smpt server offline

Discussion in 'ISPConfig 3 Priority Support' started by Robertus, Aug 9, 2021.

  1. Robertus

    Robertus Member HowtoForge Supporter

    Hello,
    I installed a centos server. I've already been asking things a few month ago about the webmail. I didn't solve it then. I didn't ask further because I wasn't using the server yet. The webmail never worked. But now I need to start to use the server. I am testing the mail, in the ISPconfig panel is monitoring tab showing one services is critical, the smtp-server is critical "offline". I rebooted the server, I restarted postfix, but it looks like it doesn't even want to stop.

    [[email protected] log]# systemctl stop postfix.service
    [[email protected] log]# systemctl status postfix.service
    postfix.service - Postfix Mail Transport Agent
    Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Mon 2021-08-09 17:33:30 CEST; 2min 28s ago
    Process: 1634 ExecStop=/usr/sbin/postfix stop (code=exited, status=1/FAILURE)
    Process: 7488 ExecStart=/usr/sbin/postfix start (code=exited, status=1/FAILURE)
    Process: 7486 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
    Process: 7482 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
    Main PID: 1301 (code=killed, signal=TERM)
    aug 09 17:33:26 xxx postfix[7488]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_concurrency_limit=1
    aug 09 17:33:26 xxx postfix[7488]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_recipient_limit=1
    aug 09 17:33:26 xxx postfix[7488]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_concurrency_limit=1
    aug 09 17:33:26 xxx postfix[7488]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_recipient_limit=1
    aug 09 17:33:27 xxx postfix/master[7558]: fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable
    aug 09 17:33:28 xxx postfix/master[7557]: fatal: daemon initialization failure
    aug 09 17:33:29 xxx postfix/postfix-script[7559]: fatal: mail system startup failed
    aug 09 17:33:30 xxx systemd[1]: postfix.service: Control process exited, code=exited status=1
    aug 09 17:33:30 xxx systemd[1]: postfix.service: Failed with result 'exit-code'.
    aug 09 17:33:30 xxx systemd[1]: Failed to start Postfix Mail Transport Agent.
     
  2. Robertus

    Robertus Member HowtoForge Supporter

    ok, I killed postfix and started it again, but the smtp server remains offline. The warning about the certificate being writable for the group, is because the file is a link, the link target is set to 700


    aug 09 17:45:03 xxx postfix[8785]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_recipient_limit=1

    aug 09 17:45:03 xxx postfix[8785]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_concurrency_limit=1

    aug 09 17:45:03 xxx postfix[8785]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_recipient_limit=1

    aug 09 17:45:03 xxx postfix[8785]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_concurrency_limit=1

    aug 09 17:45:03 xxx postfix[8785]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_recipient_limit=1

    aug 09 17:45:03 xxx postfix/postfix-script[8849]: warning: group or other writable: /etc/postfix/./smtpd.cert

    aug 09 17:45:03 xxx postfix/postfix-script[8850]: warning: group or other writable: /etc/postfix/./smtpd.key

    aug 09 17:45:03 xxx postfix/postfix-script[8862]: starting the Postfix mail system

    aug 09 17:45:03 postfix/master[8864]: daemon started -- version 3.5.8, configuration /etc/postfix

    aug 09 17:45:03 xxx systemd[1]: Started Postfix Mail Transport Agent.
     
  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Your latest log indicates postfix started - you mean it is not listening on port 25 or ??
     
  4. Robertus

    Robertus Member HowtoForge Supporter

    in the isp-config panel it says the smtp server is down. I tried to configure my mail client to sent mail on port 25 but that would not let me. Also I don't receive mail. Nothing in nothing out.
     
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

  6. Robertus

    Robertus Member HowtoForge Supporter

    It seems I have missed a step in the installation, not sure where tho

    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is CentOS Linux release 8.4.2105
    
    [INFO] uptime:  11:43:03 up 19:05,  1 user,  load average: 0,21, 0,06, 0,02
    
    [INFO] memory:
                  total        used        free      shared  buff/cache   available
    Mem:          3,8Gi       2,3Gi       155Mi       206Mi       1,4Gi       1,1Gi
    Swap:         1,0Gi       3,0Mi       1,0Gi
    
    [INFO] systemd failed services status:
      UNIT                           LOAD   ACTIVE SUB    DESCRIPTION         
    ● systemd-vconsole-setup.service loaded failed failed Setup Virtual Console
    
    LOAD   = Reflects whether the unit definition was properly loaded.
    ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
    SUB    = The low-level unit activation state, values depend on unit type.
    
