after install ssl certificate fatal bind xxx.xxx.xxx.xx port 587 already in use
Well looks like you have two entries of submission
on master.cf
# grep submission master.cf | grep -v ^#
submission inet n - - - - smtpd
submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
Second line will instructs postfix to listen on port 587 (again). That's why postfix complain with error message
fatal: bind xxx.xxx.xxx.xx port 587: Address already in use
Remove either of those submission lines.
Related videos on Youtube
![Carlive1](https://i.stack.imgur.com/BLtex.png?s=256&g=1)
Carlive1
Updated on September 18, 2022Comments
-
Carlive1 almost 2 years
I have an Ubuntu 12.04 server setup with Virtualmin/Webmin latest version using a self-signed certificate generated during installation working fine for more than a year without any problem. This week I installed a GoDaddy certificate (Not wildcard) in one of my 7 domains that is not the default domain. Following the Virtualmin documentation everything was done well and the https site is ok but some problems started to happen with Postfix Mail Server. It complete stopped and could not be started again. After try to restart the server and postfix checking mail.log for errors found:
Jul 7 18:04:01 server1 postfix/master[12140]: fatal: bind xxx.xxx.xxx.xx port 587: Address already in use Jul 7 18:31:36 server1 postfix/postfix-script[13766]: fatal: the Postfix mail system is not running Jul 7 18:31:37 server1 postfix/postfix-script[13865]: starting the Postfix mail system Jul 7 18:31:37 server1 postfix/master[13866]: fatal: bind xxx.xxx.xxx.xx port 587: Address already in use Jul 7 18:37:07 server1 postfix/postfix-script[14208]: starting the Postfix mail system Jul 7 18:37:07 server1 postfix/master[14209]: fatal: bind xxx.xxx.xxx.xx port 587: Address already in use
I am using external DNS from GoDaddy instead of Virtualmin BIND. Checked for incorrect configurations and found nothing. Made a complete verification in the server terminal with nmap, netstat, iptables and found nothing wrong. All necessary ports are open including port 587.
The server IP is XXX.XXX.XXX.XX that is shared with 6 virtual servers including the server host "server1.myhost.com" in eth0:0 and the certificate is installed in IP YYY.YY.YYY.YYY (Private IP) running in eth0:1 just for the domain mycustomerdomain.com.
If SSL for mycustomerdomain.com is disabled in Virtualmin panel, postfix start again normally. As soon as SSL is enabled SSL postfix stops with the same log entry. I am sure that the certificate is OK. I think that it is a bug in Virtualmin because although this installation is more than year old it was made from a fresh Ubuntu 12.04 LAMP install and has been updated every week ever since.
This is the result of
netstat -tlnp | grep 587
after disable SSL and start Postfix:root@server1:~# netstat -tlnp | grep 587 tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 24934/master tcp6 0 0 :::587 :::* LISTEN 24934/master
The contents of master.cf:
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy submission inet n - - - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_n$ #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes smtp-14128634181497 unix - - - - - smtp -o smtp_bind_address=XXX.XXX.XXX.XX
-
squareborg almost 9 yearsadd the output of
sudo netstat -tlnp | grep 587
-
Carlive1 almost 9 yearsPost edited. Results of netstat for port 587 added. As far as I know my server uses only IPv4. Never configured the server for IPv6 from the beginning unless Virtualmin did it without my knowledge. Just in case that IPv6 is somehow enabled how can I find it and disable it?
-
masegaloeh almost 9 yearsPost the content of
master.cf
-
Carlive1 almost 9 yearsContents of master.cf added.
-
-
Carlive1 almost 9 yearsIt worked! I commented the first entry then activated SSL for that domain again and this time Postfix did not stop. Since that line was added by Virtualmin I though it was necessary and never tried to remove. Everything is working now but emails still use primary server IP smtp instead the virtual IP ssmtp installed for that domain. Maybe something have to be changed in Virtualmin panel related to the certificate installation.