1 Topic by dragos.giba

  • dragos.giba
  • Member
  • Offline
  • Registered: 2014-06-30
  • Posts: 8

Topic: Connect to 127.0.0.1 : connection refused from outside lan

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

Hello,

-iredMail version 0.8.7 to 0.9.0
- Debian 7
- MySQL
- apache (not working), ngix (not working)
- yes

I have purchased the updated version of iredadmin pro and since the update, nothing works well. I had a lot of issues and i finally came to 3 problems: lost connection with 127.0.0.1[127.0.0.1] while sending MAIL FROM, connect to 127.0.0.1[127.0.0.1]:10024: Connection refused and apache not working, tried also nginx - failure
I also think that i have a problem with amavisd-new

Here are the configs:

main.cf - postfix
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

#smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

#smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
myhostname = mxdeltaacm.deltaacm.ro
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
myorigin = mxdeltaacm.deltaacm.ro
mydestination = $myhostname, $mydomain localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8, 192.168.100.0/24, 82.208.177.69, 192.168.100.225, 192.168.100.245, 192.168.100.190, 192.168.100.246, 192.168.100.135, [::1]/128, 192.168.13.0/24, 192.168.99.0/24
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
virtual_alias_domains =
allow_percent_hack = no
swap_bangpath = no
mydomain = mxdeltaacm.deltaacm.ro
mynetworks_style = host
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtp_tls_security_level = may
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = yes
smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject_invalid_hostname reject_unlisted_sender
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
delay_warning_time = 0h
maximal_queue_lifetime = 4h
bounce_queue_lifetime = 4h
#proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
#smtpd_helo_required = yes
#smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
queue_run_delay = 300s
minimal_backoff_time = 300s
maximal_backoff_time = 4000s
enable_original_recipient = no
disable_vrfy_command = yes
home_mailbox = Maildir/
allow_min_user = no
message_size_limit = 104857600
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
transport_maps = mysql:/etc/postfix/mysql/transport_maps_user.cf, mysql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf, mysql:/etc/postfix/mysql/domain_alias_maps.cf, mysql:/etc/postfix/mysql/catchall_maps.cf, mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
sender_bcc_maps = mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
recipient_bcc_maps = mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
#relay_domains = $mydestination, mysql:/etc/postfix/mysql/relay_domains.cf
smtpd_sender_login_maps = mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
#smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:[127.0.0.1]:10031
#smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_tls_security_level = may
smtpd_tls_loglevel = 0
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
tls_random_source = dev:/dev/urandom
virtual_transport = lmtp:unix:private/dovecot-lmtp
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
#content_filter = smtp-amavis:[127.0.0.1]:10024
smtp-amavis_destination_recipient_limit = 1

master.cf
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix    -    n    n    -    2    pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10024

# Use dovecot deliver program as LDA.
dovecot unix    -       n       n       -       -      pipe
    flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}

smtp-amavis unix -  -   -   -   25  smtp
    -o smtp_data_done_timeout=3600
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -   -   -   10  smtpd
    -o content_filter=
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o strict_rfc821_envelopes=yes
    -o smtp_tls_security_level=none
    -o smtpd_tls_security_level=none
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_end_of_data_restrictions=
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

Any suggestions?

Thank you!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Connect to 127.0.0.1 : connection refused from outside lan

Port 10024 is amavisd service, please try to start it first. Check its log file (same as postfix log file) to see if there's any error.

3 Reply by dragos.giba

  • dragos.giba
  • Member
  • Offline
  • Registered: 2014-06-30
  • Posts: 8

Re: Connect to 127.0.0.1 : connection refused from outside lan

ZhangHuangbin wrote:

Port 10024 is amavisd service, please try to start it first. Check its log file (same as postfix log file) to see if there's any error.


