Failed to start chasquid mail daemon

[Magnus Schmitz | bodyagency]

Hi there.

I am trying to set up a chasquid/dovecot installation on a fresh debian 11 vm. 

The chasquid service always fails:

░░ The unit chasquid.service has entered the 'failed' state with result 'exit-code'.

Apr 29 12:50:49 mail systemd[1]: Failed to start chasquid mail daemon (service).

░░ Subject: A start job for unit chasquid.service has failed

░░ Defined-By: systemd

░░ Support: https://www.debian.org/support

░░ 

░░ A start job for unit chasquid.service has finished with a failure.

░░ 

░░ The job identifier is 10714 and the job result is failed.

Apr 29 12:50:49 mail systemd[1]: chasquid-submission.socket: Failed with result 'service-start-limit-hit'.

░░ Subject: Unit failed

░░ Defined-By: systemd

░░ Support: https://www.debian.org/support

░░ 

░░ The unit chasquid-submission.socket has entered the 'failed' state with result 'service-start-limit-hit'.

Apr 29 12:50:49 mail systemd[1]: chasquid-smtp.socket: Failed with result 'service-start-limit-hit'.

░░ Subject: Unit failed

░░ Defined-By: systemd

░░ Support: https://www.debian.org/support

░░ 

░░ The unit chasquid-smtp.socket has entered the 'failed' state with result 'service-start-limit-hit'.

Apr 29 12:50:49 mail systemd[1]: chasquid-submission_tls.socket: Failed with result 'service-start-limit-hit'.

░░ Subject: Unit failed

░░ Defined-By: systemd

░░ Support: https://www.debian.org/support

░░ 

Syslog syas:

Apr 29 12:50:49 mail systemd[1]: Started chasquid mail daemon (service). 

Apr 29 12:50:49 mail chasquid[5541]: _ chasquid.go:70     chasquid starting (version 1.6-1+b5) 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:134      Configuration: 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:135        Hostname: „mail.MYDOMAIN.TLD" 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:136        Max data size (MB): 75 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:137        SMTP Addresses: [systemd :25] 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:138        Submission Addresses: [systemd :587] 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:139        Submission+TLS Addresses: [systemd :465] 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:140        Monitoring address: 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:141        MDA: /usr/bin/mda-lmtp [--addr /run/dovecot/lmtp -f %from% -d %to_user%] 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:142        Data directory: /var/lib/chasquid 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:143        Suffix separators: + 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:144        Drop characters: . 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:145        Mail log: <syslog> 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:146        Dovecot auth: true ("", "") 

Apr 29 12:50:49 mail chasquid[5541]: _ config.go:148        HAProxy incoming: false 

Apr 29 12:50:49 mail chasquid[5541]: _ chasquid.go:292    Fallback authenticator: DovecotAuth("/var/run/dovecot/auth-chasquid-userdb", "/var/run/dovecot/auth-chasquid-client") 

Apr 29 12:50:49 mail chasquid[5541]: _ chasquid.go:113    Loading certificates 

Apr 29 12:50:49 mail chasquid[5541]: _ chasquid.go:122      mail.MYDOMAIN.TLD

Apr 29 12:50:49 mail chasquid[5541]: _ chasquid.go:140    Domain config paths: 

Apr 29 12:50:49 mail chasquid[5541]: _ chasquid.go:263      MYDOMAIN.TLD 

Apr 29 12:50:49 mail chasquid[5541]: _ chasquid.go:267        adding users 

Apr 29 12:50:49 mail chasquid[5541]: _ chasquid.go:276        adding aliases 

Apr 29 12:50:49 mail chasquid[5541]: ☠ server.go:218      Error listening: listen tcp :25: bind: permission denied 

Apr 29 12:50:49 mail systemd[1]: chasquid.service: Main process exited, code=exited, status=1/FAILURE 

Apr 29 12:50:49 mail systemd[1]: chasquid.service: Failed with result 'exit-code'. 

Apr 29 12:50:49 mail systemd[1]: chasquid.service: Scheduled restart job, restart counter is at 158. 

Apr 29 12:50:49 mail systemd[1]: Stopped chasquid mail daemon (service). 

