 380/master
tcp 0 0 server1.myhostdomain.:7787 *:* LISTEN 16961/ruby
tcp 0 0 server1.myhostdomain:dyna-access *:* LISTEN 15048/clamd
tcp 0 0 server1.myhostdomain:submission *:* LISTEN 23021/sendmail: MTA
tcp 0 0 *:sunrpc *:* LISTEN 4939/portmap
tcp 0 0 *:http *:* LISTEN 22973/apache2
tcp 0 0 *:ftp *:* LISTEN 15148/pure-ftpd (SE
tcp 0 0 192.168.122.1:domain *:* LISTEN 2903/dnsmasq
tcp 0 0 server1.myhostdomain.:7767 *:* LISTEN 17008/ruby
tcp 0 0 server1.myhostdomain.n:ipp *:* LISTEN 6255/cupsd
tcp 0 0 *:remoteware-cl *:* LISTEN 16974/ruby
tcp 0 0 *:smtp *:* LISTEN 380/master
tcp 0 0 *:921 *:* LISTEN 4979/rpc.statd
tcp 0 0 *:ssh *:* LISTEN 23038/sshd
tcp 0 0 server1.myhostdomain:48283 *:* LISTEN 16974/ruby
tcp 0 0 server1.myhostdomain.:7787 server1.myhostdomain:40313 ESTABLISHED 16961/ruby
tcp 0 0 server1.myhostdomain:34605 server1.myhostdomain:mysql ESTABLISHED 15046/amavisd (ch1-
tcp 0 0 server1.myhostdomain:56436 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.myhostdomain:56433 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.myhostdomain:56432 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.myhostdomain:56435 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.myhostdomain:56434 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.myhostdomain:56429 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.myhostdomain:56428 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.myhostdomain:56431 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.myhostdomain:56430 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.myhostdomain:56425 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.myhostdomain:56427 server1.myhostdomain.:7767 TIME_WAIT -
tcp 0 0 server1.freer:remoteware-cl server1.myhostdomain:42975 TIME_WAIT -
tcp 62 0 server1.myhostdomain:52024 server1.myhostdomain:10025 CLOSE_WAIT 15046/amavisd (ch1-
tcp 0 0 server1.myhostdomain:40313 server1.myhostdomain.:7787 ESTABLISHED 16974/ruby
tcp 0 0 *:imaps *:* LISTEN 31739/couriertcpd
tcp 0 0 *:pop3s *:* LISTEN 307/couriertcpd
tcp 0 0 *:mysql *:* LISTEN 14901/mysqld
tcp 0 0 *:pop3 *:* LISTEN 301/couriertcpd
tcp 0 0 *:imap *:* LISTEN 31732/couriertcpd
tcp 0 0 *:webcache *:* LISTEN 16754/httpd
tcp 0 0 *:http *:* LISTEN 16754/httpd
tcp 0 0 *:tproxy *:* LISTEN 16754/httpd
tcp 0 0 *:ftp *:* LISTEN 15148/pure-ftpd (SE
tcp 0 0 *:ssh *:* LISTEN 6242/sshd
tcp 0 0 *:https *:* LISTEN 16754/httpd
tcp 0 0 server1.myhostdomain.:imap server1.myhostdomain:34322 TIME_WAIT -
tcp 0 0 server1.myhostdomain:mysql server1.myhostdomain:34605 ESTABLISHED 14901/mysqld
tcp 0 0 ns1.myhostdomain.net:ssh 178.199.126.212.static:56371 ESTABLISHED 14783/0
tcp 0 6720 ns1.myhostdomain.net:ssh 178.199.126.212.static:52749 ESTABLISHED 19173/1

*Please note that the sendmail is running in a container, not host.

The log lines are ok, no errors. Pleases end a email to your server and then check which error gest logged in the maillog.