For local it works ok, and also for some of the outside network connected clients. When i try to use my phone to send e-mail (outside local network) the outpot of the log is like that:

Apr 25 12:03:50 mxdeltaacm postfix/smtpd[5236]: connect from unknown[109.166.128.1]
Apr 25 12:03:52 mxdeltaacm postfix/smtpd[5236]: 4E08141155EF: client=unknown[109.166.128.1], sasl_method=LOGIN, sasl_username=dragos.giba@deltaacm.ro
Apr 25 12:03:52 mxdeltaacm postfix/cleanup[5032]: 4E08141155EF: message-id=<>
Apr 25 12:03:52 mxdeltaacm postfix/qmgr[810]: 4E08141155EF: from=<dragos.giba@deltaacm.ro>, size=1126, nrcpt=1 (queue active)
Apr 25 12:03:52 mxdeltaacm postfix/smtp[5253]: 4E08141155EF: to=<dragos.giba@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.78, delays=0.76/0.01/0.01/0.01, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while sending MAIL FROM)
Apr 25 12:03:53 mxdeltaacm postfix/smtpd[5236]: disconnect from unknown[109.166.128.1]


Thank you!

4 Reply by dragos.giba

  • dragos.giba
  • Member
  • Offline
  • Registered: 2014-06-30
  • Posts: 8

Re: Connect to 127.0.0.1 : connection refused from outside lan

dragos.giba wrote:
ZhangHuangbin wrote:

Port 10024 is amavisd service, please try to start it first. Check its log file (same as postfix log file) to see if there's any error.


For local it works ok, and also for some of the outside network connected clients. When i try to use my phone to send e-mail (outside local network) the outpot of the log is like that:

Apr 25 12:03:50 mxdeltaacm postfix/smtpd[5236]: connect from unknown[109.166.128.1]
Apr 25 12:03:52 mxdeltaacm postfix/smtpd[5236]: 4E08141155EF: client=unknown[109.166.128.1], sasl_method=LOGIN, sasl_username=dragos.giba@deltaacm.ro
Apr 25 12:03:52 mxdeltaacm postfix/cleanup[5032]: 4E08141155EF: message-id=<>
Apr 25 12:03:52 mxdeltaacm postfix/qmgr[810]: 4E08141155EF: from=<dragos.giba@deltaacm.ro>, size=1126, nrcpt=1 (queue active)
Apr 25 12:03:52 mxdeltaacm postfix/smtp[5253]: 4E08141155EF: to=<dragos.giba@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.78, delays=0.76/0.01/0.01/0.01, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while sending MAIL FROM)
Apr 25 12:03:53 mxdeltaacm postfix/smtpd[5236]: disconnect from unknown[109.166.128.1]


Thank you!

and telnet test for port 35 is:

root@mxdeltaacm:/var/log# telnet mxdeltaacm.deltaacm.ro 25
Trying 192.168.100.23...
Trying 82.208.177.69...
Connected to mxdeltaacm.deltaacm.ro.
Escape character is '^]'.
220 mxdeltaacm.deltaacm.ro ESMTP Postfix

Thank you!

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Connect to 127.0.0.1 : connection refused from outside lan

Excuse me, did you check my reply?

ZhangHuangbin wrote:

Port 10024 is amavisd service, please try to start it first. Check its log file (same as postfix log file) to see if there's any error.

6 Reply by dragos.giba

  • dragos.giba
  • Member
  • Offline
  • Registered: 2014-06-30
  • Posts: 8

Re: Connect to 127.0.0.1 : connection refused from outside lan

Yes, amavisd service is started

7 Reply by dragos.giba

  • dragos.giba
  • Member
  • Offline
  • Registered: 2014-06-30
  • Posts: 8

Re: Connect to 127.0.0.1 : connection refused from outside lan

dragos.giba wrote:

Yes, amavisd service is started

is amavisd-new service

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Connect to 127.0.0.1 : connection refused from outside lan

dragos.giba wrote:

Apr 25 12:03:52 mxdeltaacm postfix/smtp[5253]: 4E08141155EF: to=<dragos.giba@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.78, delays=0.76/0.01/0.01/0.01, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while sending MAIL FROM)

Postfix cannot pipe email to Amavisd through port 10024, that means Amavisd is not (properly) running.

*) Any related error in Amavisd log file (same as Postfix log file)?
*) Show us output of command please:

netstat -ntlp | grep 1002

9 Reply by dragos.giba

  • dragos.giba
  • Member
  • Offline
  • Registered: 2014-06-30
  • Posts: 8

Re: Connect to 127.0.0.1 : connection refused from outside lan

ZhangHuangbin wrote:
dragos.giba wrote:

Apr 25 12:03:52 mxdeltaacm postfix/smtp[5253]: 4E08141155EF: to=<dragos.giba@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.78, delays=0.76/0.01/0.01/0.01, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while sending MAIL FROM)

Postfix cannot pipe email to Amavisd through port 10024, that means Amavisd is not (properly) running.