Apr 29 12:50:49 mail systemd[1]: chasquid.service: Start request repeated too quickly. 

Apr 29 12:50:49 mail systemd[1]: chasquid.service: Failed with result 'exit-code'. 

Apr 29 12:50:49 mail systemd[1]: Failed to start chasquid mail daemon (service). 

Apr 29 12:50:49 mail systemd[1]: chasquid-submission.socket: Failed with result 'service-start-limit-hit'. 

Apr 29 12:50:49 mail systemd[1]: chasquid-smtp.socket: Failed with result 'service-start-limit-hit'. 

Apr 29 12:50:49 mail systemd[1]: chasquid-submission_tls.socket: Failed with result 'service-start-limit-hit‘. 

How can I give chasquid access to the ports 25 / 465 / 587 ?

Thanks for helping out,

Magnus. 

[Alberto Bertogli]

On Sat, Apr 29, 2023 at 03:09:42PM +0200, 'Magnus Schmitz | bodyagency' via chasquid wrote:
>Hi there.

Hi! Thanks for reporting this!

>I am trying to set up a chasquid/dovecot installation on a fresh debian 11 vm. 
>
>The chasquid service always fails:

[...]

The issue is that you're probably telling chasquid to listen on port
25/465/587 directly, instead of having systemd do that and pass the file
descriptor (which is the default in the Debian install).

Have you done any changes to chasquid.conf? You don't need to tell it
any ports in the config, the default is to take them from systemd.

What are the contents of /etc/chasquid/chasquid.conf,
/etc/systemd/system/chasquid.service (if it exists) and
/lib/systemd/system/chasquid.service ?

>How can I give chasquid access to the ports 25 / 465 / 587 ?

The default Debian install does this already, by having systemd open the
sockets on those ports (see the /lib/systemd/system/chasquid*.socket
files), and then chasquid will get the socket file descriptors by
default (this is configured in chasquid.conf, but it is the default
value so there's no need to do anything in this mode).

I hope this helps!

Thanks,
Alberto

[Magnus Schmitz (bodyagency)]

Perfect, thank you - I figured it out with your questions. ;-)

One more question about the sockets. They all listen on IPv6 only. Adding

BindIPv6Only=both or BindIPv6Only=default

did not change it.

I now made the sockets listen to IPv4 with ListenStream=0.0.0.0:port

How can I make the socket to listen to both IPv4 and 6?

Greetz,

Magnus

[Alberto Bertogli]

On Mon, May 08, 2023 at 02:11:32PM -0700, 'Magnus Schmitz (bodyagency)' via chasquid wrote:
>Perfect, thank you - I figured it out with your questions. ;-)
>
>One more question about the sockets. They all listen on IPv6 only. Adding
>
>BindIPv6Only=both or BindIPv6Only=default
>
>did not change it.
>
>I now made the sockets listen to IPv4 with ListenStream=0.0.0.0:port
>
>How can I make the socket to listen to both IPv4 and 6?

That's a systemd question: chasquid will accept and use the sockets
regardless.

That said, usually Linux sockets listening on ipv6 will automatically
accept connections over ipv4 too. This is configured in
/proc/sys/net/ipv6/bindv6only, and the default is 0 (i.e. behave as the
previous sentence).

And this is in the systemd documentation:

https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=

If the address string is a single number, it is read as port number to
listen on via IPv6. Depending on the value of BindIPv6Only= (see
below) this might result in the service being available via both IPv6
and IPv4 (default) or just via IPv6.
[...]
If the address string is a string in the format "[x]:y", it is
interpreted as IPv6 address x and port y. [...] Note that if an
address is specified as IPv6, it might still make the service
available via IPv4 too, depending on the BindIPv6Only= setting (see
below).


So if you use "ListenStream=port", it will make them listen on ipv6 and
the kernel will (by default) accept connections over ipv6 and ipv4.
chasquid handles this just fine, no need to change any settings.

Thanks!
Alberto


PS: You can also have multiple systemd listening sockets for a single
descriptor name (e.g. one socket for ipv4 and one socket for ipv6),
chasquid also supports that transparently, but that type of
configuration is normally is not needed.