I tried to send an email to the server from outside and this is what I am repeatedly getting:

# tail -f /var/log/maillog

Nov 8 18:50:03 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:50:03 server1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Nov 8 18:50:03 server1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:50:03 server1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Nov 8 18:50:03 server1 postfix/smtpd[18461]: connect from server1.MYHOSTDOMAIN.TLD[127.0.0.1]
Nov 8 18:50:03 server1 postfix/smtpd[18461]: lost connection after CONNECT from server1.MYHOSTDOMAIN.TLD[127.0.0.1]
Nov 8 18:50:03 server1 postfix/smtpd[18461]: disconnect from server1.MYHOSTDOMAIN.TLD[127.0.0.1]
Nov 8 18:50:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:50:19 server1 imapd: LOGIN, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], port=[55101], protocol=IMAP
Nov 8 18:50:19 server1 imapd: LOGOUT, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4106, time=0
Nov 8 18:51:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:51:19 server1 imapd: LOGIN, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], port=[55112], protocol=IMAP
Nov 8 18:51:19 server1 imapd: LOGOUT, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4106, time=0
Nov 8 18:52:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:52:19 server1 imapd: LOGIN, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], port=[38036], protocol=IMAP
Nov 8 18:52:19 server1 imapd: LOGOUT, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4106, time=0
Nov 8 18:52:33 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:52:33 server1 imapd: LOGIN, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], port=[38037], protocol=IMAP
Nov 8 18:52:33 server1 imapd: LOGOUT, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4106, time=0
Nov 8 18:53:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:53:19 server1 imapd: LOGIN, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], port=[38050], protocol=IMAP
Nov 8 18:53:19 server1 imapd: LOGOUT, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4106, time=0
Nov 8 18:54:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:54:19 server1 imapd: LOGIN, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], port=[38065], protocol=IMAP
Nov 8 18:54:19 server1 imapd: LOGOUT, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4106, time=0
Nov 8 18:54:38 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:54:38 server1 imapd: LOGIN, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], port=[38066], protocol=IMAP
Nov 8 18:54:38 server1 imapd: LOGOUT, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4106, time=0
Nov 8 18:54:40 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:54:40 server1 imapd: LOGIN, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], port=[38067], protocol=IMAP
Nov 8 18:54:41 server1 imapd: LOGOUT, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], headers=352, body=32053, rcvd=348, sent=33908, time=1
Nov 8 18:55:02 server1 postfix/smtpd[19214]: connect from server1.MYHOSTDOMAIN.TLD[127.0.0.1]
Nov 8 18:55:02 server1 postfix/smtpd[19214]: lost connection after CONNECT from server1.MYHOSTDOMAIN.TLD[127.0.0.1]
Nov 8 18:55:02 server1 postfix/smtpd[19214]: disconnect from server1.MYHOSTDOMAIN.TLD[127.0.0.1]
Nov 8 18:55:02 server1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:55:02 server1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Nov 8 18:55:02 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:55:02 server1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Nov 8 18:55:14 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:55:14 server1 imapd: LOGIN, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], port=[38084], protocol=IMAP
Nov 8 18:55:14 server1 imapd: LOGOUT, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], headers=259, body=0, rcvd=548, sent=5876, time=0
Nov 8 18:55:19 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:55:19 server1 imapd: LOGIN, user=ME@MYDOMAIN.TLD, ip=[::ffff:127.0.0.1], port=[38085], protocol=IMAP
Nov 8 18:55:19 server1 imapd: LOGOUT, user=ME@MYDOMAIN.TLD, ip=[::Nov 8 18:55:02 server1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:55:02 server1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Nov 8 18:55:02 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Nov 8 18:55:02 server1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Nov 8 18:55:14 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
ffff:127.0.0.1], headers=0, body=0, rcvd=79, sent=4102, time=0


But the mail from outside is never delivered! :-(

The mail from outsude never reached your server. According to the logfile, no external system tried to contact your server. You should check your dns records and firewall.

I will check the DNS records. But it was a working system before I upgraded to 3.0.4 perfectly.

I encountered a similar problem when upgraded from 3.0.0.2 to 3.0.3.3. It was fixed. I just upgraded to 3.0.4 for SNI support. In recent times, upgrading ISPConfig in a production server seems not out of chaos!

In recent times, upgrading ISPConfig in a production server seems not out of chaos!

I dont think so. There are several thousand successfull upgrades already to 3.0.4, also all my servers upgraded without a single problem by just running ispconfig_update.sh. Its sad to see that your upgrade failed and I will try to help you to find the problem, but you should be aware that you not only installed a ispconfig update, you also installed and compiled a lot of system software at the same time and the software versions and compile settings that you used to install the software had not been tested on centos with ispconfig. The tested setup is what you find in the perfect setup guide, if you use different software or software versions, you will have to check if they and the compile settings ypu used are compatible with ispconfig.

If you had this problem already with ISPConfig 3.0.3.3, then you should post which solution you used that time so I might be able to tell you what the reason for the problem is.