*) Any related error in Amavisd log file (same as Postfix log file)?
*) Show us output of command please:

netstat -ntlp | grep 1002

The output for netstat is:

tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      19217/amavisd-new (
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      18826/master

10 Reply by dragos.giba

  • dragos.giba
  • Member
  • Offline
  • Registered: 2014-06-30
  • Posts: 8

Re: Connect to 127.0.0.1 : connection refused from outside lan

dragos.giba wrote:
ZhangHuangbin wrote:
dragos.giba wrote:

Apr 25 12:03:52 mxdeltaacm postfix/smtp[5253]: 4E08141155EF: to=<dragos.giba@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.78, delays=0.76/0.01/0.01/0.01, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while sending MAIL FROM)

Postfix cannot pipe email to Amavisd through port 10024, that means Amavisd is not (properly) running.

*) Any related error in Amavisd log file (same as Postfix log file)?
*) Show us output of command please:

netstat -ntlp | grep 1002

The output for netstat is:

tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      19217/amavisd-new (
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      18826/master


And the content of 50-user file in amavis conf.d is :

use strict;

#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#


#------------ Do not modify anything below this line -------------
#{1}


chomp($mydomain = "mxdeltaacm.deltaacm.ro");
@local_domains_maps = 1;
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

# listen on multiple TCP ports. 9998 is used for releasing quarantined mails.
$inet_socket_port = [10024, 9998];

# Enable virus check.
@bypass_virus_checks_maps = (
   \%bypass_virus_checks,
   \@bypass_virus_checks_acl,
   $bypass_virus_checks_re,
   );

# Enable spam check.
@bypass_spam_checks_maps = (
    \%bypass_spam_checks,
    \@bypass_spam_checks_acl,
    $bypass_spam_checks_re,
    );

$mailfrom_notify_admin = "root\@$mydomain";
$mailfrom_notify_recip = "root\@$mydomain";
$mailfrom_notify_spamadmin = "root\@$mydomain";

# Mail notify.
$mailfrom_notify_admin     = "root\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "root\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "root\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

# Disable defang banned mail.
$defang_banned = 0;  # MIME-wrap passed mail containing banned name

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
  allow_disclaimers => 1,  # enables disclaimer insertion if available
};

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
 
  # notify administrator of locally originating malware
  virus_admin_maps => ["root\@$mydomain"],
  spam_admin_maps  => ["root\@$mydomain"],
  warnbadhsender   => 0,
  warnbannedsender   => 0,
  warnvirussender  => 1,
  warnspamsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  #forward_method => 'smtp:[amavis]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  #bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};

# SpamAssassin debugging. Default if off(0).
# Note: '$log_level' variable above is required for SA debug.
$log_level = 0;              # verbosity 0..5, -d
$sa_debug = 0;

# Set hostname.
$myhostname = "mxdeltaacm.deltaacm.ro";

# Set listen IP/PORT.
$notify_method  = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';

# Set default action.
# Available actions: D_PASS, D_BOUNCE, D_REJECT, D_DISCARD.
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_DISCARD;
$final_spam_destiny       = D_DISCARD;
$final_bad_header_destiny = D_PASS;
@av_scanners = (

    #### http://www.clamav.net/
    ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
    qr/\bOK$/, qr/\bFOUND$/,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

@av_scanners_backup = (

    ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
    ['ClamAV-clamscan', 'clamscan',
    "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

# This policy will perform virus checks only.
#$interface_policy{'10026'} = 'VIRUSONLY';
#$policy_bank{'VIRUSONLY'} = { # mail from the pickup daemon
#    bypass_spam_checks_maps   => [1],  # don't spam-check this mail
#    bypass_banned_checks_maps => [1],  # don't banned-check this mail
#    bypass_header_checks_maps => [1],  # don't header-check this mail
#};

