after install ssl certificate fatal bind xxx.xxx.xxx.xx port 587 already in use

linux ubuntu postfix bind virtualmin

10,522

Well looks like you have two entries of submission on master.cf

# grep submission master.cf | grep -v ^#
submission inet n       -       -       -       -       smtpd
submission      inet    n       -       -       -       -       smtpd -o smtpd_sasl_auth_enable=yes

Second line will instructs postfix to listen on port 587 (again). That's why postfix complain with error message

fatal: bind xxx.xxx.xxx.xx port 587: Address already in use

Remove either of those submission lines.

10,522

Carlive1

Updated on September 18, 2022

Comments

Carlive1 almost 2 years

I have an Ubuntu 12.04 server setup with Virtualmin/Webmin latest version using a self-signed certificate generated during installation working fine for more than a year without any problem. This week I installed a GoDaddy certificate (Not wildcard) in one of my 7 domains that is not the default domain. Following the Virtualmin documentation everything was done well and the https site is ok but some problems started to happen with Postfix Mail Server. It complete stopped and could not be started again. After try to restart the server and postfix checking mail.log for errors found:

Jul  7 18:04:01 server1 postfix/master[12140]: fatal: bind xxx.xxx.xxx.xx port 587: Address already in use
Jul  7 18:31:36 server1 postfix/postfix-script[13766]: fatal: the Postfix mail system is not running
Jul  7 18:31:37 server1 postfix/postfix-script[13865]: starting the Postfix mail system
Jul  7 18:31:37 server1 postfix/master[13866]: fatal: bind xxx.xxx.xxx.xx port 587: Address already in use
Jul  7 18:37:07 server1 postfix/postfix-script[14208]: starting the Postfix mail system
Jul  7 18:37:07 server1 postfix/master[14209]: fatal: bind xxx.xxx.xxx.xx port 587: Address already in use

I am using external DNS from GoDaddy instead of Virtualmin BIND. Checked for incorrect configurations and found nothing. Made a complete verification in the server terminal with nmap, netstat, iptables and found nothing wrong. All necessary ports are open including port 587.

The server IP is XXX.XXX.XXX.XX that is shared with 6 virtual servers including the server host "server1.myhost.com" in eth0:0 and the certificate is installed in IP YYY.YY.YYY.YYY (Private IP) running in eth0:1 just for the domain mycustomerdomain.com.

If SSL for mycustomerdomain.com is disabled in Virtualmin panel, postfix start again normally. As soon as SSL is enabled SSL postfix stops with the same log entry. I am sure that the certificate is OK. I think that it is a bug in Virtualmin because although this installation is more than year old it was made from a fresh Ubuntu 12.04 LAMP install and has been updated every week ever since.

This is the result of netstat -tlnp | grep 587 after disable SSL and start Postfix:

root@server1:~# netstat -tlnp | grep 587
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      24934/master
tcp6       0      0 :::587                  :::*                    LISTEN      24934/master

The contents of master.cf:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp    inet    n       -       -       -       -       smtpd -o smtpd_sasl_auth_enable=yes
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps   inet    n       -       -       -       -       smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_n$
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

submission      inet    n       -       -       -       -       smtpd -o smtpd_sasl_auth_enable=yes
smtp-14128634181497     unix    -       -       -       -       -       smtp -o smtp_bind_address=XXX.XXX.XXX.XX

squareborg almost 9 years

add the output of sudo netstat -tlnp | grep 587
Carlive1 almost 9 years

Post edited. Results of netstat for port 587 added. As far as I know my server uses only IPv4. Never configured the server for IPv6 from the beginning unless Virtualmin did it without my knowledge. Just in case that IPv6 is somehow enabled how can I find it and disable it?
masegaloeh almost 9 years

Post the content of master.cf
Carlive1 almost 9 years

Contents of master.cf added.

Carlive1 almost 9 years

It worked! I commented the first entry then activated SSL for that domain again and this time Postfix did not stop. Since that line was added by Virtualmin I though it was necessary and never tried to remove. Everything is working now but emails still use primary server IP smtp instead the virtual IP ssmtp installed for that domain. Maybe something have to be changed in Virtualmin panel related to the certificate installation.