Postfix won't start, can't figure out why

Operating system: Debian
OS version: 8
Postfix Version: 2.11.3

My postfix stopped working now I can’t receive / send emails. The configuration check tells me nothing useful; it doesn’t indicate any errors (not obvious, no red text or error messages. Used a wide net - grep -iR postfix *.log > postfixGrepLogs.txt in /var/logs folder since I see no postfix log file).

I’ve been grepping the 2GB file of postfix log messages trying to find a clue but (looking for error, fail, start, exit, fatal. Only fatal returned a small number of hits which looks promising, will look into that further. Would be nice if the config check highlighted errors when there are any.

2GB of messages in log like these, which are probably normal as these are email relay rejections:

/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter:  mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: unknown_sender_reject_code=554

I found what I thought was the likely culprit when I found these in the logs:

fatal: bind 0.0.0.0 port 25: Address already in use
fatal: bind 0.0.0.0 port 465: Address already in use

According to netstat -tulpn, there are no listeners on those ports for any of the 3 IP addresses I use, so I contacted my hosting provider and they said they removed the SMTP block on my account. However the problem still occurs after rebooting as instructed by the hosting provider.

I added the lines you suggested by another user here on the forum but I believe the issue is lower level than that.

Looking at the file I created on Friday, I see:
fatal: bind x.x.x.121 port 465: Address already in use
fatal: bind x.x.x.215 port 25: Address already in use

The hosting provider says they unblocked “smtp”, but does that mean ports 465 AND 25? Checked just now and the error on port 465 is no longer found in the logs, so perhaps the cause is port 25. Since I only care about pop3 and smtp on port 465, how do I disable postfix’s use of port 25 in Virtualmin? I presume port 25 is only required on localhost, not externally, so binding to 0.0.0.0:25 rather than 127.0.0.1:25 should be the the proper config, but how is that set in virtualmin?

Oh crap! I reran the “Re-Check configuration” under Server Settings and it said:
Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server. Either add 127.0.0.1 to the list of DNS servers, or turn off the BIND feature on the Features and Plugins page.

… your system is not ready for use by Virtualmin.

So I added 127.0.0.1 to the list of DNS servers, and then I (somehow, not sure how) I came to a list of iinterfaces which showed all 3 of my dedicated IP addresses. The main IP eth0 and the 2 virtual IPs under it. The main one was not active, the other 2 were, so I checked the box for the main IP (x.x.x.215) and clicked apply and that severed all connections, both ssh & https to virtualmin.

Running an email server is complicated, and virtualmin doesn’t help doing so adequately. Perhaps is is better than other free servers, I don’t know. To be fair it has been pretty reliable over the last few years, but then this popped up and I’ve been without email service for days now.

Another issue I have when I say adequately is related to SSL certificates. IF LetsEncrypt certs are unreliable, and from what others say they are, then Virtualmin should recognize that and keep making attempts until certificates are obtained. I get notices all the time from Thunderbird that require an exception to connect to get email.

I’m restarting the server now to see if it will come back up and correct the networking issue.

Looks like the server restart restored the networking, so I can connect again.

Here is what the Re-Check configuration reports now. It has changed considerably:

The status of your system is being checked to ensure that all enabled features are available, that the mail server is properly configured, and that quotas are active …
Your system has 3.87 GiB of memory, which is at or above the Virtualmin recommended minimum of 256 MiB.
BIND DNS server is installed, and the system is configured to use it.
Mail server Postfix is installed and configured.
Postfix can support per-domain outgoing IP addresses, but is not currently configured to do so. This can be setup in the Postfix Mailserver module.

I clicked on that link, but all it provides is a way to edit a file, which I have no clue how to do or even if it’s necessary.

The following PHP versions are available : 5.6.40 (/usr/bin/php5-cgi)
The following PHP execution modes are available : cgi
The following PHP-FPM versions are available on this system : 5.6.33 (php5-fpm)
PHP versions have changed to 5 since last check. Regenerating any missing php.ini files.
ProFTPD is installed.
Logrotate is installed.
SpamAssassin and Procmail are installed and configured for use.
ClamAV is installed and assumed to be running.
Plugin Nginx PHP-FPM website is installed OK.
Using network interface eth0 for virtual IPs.
IPv6 addresses are available, using interface eth0.
Virtualmin could not work out the default IPv4 address for virtual servers on your system. You will need to update either the Network interface for virtual addresses or Default virtual server IP address fields on the module configuration page.
… your system is not ready for use by Virtualmin.

Totally lost on how to resolve this.

Late last night I restored my VPS from a backup taken on the last day postfix was working (Oct 27th). When I initially logged into Virtualmin the notification page showed there were 4 packages available for update and the server status showed all were running including postfix.

As I was ccreating a backup of the webmin & virtualmin configuration, I say a notification flag and when I looked at the notification panel again postfix was no longer running and would not start. I diid NOT initiate an updates so not sure what caused the postfix status to change.

On another machine I saw that some emails came thru, tho duplicates of some I had already seen, except 1 or 2 from the day after (Oct 28th).

I am restoring the same backup again as I write this to see how it comes up and look at the main logs with tail -f so I might see what pops up. All other suggestions are welcome.

Either I was mistaken last night (it was late & after I saw the postfix stopped again I went to bed) or the timing is different today, as I cannot see postfix running upon restoring the backup.

I no longer see a problem with port 25, only 465 on 1 specific IP address.

Now how is it possible to be seeing the same error after I disabled the virtual servers associated with that address, AND netstat says nothing is using it?

fatal: bind xxx.yyy.zzz.121 port 465: Address already in use

bind config passes config check. Listing of the dns zones show it to be disabled (.disabled is appended to the name)

I even commented out all of the lines in master.cf that used that IP address. Nothing seems to affect this problem!

Disk is less than half full, 115 total process on the system according to webmin.

If I don’t get some help with this before this weekend I will have to start from scratch, and it won’t be with webmin / virtualmin if I do.

That kind of sounds rude to formulate a helping question with a somewhat threat. Just saying.
I am sure you don’t mean it that way, but it can be understood that way.
Check your main.cf if there is a double entry for the ip with that specific ports.
Had a similar issue and for whatever reasons postfix put a second port bind into the config.

2 Likes

You are right, @DrCarsonBeckett. I lost interest in helping @thomnet when I read his comment about his having used Virtualmin ‘reliably for the last few years’ - then he admits to having fiddled with the IP address configuration of his working setup and things went south for him, so he shifts blame to Virtualmin and the 2GB postfix logs that he has been parsing manually but grants the concession that perhaps Virtualmin is better than some of the ‘other free servers’, whatever that means.

I don’t know if it is at all possible to help him. No one in the community has responded to his four successive messages / rants for the reason you have outlined, @DrCarsonBeckett

2 Likes

Understood. My apologies for the tone, it came from desperation and not making progress or seeing interest.

Thank you @DrCarsonBeckett for your suggestion. I’ve checked for such things as duplicates and even the mention of that IP address, and that’s what led me to disable the virtual server, the entry in bind in an attempt to see postfix start working and even that has failed. How that can be is weird to me.

Neverthe less, seems as tho my tone and desperation has screwed the pooch on getting help here.

As for reliability, it has beenpretty good, as for the complexity of the UI and intuitiveness of how it is laid out I have to go thru a learning curve each time I get into an issue with this platform. It may not be better iredmail, mailinabox etc, but perhaps it’s time to try.

You get what you pay for is the persistent euphemism that comes to mind here.

Have a good weekend guys.