# Allow SASL authenticated users to bypass scanning. Typically SASL
# users already submit messages to the submission port (587) or the
# smtps port (465):
#$interface_policy{'10026'} = 'SASLBYPASS';
#$policy_bank{'SASLBYPASS'} = {  # mail from submission and smtps ports
#    bypass_spam_checks_maps   => [1],  # don't spam-check this mail
#    bypass_banned_checks_maps => [1],  # don't banned-check this mail
#    bypass_header_checks_maps => [1],  # don't header-check this mail
#};

# Apply to mails which coming from internal networks or authenticated
# roaming users.
# mail supposedly originating from our users
$policy_bank{'MYUSERS'} = {
    # declare that mail was submitted by our smtp client
    originating => 1,

    # enables disclaimer insertion if available
    allow_disclaimers => 1,

    # notify administrator of locally originating malware
    virus_admin_maps => ["root\@$mydomain"],
    spam_admin_maps  => ["root\@$mydomain"],

    # forward to a smtpd service providing DKIM signing service
    #forward_method => 'smtp:[127.0.0.1]:10027',

    # force MTA conversion to 7-bit (e.g. before DKIM signing)
    smtpd_discard_ehlo_keywords => ['8BITMIME'],

    # don't remove NOTIFY=SUCCESS option
    terminate_dsn_on_notify_success => 0,

    # don't perform spam/virus/header check.
    #bypass_spam_checks_maps => [1],
    #bypass_virus_checks_maps => [1],
    #bypass_header_checks_maps => [1],

    # allow sending any file names and types
    #bypass_banned_checks_maps => [1],

    # Quarantine clean messages
    #clean_quarantine_method => 'sql:',
    #final_destiny_by_ccat => {CC_CLEAN, D_DISCARD},
};

# regular incoming mail, originating from anywhere (usually from outside)
#$policy_bank{'EXT'} = {
#  # just use global settings, no special overrides
#};

#
# Port used to release quarantined mails.
#
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
    protocol => 'AM.PDP',       # select Amavis policy delegation protocol
    inet_acl => [qw( 127.0.0.1 [::1] )],    # restrict access to these IP addresses
    auth_required_release => 1,    # 0 - don't require secret_id for amavisd-release
    #log_level => 4,
    #always_bcc_by_ccat => {CC_CLEAN, 'admin@example.com'},
};

#########################
# Quarantine mails.
#

# Don't quarantine mails with bad header.
$bad_header_quarantine_method = undef;

# Quarantine SPAM.
# Where to store quarantined mail message:
#   - 'local:spam-%i-%m', quarantine mail on local file system.
#   - 'sql:', quarantine mail in SQL server specified in @storage_sql_dsn.
#   - undef, do not quarantine mail.
#$spam_quarantine_method = undef;
$spam_quarantine_method = 'sql:';
$spam_quarantine_to = 'spam-quarantine';

#########################
# Quarantine VIRUS mails.
#
$virus_quarantine_to     = 'virus-quarantine';
$virus_quarantine_method = 'sql:';

#########################
# Quarantine BANNED mails.
#
$banned_files_quarantine_method = undef;
# Or quarantine banned mail to SQL server.
$banned_files_quarantine_method = 'sql:';
$banned_quarantine_to = 'banned-quarantine';

#########################
# Quarantine CLEAN mails.
# Don't forget to enable clean quarantine in policy bank 'MYUSERS'.
#
# = 'sql:';
# = 'clean-quarantine';

# Modify email subject, add '$sa_spam_subject_tag'.
#   0:  disable
#   1:  enable
$sa_spam_modifies_subj = 1;

# remove existing headers
#$remove_existing_x_scanned_headers= 0;
#$remove_existing_spam_headers = 0;

# Leave empty (undef) to add no header.
# Modify /usr/sbin/amavisd or /usr/sbin/amavisd-new file to add customize header in:
#
#   sub add_forwarding_header_edits_per_recip
#
#$X_HEADER_TAG = 'X-Virus-Scanned';
#$X_HEADER_LINE = "by amavisd at $myhostname";

# Notify virus sender?
#$warnvirussender = 0;

# Notify spam sender?
#$warnspamsender = 0;

# Notify sender of banned files?
$warnbannedsender = 0;

# Notify sender of syntactically invalid header containing non-ASCII characters?
$warnbadhsender = 0;

# Notify virus (or banned files) RECIPIENT?
#  (not very useful, but some policies demand it)
$warnvirusrecip = 0;
$warnbannedrecip = 0;

