Debian 12.10
When backing up the server, it seems to help to stop Exim and Dovecot. I’ve been using Hestia to do this: I click on the “gear” for Server Settings, check the box for each server, then Apply to selected: Stop. Ever since around v1.9.1, Hestia comes back with 1 red X and one green check. It looks to me like both servers get stopped, so it is only the green indicator that is goofy.
I had added a new web (sub)domain without enabling Web Statistics. I cannot find a checkbox to do that now, but I did find v-add-web-domain-stats but it tells me Error: invalid user format :: validusername
It works fine on my test server. When the services are up and running, check the status:
systemctl status exim4 --no-pager -l
systemctl status dovecot --no-pager -l
Now stop both services from Web UI and check again the services:
systemctl status exim4 --no-pager -l
systemctl status dovecot --no-pager -l
Also check the Hestia’s log.
tail -n 20 /var/log/hestia/{error.log,system.log}
It’s not a check box but a dropdown menu.
Show the output of this command:
v-list-sys-config json | jq -r '.[]|.STATS_SYSTEM'
I forgot to ask.
What’s the exact command that you’re using? I’m insterested in the username you’re using.
tried admin, just to check; returns the same errmsg as woze
v-add-web-domain-stats admin sub.domain.tld awstats
DUH/OOPS thank you very much .
Works great, I think: Saved ok, including authentication, but the screen tells me “If the aliases changes, Let’s Encrypt will obtain a new SSL certificate.” but doesn’t tell me where to go to find any stats. (/stats and /awstats don’t work), so I got distracted before giving up for now.
I’ll have to get back to you on the rest of your much-appreciated reply…
It’s /vstats/ (the last slash is important).
https://example.com/vstats/
Thank you again very much. (I love examples…)
1 Like
root@s41:~# systemctl status exim4 --no-pager -l
● exim4.service - LSB: exim Mail Transport Agent
Loaded: loaded (/etc/init.d/exim4; generated)
Active: active (running) since Sat 2025-03-29 06:15:55 EDT; 1 week 0 days ago
Docs: man:systemd-sysv-generator(8)
Process: 2330067 ExecStart=/etc/init.d/exim4 start (code=exited, status=0/SUCCESS)
Process: 3553437 ExecReload=/etc/init.d/exim4 reload (code=exited, status=0/SUCCESS)
Tasks: 2 (limit: 2228)
Memory: 31.4M
CPU: 3min 36.546s
CGroup: /system.slice/exim4.service
├─2330315 /usr/sbin/exim4 -bd -q30m
└─3700473 /usr/sbin/exim4 -bd -q30m
Apr 02 06:14:03 s41.mydomain.com systemd[1]: Reloaded exim4.service - LSB: exim Mail Transport Agent.
Apr 03 06:14:04 s41.mydomain.com systemd[1]: Reloading exim4.service - LSB: exim Mail Transport Agent...
Apr 03 06:14:04 s41.mydomain.com exim4[3201214]: Reloading exim4 configuration files: exim4.
Apr 03 06:14:04 s41.mydomain.com systemd[1]: Reloaded exim4.service - LSB: exim Mail Transport Agent.
Apr 04 06:14:04 s41.mydomain.com systemd[1]: Reloading exim4.service - LSB: exim Mail Transport Agent...
Apr 04 06:14:04 s41.mydomain.com exim4[3378572]: Reloading exim4 configuration files: exim4.
Apr 04 06:14:04 s41.mydomain.com systemd[1]: Reloaded exim4.service - LSB: exim Mail Transport Agent.
Apr 05 06:14:04 s41.mydomain.com systemd[1]: Reloading exim4.service - LSB: exim Mail Transport Agent...
Apr 05 06:14:04 s41.mydomain.com exim4[3553437]: Reloading exim4 configuration files: exim4.
