1

Topic: rebuilding server

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Lubuntu 17.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

My mail server crashed when an SSD failed, and I am now rebuilding the server on a clean install of Lubuntu.
iRedMail.sh reaches "Generate Diffie Hellman Group with openssl, please wait"
I waited at least 20 minutes for it, (not enough entropy?)
So I installed rng-tools, and then Software Update said "you need to restart to use your software" so I clicked "Restart now", which I think terminated the install early.
So I tried running iRedMail.sh again and got to "Generate D-H" quickly, and seemed to complete OK.

My LAN desktop's Thunderbird was still set up to access the mail server,
so I tried sending test emails from and to my mail server's accounts.
They were sent OK, but never arrived.
Four days later "Mail Delivery System" returns started arriving.
====
Action: failed
Status: 4.4.1
Diagnostic-Code: X-Postfix; connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
====

What should be listening on port 10024?
I don't have anything that is listening on port 10024.
Is it possible to have the message failure notices returned the same day (after first failure)?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: rebuilding server

If the install was terminated early would start the install from scratch on a clean machine (I would reinstall Lubuntu and start again).

3

Re: rebuilding server

Thanks, I was afraid you were going to say that, but it looks like it just tries to install all the components (which it already has) , then the D_H generation, then configuration for the first time.
I can't bear to start again from scratch, so iRedMail is a fail.

Anything else?

4

Re: rebuilding server

iRedMail doesn't support Lubuntu (we didn't test iRedMail on it), you should choose Ubuntu or other linux/bsd distributions supported by iRedMail instead:
http://www.iredmail.org/download.html

palloy wrote:

What should be listening on port 10024?

This is Amavisd service.

5

Re: rebuilding server

@palloy started with Ubuntu too before moving to Xubuntu/ XFCE and then Lubuntu/ LXDE. Eventually got to using Debian which is far superior. If you were to use a headless server with Debian any install error that you are seeing with Lubuntu would go away.

6

Re: rebuilding server

My last post seems to be missing.
Amavis service is running and can be start/stop/reload/status OK, but Umit shows that port 10024 is never open. However port 10025 is open.
Is this the problem?

7

Re: rebuilding server

Port 10024, 10026, 9998 are Amavisd services, they must be open.
After you restart amavisd service, please check its log file (same as Postfix log file) immediately to check whether it quits immediately.

8

Re: rebuilding server

ZhangHuangbin wrote:

Port 10024, 10026, 9998 are Amavisd services, they must be open.
After you restart amavisd service, please check its log file (same as Postfix log file) immediately to check whether it quits immediately.

amavis is still running but ports 10024,  10026, 998 are closed.
port 10025 is open and replies "220  mail.palloy.earth ESTMP Postfix"

PHP script to test attached

Post's attachments

amavis.portscan.php.txt 493 b, 1 downloads since 2017-09-07 

You don't have the permssions to download the attachments of this post.

9

Re: rebuilding server

palloy wrote:

amavis is still running but ports 10024,  10026, 998 are closed.

After you restart amavisd service, please check its log file (same as Postfix log file) immediately to check whether it quits immediately.

10

Re: rebuilding server

ZhangHuangbin wrote:
palloy wrote:

amavis is still running but ports 10024,  10026, 998 are closed.

After you restart amavisd service, please check its log file (same as Postfix log file) immediately to check whether it quits immediately.

/var/log/mail.log doesn't receive any messages on "sudo service amavis restart"

11

Re: rebuilding server

Try command like this:

amavisd-new debug

12 (edited by palloy 2017-09-08 10:14:08)

Re: rebuilding server

ZhangHuangbin wrote:

Try command like this:

amavisd-new debug

I'm not sure how you meant that, but just typing it into terminal on the server I got:
Error in config file: /etc/amavis/conf.d/50-user: Can't open PEM file /var/lib/dkim/palloy.earth.pem: Permission denied at /usr/sbin/amavisd-new line 636

so I tried:
$ sudo amavisd-new debug
[...]
$ sudo service amavis restart
$ sudo amavisd-new debug

output attached, seems OK, it BINDed to 10024, 10026, 9998

Post's attachments

amavisd-new.debug.2.txt 18.2 kb, 1 downloads since 2017-09-08 

You don't have the permssions to download the attachments of this post.