# Notify also non-local virus/banned recipients if $warn*recip is true?
#  (including those not matching local_domains*)
$warn_offsite = 0;

#$notify_sender_templ      = read_text('/var/amavis/notify_sender.txt');
#$notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
#$notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
#$notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
#$notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
#$notify_spam_admin_templ  = read_text('/var/amavis/notify_spam_admin.txt');

$sql_allow_8bit_address = 1;
$timestamp_fmt_mysql = 1;

# a string to prepend to Subject (for local recipients only) if mail could
# not be decoded or checked entirely, e.g. due to password-protected archives
#$undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it
$undecipherable_subject_tag = undef;
# Hope to fix 'nested MAIL command' issue on high load server.
$smtp_connection_cache_enable = 0;

# The default set of header fields to be signed can be controlled
# by setting %signed_header_fields elements to true (to sign) or
# to false (not to sign). Keys must be in lowercase, e.g.:
# 0 -> off
# 1 -> on
$signed_header_fields{'received'} = 0;
$signed_header_fields{'to'} = 1;

# Make sure it sings all inbound mails, avoid error log like this:
# 'dkim: not signing inbound mail'.
$originating = 1;

# Add dkim_key here.
dkim_key("deltaacm.ro", "dkim", "/var/lib/dkim/deltaacm.ro.pem");

# Note that signing mail for subdomains with a key of a parent
# domain is treated by recipients as a third-party key, which
# may 'hold less merit' in their eyes. If one has a choice,
# it is better to publish a key for each domain (e.g. host1.a.cn)
# if mail is really coming from it. Sharing a pem file
# for multiple domains may be acceptable, so you don't need
# to generate a different key for each subdomain, but you
# do need to publish it in each subdomain. It is probably
# easier to avoid sending addresses like host1.a.cn and
# always use a parent domain (a.cn) in 'From:', thus
# avoiding the issue altogether.
#dkim_key("host1.deltaacm.ro", "dkim", "/var/lib/dkim/deltaacm.ro.pem");
#dkim_key("host3.deltaacm.ro", "dkim", "/var/lib/dkim/deltaacm.ro.pem");

# Add new dkim_key for other domain.
#dkim_key('Your_New_Domain_Name', 'dkim', 'Your_New_Pem_File');

@dkim_signature_options_bysender_maps = ( {
    # ------------------------------------
    # For domain: deltaacm.ro.
    # ------------------------------------
    # 'd' defaults to a domain of an author/sender address,
    # 's' defaults to whatever selector is offered by a matching key

    #'postmaster@deltaacm.ro'    => { d => "deltaacm.ro", a => 'rsa-sha256', ttl =>  7*24*3600 },
    #"spam-reporter@deltaacm.ro"    => { d => "deltaacm.ro", a => 'rsa-sha256', ttl =>  7*24*3600 },

    # explicit 'd' forces a third-party signature on foreign (hosted) domains
    "deltaacm.ro"  => { d => "deltaacm.ro", a => 'rsa-sha1', ttl => 10*24*3600 },
    #"deltaacm.ro"  => { d => "deltaacm.ro", a => 'rsa-sha256', ttl => 10*24*3600 },
    #"host1.deltaacm.ro"  => { d => "host1.deltaacm.ro", a => 'rsa-sha256', ttl => 10*24*3600 },
    #"host2.deltaacm.ro"  => { d => "host2.deltaacm.ro", a => 'rsa-sha256', ttl => 10*24*3600 },
    # ---- End domain: deltaacm.ro ----

    # catchall defaults
    '.' => { a => 'rsa-sha256', c => 'relaxed/simple', ttl => 30*24*3600 },
} );
$enable_dkim_verification = 1;  # enable DKIM signatures verification
$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key
# ------------ Disclaimer Setting ---------------
# Uncomment this line to enable singing disclaimer in outgoing mails.
#$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];

# Program used to signing disclaimer in outgoing mails.
$altermime = '/usr/bin/altermime';

# Disclaimer in plain text formart.
@altermime_args_disclaimer = qw(--disclaimer=/etc/postfix/disclaimer/_OPTION_.txt --disclaimer-html=/etc/postfix/disclaimer/_OPTION_.txt --force-for-bad-html);