    1 loaded units listed. Pass --all to see loaded but inactive units, too.
    To show all installed unit files use 'systemctl list-unit-files'.
    
    [INFO] ISPConfig is installed.
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.5
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.4.22
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.22
    ##### PORT CHECK #####
    [WARN] Port 25 (SMTP server) seems NOT to be listening
    [WARN] Port 25 (SMTP server) seems NOT to be listening
    ##### MAIL SERVER CHECK #####
    [WARN] I found no "smtp" entry in your postfix master.cf
    
    ##### RUNNING SERVER PROCESSES #####
    [INFO] I found the following web server(s):
        Unknown process (httpd) (PID 792)
    [WARN] I could not determine which mail server is running.
    [INFO] I found the following pop3 server(s):
        Dovecot (PID 1373)
    [INFO] I found the following imap server(s):
        Dovecot (PID 1373)
    [INFO] I found the following ftp server(s):
        PureFTP (PID 800)
    ##### LISTENING PORTS #####
    (only        ()
    Local        (Address)
    [anywhere]:22        (1351/sshd)
    [anywhere]:993        (1373/dovecot)
    [anywhere]:995        (1373/dovecot)
    [localhost]:10024        (1316/amavisd)
    [localhost]:10025        (8864/master)
    [localhost]:10026        (1316/amavisd)
    [localhost]:10027        (8864/master)
    [anywhere]:587        (8864/master)
    [anywhere]:110        (1373/dovecot)
    [anywhere]:143        (1373/dovecot)
    [anywhere]:465        (8864/master)
    [anywhere]:21        (800/pure-ftpd)
    *:*:*:*::*:22        (1351/sshd)
    *:*:*:*::*:443        (792/httpd)
    *:*:*:*::*:993        (1373/dovecot)
    *:*:*:*::*:995        (1373/dovecot)
    *:*:*:*::*:10024        (1316/amavisd)
    *:*:*:*::*:10026        (1316/amavisd)
    *:*:*:*::*:3306        (887/mysqld)
    *:*:*:*::*:587        (8864/master)
    [localhost]10        (1373/dovecot)
    [localhost]43        (1373/dovecot)
    *:*:*:*::*:8080        (792/httpd)
    *:*:*:*::*:80        (792/httpd)
    *:*:*:*::*:465        (8864/master)
    *:*:*:*::*:8081        (792/httpd)
    *:*:*:*::*:21        (800/pure-ftpd)
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination       
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination       
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination       
    Chain f2b-sshd (1 references)
    target     prot opt source               destination       
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0         
    
    
    
    
    
    ##### LET'S ENCRYPT #####
    
    acme.sh is installed in /root/.acme.sh/acme.sh
     
    Last edited: Aug 10, 2021
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Compare with the Perfect Server Guide what you have in Postfix configuration.
     
  8. Robertus

    Robertus Member HowtoForge Supporter

    yes, did that, but I don't see any difference.
    This is in my master.cf

    Code:
    submission inet n       -       n       -       -       smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o syslog_name=postfix/submission
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       n       -       -       smtpd
     -o syslog_name=postfix/smtps
     -o smtpd_tls_wrappermode=yes
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    I think that is the same as here in point 8
    https://www.howtoforge.com/tutorial...l-php-pureftpd-postfix-dovecot-and-ispconfig/
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the complete master.cf file.
     