Apr 05 06:14:04 s41.mydomain.com systemd[1]: Reloaded exim4.service - LSB: exim Mail Transport Agent.
root@s41:~# systemctl status dovecot --no-pager -l
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; preset: enabled)
Active: active (running) since Sat 2025-03-29 06:15:55 EDT; 1 week 0 days ago
Docs: man:dovecot(1)
https://doc.dovecot.org/
Process: 3553335 ExecReload=/usr/bin/doveadm reload (code=exited, status=0/SUCCESS)
Main PID: 2330010 (dovecot)
Status: "v2.3.19.1 (9b53102964) running"
Tasks: 6 (limit: 2228)
Memory: 16.2M
CPU: 16min 27.971s
CGroup: /system.slice/dovecot.service
├─2330010 /usr/sbin/dovecot -F
├─2330013 dovecot/anvil
├─3553392 dovecot/log
├─3553801 dovecot/config
├─3553802 dovecot/stats
└─3553804 dovecot/auth
Apr 01 06:14:03 s41.mydomain.com systemd[1]: Reloading dovecot.service - Dovecot IMAP/POP3 email server...
Apr 01 06:14:03 s41.mydomain.com systemd[1]: Reloaded dovecot.service - Dovecot IMAP/POP3 email server.
Apr 02 06:14:03 s41.mydomain.com systemd[1]: Reloading dovecot.service - Dovecot IMAP/POP3 email server...
Apr 02 06:14:03 s41.mydomain.com systemd[1]: Reloaded dovecot.service - Dovecot IMAP/POP3 email server.
Apr 03 06:14:04 s41.mydomain.com systemd[1]: Reloading dovecot.service - Dovecot IMAP/POP3 email server...
Apr 03 06:14:04 s41.mydomain.com systemd[1]: Reloaded dovecot.service - Dovecot IMAP/POP3 email server.
Apr 04 06:14:03 s41.mydomain.com systemd[1]: Reloading dovecot.service - Dovecot IMAP/POP3 email server...
Apr 04 06:14:03 s41.mydomain.com systemd[1]: Reloaded dovecot.service - Dovecot IMAP/POP3 email server.
Apr 05 06:14:04 s41.mydomain.com systemd[1]: Reloading dovecot.service - Dovecot IMAP/POP3 email server...
Apr 05 06:14:04 s41.mydomain.com systemd[1]: Reloaded dovecot.service - Dovecot IMAP/POP3 email server.
root@s41:~# systemctl status exim4 --no-pager -l
○ exim4.service - LSB: exim Mail Transport Agent
Loaded: loaded (/etc/init.d/exim4; generated)
Active: inactive (dead) since Sun 2025-04-06 03:28:45 EDT; 20s ago
Duration: 1w 21h 12min 49.228s
Docs: man:systemd-sysv-generator(8)
Process: 2330067 ExecStart=/etc/init.d/exim4 start (code=exited, status=0/SUCCESS)
Process: 3553437 ExecReload=/etc/init.d/exim4 reload (code=exited, status=0/SUCCESS)
Process: 3700769 ExecStop=/etc/init.d/exim4 stop (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 2228)
Memory: 30.8M
CPU: 3min 36.572s
CGroup: /system.slice/exim4.service
└─3700473 /usr/sbin/exim4 -bd -q30m
Apr 04 06:14:04 s41.mydomain.com systemd[1]: Reloaded exim4.service - LSB: exim Mail Transport Agent.
Apr 05 06:14:04 s41.mydomain.com systemd[1]: Reloading exim4.service - LSB: exim Mail Transport Agent...
Apr 05 06:14:04 s41.mydomain.com exim4[3553437]: Reloading exim4 configuration files: exim4.
Apr 05 06:14:04 s41.mydomain.com systemd[1]: Reloaded exim4.service - LSB: exim Mail Transport Agent.
Apr 06 03:28:45 s41.mydomain.com systemd[1]: Stopping exim4.service - LSB: exim Mail Transport Agent...
Apr 06 03:28:45 s41.mydomain.com exim4[3700769]: Stopping MTA: exim4_listener.
Apr 06 03:28:45 s41.mydomain.com systemd[1]: exim4.service: Deactivated successfully.
Apr 06 03:28:45 s41.mydomain.com systemd[1]: exim4.service: Unit process 3700473 (exim4) remains running after unit stopped.
Apr 06 03:28:45 s41.mydomain.com systemd[1]: Stopped exim4.service - LSB: exim Mail Transport Agent.