@disclaimer_options_bysender_maps = ({
    # Per-domain disclaimer setting: /etc/postfix/disclaimer/host1.iredmail.org.txt
    #'host1.iredmail.org' => 'host1.iredmail.org',

    # Sub-domain disclaimer setting: /etc/postfix/disclaimer/iredmail.org.txt
    #'.iredmail.org'      => 'iredmail.org',

    # Per-user disclaimer setting: /etc/postfix/disclaimer/boss.iredmail.org.txt
    #'boss@iredmail.org'  => 'boss.iredmail.org',

    # Catch-all disclaimer setting: /etc/postfix/disclaimer/default.txt
    '.' => 'default',
},);
# ------------ End Disclaimer Setting ---------------
@storage_sql_dsn = (
    ['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'amavisd', 'MpbU31TYMZdUUbHlY4VOMdCkRgB0jZ'],
);
@lookup_sql_dsn = @storage_sql_dsn;

#Uncomment below two lines to lookup virtual mail domains from MySQL database.
@lookup_sql_dsn =  (
    ['DBI:mysql:database=vmail;host=127.0.0.1;port=3306', 'vmail', 'oodSTYGg6fiBjdP9OScynJwtHEduBe'],
);
# For Amavisd-new-2.7.0 and later versions. Placeholder '%d' is available in Amavisd-2.7.0+.
#$sql_select_policy = "SELECT domain FROM domain WHERE domain='%d'";

# For Amavisd-new-2.6.x.
# WARNING: IN() may cause MySQL lookup performance issue.
#$sql_select_policy = "SELECT domain FROM domain WHERE CONCAT('@', domain) IN (%k)";
delete $admin_maps_by_ccat{&CC_UNCHECKED};

# Num of pre-forked children.
# WARNING: it must match (equal to or larger than) the number set in
# /etc/postfix/master.cf "maxproc" column for the 'smtp-amavis' service.
$max_servers = 25;

1;  # insure a defined return

11 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Connect to 127.0.0.1 : connection refused from outside lan

*) Any error/warning in Amavisd log file right after you restart amavisd service?
*) Please turn on debug mode in Amavisd, restart it and try to send testing email again. Show us detailed debug log please.
http://www.iredmail.org/docs/debug.amavisd.html

12 Reply by dragos.giba

  • dragos.giba
  • Member
  • Offline
  • Registered: 2014-06-30
  • Posts: 8

Re: Connect to 127.0.0.1 : connection refused from outside lan

ZhangHuangbin wrote:

*) Any error/warning in Amavisd log file right after you restart amavisd service?
*) Please turn on debug mode in Amavisd, restart it and try to send testing email again. Show us detailed debug log please.
http://www.iredmail.org/docs/debug.amavisd.html

Here is the output:

Apr 26 12:05:44 mxdeltaacm amavis[77848]: Net::Server: 2016/04/26-12:05:44 CONNECT TCP Peer: "[127.0.0.1]:47295" Local: "[127.0.0.1]:10024"
Apr 26 12:05:44 mxdeltaacm amavis[77848]: loaded base policy bank
Apr 26 12:05:44 mxdeltaacm amavis[77848]: lookup_ip_acl (inet_acl) arr.obj: key="127.0.0.1" matches "127.0.0.1", result=1
Apr 26 12:05:44 mxdeltaacm amavis[77848]: process_request: fileno sock=13, STDIN=0, STDOUT=1
Apr 26 12:05:44 mxdeltaacm amavis[77848]: get_deadline switch_to_my_time(new request) - deadline in 480.0 s, set to 288.000 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: prolong_timer switch_to_my_time(new request): timer 288, was 0, deadline in 480.0 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: process_request: suggested_protocol="" on a TCP socket
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) SMTP> 220 [127.0.0.1] ESMTP amavisd-new service ready
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) switch_to_client_time 480 s, smtp response sent
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) idle_proc, 4: was busy, 4.9 ms, total idle 0.000 s, busy 0.005 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) smtp readline: read 29 bytes, new size: 29
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) idle_proc, 5: was idle, 0.2 ms, total idle 0.000 s, busy 0.005 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) SMTP< EHLO mxdeltaacm.deltaacm.ro\r\n
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) get_deadline switch_to_my_time(rx SMTP EHLO) - deadline in 480.0 s, set to 288.000 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) prolong_timer switch_to_my_time(rx SMTP EHLO): timer 288, was 480, deadline in 480.0 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250-[127.0.0.1]
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250-VRFY
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250-PIPELINING
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250-SIZE
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250-ENHANCEDSTATUSCODES
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250-8BITMIME
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250-SMTPUTF8
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250-DSN
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) switch_to_client_time 480 s, smtp response sent
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) idle_proc, 6: was busy, 1.0 ms, total idle 0.000 s, busy 0.006 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) smtp readline: read 258 bytes, new size: 258
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) idle_proc, 5: was idle, 0.2 ms, total idle 0.000 s, busy 0.006 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP< XFORWARD NAME=nx.datm.ro ADDR=95.77.102.38 PORT=27537\r\n
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) get_deadline switch_to_my_time(rx SMTP XFORWARD) - deadline in 480.0 s, set to 288.000 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) prolong_timer switch_to_my_time(rx SMTP XFORWARD): timer 288, was 480, deadline in 480.0 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250 2.5.0 Ok XFORWARD
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) switch_to_client_time 480 s, smtp response sent
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) idle_proc, 6: was busy, 0.5 ms, total idle 0.000 s, busy 0.006 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.000 s, busy 0.006 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP< XFORWARD PROTO=ESMTP HELO=[192.168.0.105] IDENT=17D3C4100A77 SOURCE=REMOTE\r\n
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) get_deadline switch_to_my_time(rx SMTP XFORWARD) - deadline in 480.0 s, set to 288.000 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) prolong_timer switch_to_my_time(rx SMTP XFORWARD): timer 288, was 480, deadline in 480.0 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP> 250 2.5.0 Ok XFORWARD
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) switch_to_client_time 480 s, smtp response sent
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) idle_proc, 6: was busy, 0.4 ms, total idle 0.000 s, busy 0.007 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.001 s, busy 0.007 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) ESMTP< MAIL FROM:<gabi.stan@deltaacm.ro> SIZE=2000\r\n
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) get_deadline switch_to_my_time(rx SMTP MAIL) - deadline in 480.0 s, set to 288.000 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) prolong_timer switch_to_my_time(rx SMTP MAIL): timer 288, was 480, deadline in 480.0 s
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) check_mail_begin_task: task_count=1
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) TempDir::prepare_dir: created directory /var/lib/amavis/tmp/amavis-20160426T120544-77848-DnM3TpA7
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) TempDir::prepare_file: creating file /var/lib/amavis/tmp/amavis-20160426T120544-77848-DnM3TpA7/email.txt
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) TempDir::prepare_file: layers: unix,perlio
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) lookup_sql select: SELECT users.*, policy.*, users.id FROM users LEFT JOIN policy ON users.policy_id=policy.id WHERE users.email IN (?,?,?,?,?,?) ORDER BY users.priority DESC
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) sql begin, nontransaction
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) Connecting to SQL database server
Apr 26 12:05:44 mxdeltaacm amavis[77848]: (77848-01) connect_to_sql: trying 'DBI:mysql:database=vmail;host=127.0.0.1;port=3306'
Apr 26 12:05:44 mxdeltaacm amavis[77847]: Net::Server: Starting "1" children
Apr 26 12:05:44 mxdeltaacm amavis[77911]: Net::Server: Child Preforked (77911)
Apr 26 12:05:44 mxdeltaacm amavis[77911]: entered child_init_hook
Apr 26 12:05:44 mxdeltaacm amavis[77911]: storage and lookups will use separate connections to SQL
Apr 26 12:05:44 mxdeltaacm amavis[77911]: SA dbg: plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x8086638) implements 'spamd_child_init', priority 0
Apr 26 12:05:44 mxdeltaacm amavis[77911]: SpamControl: init_child on SpamAssassin done

13 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Connect to 127.0.0.1 : connection refused from outside lan

This issue was solved with a paid support ticket.

The server is running Debian 9 (stretch/sid branch), seems Perl DBI module (MySQL) is broken, enabling Amavisd setting @storage_sql_dsn and/or @lookup_sql_dsn causes Amavisd cannot correctly reply to Postfix while communicating on port 10024.