13

Re: rebuilding server

palloy wrote:

Error in config file: /etc/amavis/conf.d/50-user: Can't open PEM file /var/lib/dkim/palloy.earth.pem: Permission denied at /usr/sbin/amavisd-new line 636

Run command below to fix it:

chown amavis:amavis /var/lib/dkim/palloy.earth.pem
chmod 0400 /var/lib/dkim/palloy.earth.pem

Then run Amavisd service again.

14

Re: rebuilding server

ZhangHuangbin wrote:
palloy wrote:

Error in config file: /etc/amavis/conf.d/50-user: Can't open PEM file /var/lib/dkim/palloy.earth.pem: Permission denied at /usr/sbin/amavisd-new line 636

Run command below to fix it:

chown amavis:amavis /var/lib/dkim/palloy.earth.pem
chmod 0400 /var/lib/dkim/palloy.earth.pem

Then run Amavisd service again.

OK, doesn't seem to be any different. Attached.

Post's attachments

amavisd-new.debug.3.txt 18.15 kb, 1 downloads since 2017-09-08 

You don't have the permssions to download the attachments of this post.

15

Re: rebuilding server

Are ports 10024, 10026 and 9998 open after you run "amavisd debug"? You can open a new ssh session or console to check.

if not, try another command:

amavisd-new debug-sa

16

Re: rebuilding server

output from ports scan

Post's attachments

portscan.txt 296 b, 2 downloads since 2017-09-08 

You don't have the permssions to download the attachments of this post.

17

Re: rebuilding server

OK, seems working. What's the issue now?

18

Re: rebuilding server

Sending from one account to another sends OK but doesn't arrive. Now I have to wait another 4 days for it give up trying and tell me what went wrong.

The daily summaries that postmaster@ used to receive no longer arrive.

Post's attachments

amavisd-new.debug-sa.4.txt 10.02 kb, 1 downloads since 2017-09-08 

You don't have the permssions to download the attachments of this post.

19

Re: rebuilding server

After you tested Amavisd with "amavisd-new debug" and/or "amavisd-new debug-sa", you should terminate the command on console, then run "service amavis restart" to keep Amavisd running in the background, and run "netstat -netstat" to make sure ports 10024/10026/9998 are open locally.

Check Postfix log file to see whether there's some error.

20

Re: rebuilding server

ZhangHuangbin wrote:

After you tested Amavisd with "amavisd-new debug" and/or "amavisd-new debug-sa", you should terminate the command on console, then run "service amavis restart" to keep Amavisd running in the background, and run "netstat -netstat" to make sure ports 10024/10026/9998 are open locally.

Check Postfix log file to see whether there's some error.

Nestat doesn't seem to talk about ports open. No errors.
My PHP script shows the ports are closed.
mail.log doesn't show any errors other than "10024: connection refused"

I have no idea where we are now, or what I am doing.
I think this situation is hopeless and a reinstall is necessary after all.
Thanks for your patience.

21

Re: rebuilding server

Related to this question...

@zhang Which distro/version would you say is the most reliable, best supported, etc? I chose ubuntu xenial but I am looking to replace some mail servers long term, and so would be willing to start over before I migrate.

22

Re: rebuilding server

Debian.

23

Re: rebuilding server

ragboy wrote:

@zhang Which distro/version would you say is the most reliable, best supported, etc? I chose ubuntu xenial but I am looking to replace some mail servers long term, and so would be willing to start over before I migrate.

Ubuntu 16.04, Debian 9, CentOS 7, OpenBSD 6.1.

Since FreeBSD ports tree changes everyday, sometimes the ports used by iRedMail may fail to build.