Apr 06 03:28:45 s41.mydomain.com systemd[1]: exim4.service: Consumed 3min 36.572s CPU time.
root@s41:~# systemctl status dovecot --no-pager -l
○ dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; preset: enabled)
Active: inactive (dead) since Sun 2025-04-06 03:28:45 EDT; 26s ago
Duration: 1w 21h 12min 48.191s
Docs: man:dovecot(1)
https://doc.dovecot.org/
Process: 2330010 ExecStart=/usr/sbin/dovecot -F (code=exited, status=0/SUCCESS)
Process: 3553335 ExecReload=/usr/bin/doveadm reload (code=exited, status=0/SUCCESS)
Process: 3700714 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
Main PID: 2330010 (code=exited, status=0/SUCCESS)
Status: "Dovecot stopped"
CPU: 16min 28.057s
Apr 03 06:14:04 s41.mydomain.com systemd[1]: Reloading dovecot.service - Dovecot IMAP/POP3 email server...
Apr 03 06:14:04 s41.mydomain.com systemd[1]: Reloaded dovecot.service - Dovecot IMAP/POP3 email server.
Apr 04 06:14:03 s41.mydomain.com systemd[1]: Reloading dovecot.service - Dovecot IMAP/POP3 email server...
Apr 04 06:14:03 s41.mydomain.com systemd[1]: Reloaded dovecot.service - Dovecot IMAP/POP3 email server.
Apr 05 06:14:04 s41.mydomain.com systemd[1]: Reloading dovecot.service - Dovecot IMAP/POP3 email server...
Apr 05 06:14:04 s41.mydomain.com systemd[1]: Reloaded dovecot.service - Dovecot IMAP/POP3 email server.
Apr 06 03:28:43 s41.mydomain.com systemd[1]: Stopping dovecot.service - Dovecot IMAP/POP3 email server...
Apr 06 03:28:45 s41.mydomain.com systemd[1]: dovecot.service: Deactivated successfully.
Apr 06 03:28:45 s41.mydomain.com systemd[1]: Stopped dovecot.service - Dovecot IMAP/POP3 email server.
Apr 06 03:28:45 s41.mydomain.com systemd[1]: dovecot.service: Consumed 16min 28.057s CPU time.
Since this is a public forum, I hope you don’t mind tooo much that I’m anonymizing the entries:
==> /var/log/hestia/error.log <==
2025-04-04 03:43:20 v-list-dns-domain 'woze' 'webmail.sub.domain.tld' 'plain' [Error 3]
2025-04-04 03:43:20 v-list-dns-domain 'woze' 'webmail.sub.domain.tld' 'plain' [Error 3]
2025-04-04 03:43:20 v-add-dns-domain 'woze' 'webmail.sub.domain.tld' 'nn.nnn.nnn.nn' 'ns1.domain.tld' 'ns2.domain.tld' '' '' '' '' '' '' 'no' 'no' [Error 2]
2025-04-05 03:32:25 v-add-web-domain-stats '' [Error 1]
2025-04-05 03:33:01 v-add-web-domain-stats 'woze' 'sub.domain.tld' 'awstats' [Error 2]
2025-04-05 03:41:09 v-add-web-domain-stats 'woze' 'sub.domain.tld' 'awstats' [Error 2]
2025-04-05 03:47:23 v-add-web-domain-stats 'woze' 'sub.domain.tld' 'awstats' [Error 2]
2025-04-05 03:52:43 v-add-web-domain-stats 'woze' 'domain.tld' 'awstats' [Error 2]
2025-04-05 03:52:53 v-add-web-domain-stats 'woze' 'sub.domain.tld' 'awstats' [Error 2]
2025-04-05 03:53:29 v-add-web-domain-stats 'admin' 'sub.domain.tld' 'awstats' [Error 2]
==> /var/log/hestia/system.log <==
2025-04-06 02:15:04 v-update-mail-domains-disk 'username1'
2025-04-06 02:15:04 v-update-databases-disk 'username1'
2025-04-06 02:15:04 v-update-user-disk 'domain1.com'
2025-04-06 02:15:04 v-update-web-domains-disk 'domain1.com'
2025-04-06 02:15:05 v-update-mail-domains-disk 'domain1.com'
2025-04-06 02:15:05 v-update-databases-disk 'domain1.com'
2025-04-06 02:15:05 v-update-user-disk 'username2'
2025-04-06 02:15:05 v-update-web-domains-disk 'username2'
2025-04-06 02:15:05 v-update-mail-domains-disk 'username2'
2025-04-06 02:15:05 v-update-databases-disk 'username2'
2025-04-06 02:15:05 v-update-user-disk 'domain2.com'
2025-04-06 02:15:05 v-update-web-domains-disk 'domain2.com'
2025-04-06 02:15:05 v-update-mail-domains-disk 'domain2.com'
2025-04-06 02:15:05 v-update-databases-disk 'domain2.com'
2025-04-06 03:25:55 v-add-firewall-chain 'MAIL'
2025-04-06 03:25:55 v-add-firewall-ban '211.186.220.42' 'MAIL'
2025-04-06 03:28:45 v-stop-service 'dovecot'
2025-04-06 03:28:45 v-stop-service 'exim4'
2025-04-06 03:29:28 v-start-service 'dovecot'
2025-04-06 03:29:28 v-start-service 'exim4'
# v-list-sys-config json | jq -r '.[]|.STATS_SYSTEM'
awstats
but that’s after I used the oh-look-at-that drop-box to enable it…
FWIW, since the previous time I started a thread here, I scrapped the Debian 11 system that had become a little questionable, and started over from scratch last year with Deb12. The system seems a-ok (but what do I know?). The goofy green indicator is the only anomaly I’ve noticed, and it began occurring several Hestia revisions ago.