  10. Robertus

    Robertus Member HowtoForge Supporter

    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master" or
    # on-line: http://www.postfix.org/master.5.html).
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (no)    (never) (100)
    # ==========================================================================
    #smtp      inet  n       -       n       -       -       smtpd
    #smtp      inet  n       -       n       -       1       postscreen
    #smtpd     pass  -       -       n       -       -       smtpd
    #dnsblog   unix  -       -       n       -       0       dnsblog
    #tlsproxy  unix  -       -       n       -       0       tlsproxy
    submission inet n       -       n       -       -       smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o syslog_name=postfix/submission
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       n       -       -       smtpd
     -o syslog_name=postfix/smtps
     -o smtpd_tls_wrappermode=yes
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o syslog_name=postfix/smtps
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       n       -       -       qmqpd
    pickup    unix  n       -       n       60      1       pickup
    cleanup   unix  n       -       n       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       n       1000?   1       tlsmgr
    rewrite   unix  -       -       n       -       -       trivial-rewrite
    bounce    unix  -       -       n       -       0       bounce
    defer     unix  -       -       n       -       0       bounce
    trace     unix  -       -       n       -       0       bounce
    verify    unix  -       -       n       -       1       verify
    flush     unix  n       -       n       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       n       -       -       smtp
    relay     unix  -       -       n       -       -       smtp
            -o syslog_name=postfix/$service_name
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       n       -       -       showq
    error     unix  -       -       n       -       -       error
    retry     unix  -       -       n       -       -       error
    discard   unix  -       -       n       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       n       -       -       lmtp
    anvil     unix  -       -       n       -       1       anvil
    scache    unix  -       -       n       -       1       scache
    postlog   unix-dgram n  -       n       -       1       postlogd
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    #maildrop  unix  -       n       n       -       -       pipe
    #  flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    #  mailbox_transport = lmtp:inet:localhost
    #  virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus     unix  -       n       n       -       -       pipe
    #  flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    #
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    #uucp      unix  -       n       n       -       -       pipe
    #  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # ====================================================================
    #
    # Other external delivery methods.
    #
    #ifmail    unix  -       n       n       -       -       pipe
    #  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    #
    #bsmtp     unix  -       n       n       -       -       pipe
    #  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
    #
    #scalemail-backend unix -       n       n       -       2       pipe
    #  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
    #  ${nexthop} ${user} ${extension}
    #
    #mailman   unix  -       n       n       -       -       pipe
    #  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    #  ${nexthop} ${user}
    dovecot   unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
            -o smtp_bind_address=
    
    
    127.0.0.1:10025 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o smtpd_end_of_data_restrictions=
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
            -o disable_dns_lookups=yes
    
    
    127.0.0.1:10027 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o smtpd_end_of_data_restrictions=
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
            -o milter_default_action=accept
            -o milter_macro_daemon_name=ORIGINATING
            -o disable_dns_lookups=yes
    
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Remove the # in front of the line:

    Code:
    #smtp      inet  n       -       n       -       -       smtpd
    and restart postfix
     
  12. Robertus

    Robertus Member HowtoForge Supporter

    did that, but it didn't solve the issue

    edit: Sorry, holdon, I was to impatient I guess
     
  13. Robertus

    Robertus Member HowtoForge Supporter

    ISPconfig now says the SMTP-server is running.

    Receiving mail works. I have added the mail account for receiving in my gmail account. There is still something, gmail is downloading the mails but I don't see them, but when I search for them I do see them.

    But sending there won't work.
    I did something wrong creating the certificate, I get this message:
    Code:
    the server returned an error: "TLS Negotiation failed, the certificate doesn't match the host., code: 0"
     
  14. Robertus

    Robertus Member HowtoForge Supporter

  15. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  16. Robertus

    Robertus Member HowtoForge Supporter

    I used: ispconfig_update.sh --force
    my hostname is nu-vliegen.nl this is not the server name it is a dns-entry. I used that as the name when I was creating the certificate. But I get the same error. Do I need to do something with cache?
     
  17. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    The hostname should be a FQDN, so not the full domain, but your domain with a subdomain like server1.example.com.
     
  18. Robertus

    Robertus Member HowtoForge Supporter

    so like this?
    <server's hostname>.my-url.nl
    ?
     
  19. Robertus

    Robertus Member HowtoForge Supporter

    ok, I tried several things, I updated the certificate 4 times. With <servers-hostname>.my-url.nl, with mail.my-url.nl other things I could think of. But I still get the same error. I can't get is to work.
     
  20. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    What did you do exactly? Can you take use through your steps?
     

Share This Page