Exim4 service is stopped but the main process is not.
exim4.service - LSB: exim Mail Transport Agent
Loaded: loaded (/etc/init.d/exim4; generated)
Active: inactive (dead) since Sun 2025-04-06 03:28:45 EDT; 20s ago
[...]
CGroup: /system.slice/exim4.service
└─3700473 /usr/sbin/exim4 -bd -q30m
Hestia is still detecting this Exim4 process and it marks the service as running.
I don’t know the reason Exim4 is not stopping, you could check the exim4 logs.
Try to stop it again:
systemctl stop exim4
If it’s still running, kill the process (check that 3700473 is the pid for the current exim4 process) :
kill 3700473
or
kill -9 3700473
Thank you once again. fwiw, ~weirdness w/apparent success:
sahsanu:
systemctl stop exim4
root@s41:~# systemctl stop exim4
root@s41:~# systemctl status exim4 --no-pager -l
root@s41:~# kill 3802822
root@s41:~# ps -e | grep exim4
root@s41:~# systemctl status exim4 --no-pager -l
(zero uptime for iptables always seems to be the norm[?])
1 Like
not sure how much diff it might make, but it seems like my mail server is under near-constant bombardment (~100 bogus queries per second) from the same IPaddr show up in /var/log/exim4/rejectlog, then again from a different IPaddr seconds later (with no overlap), usually blacklisted by spamcop/spamhaus but still logged, and ignored by fail2ban) by 1 or more bot armies.
permaban (thank you!) helps some, but it’s ~impossible to keep up…
Welcome to the grand adventure of hosting your own mail server
Are you using any block list? I recommend to add at least the block list script provided by Hestia (/usr/local/hestia/install/common/firewall/ipset/blacklist.sh) as the source of an ipset. Once done, add a firewall rule to DROP all traffic from that ipset.
I used Hestia webUI /list/firewall/ipset to “Add IP list”, named it “blacklist”, selected it from top of pull-down menu, Saved… .
Not being sure how to do that (I love eamples…), I found past primo instructions for permaban , but thought it would be a good idea to check back w/you before trying to follow instruction. My guess:
# v-add-firewall-rule DROP ipset:blacklist 0 TCP "BLACKLIST"
yes?
Yes, that’s correct.
You can also add it via the Web UI:
So, I did the CLI, seemed fine, but to complete my learning experience I decided to see the Web UI, BUT IT WILL NOT LOAD IN MY BROWSER! NO HESTIACP PAGES WILL! The connection (attempt) times out.
Since my connnections come from a shared cloud exit point (Tor), that’s not totally inexplicable. But it might make this solution unusable for me.
WORSE, I find myself unable to fix it:
root@s41:~# v-add-firewall-rule DROP ipset:blacklist 0 TCP “BLACKLIST”
root@s41:~# v-list-firewall-rule 2
root@s41:~# v-list-firewall-rule BLACKLIST
root@s41:~# v-list-firewall-rule blacklist
root@s41:~# v-delete-firewall-rule BLACKLIST
root@s41:~# v-delete-firewall-rule blacklist
root@s41:~# v-delete-firewall-rule ipset:blacklist
Show the output of v-list-firewall
RULE ACTION PROTO PORT IP SPND DATE
---- ------ ----- ---- -- ---- ----
1 ACCEPT ICMP 0 0.0.0.0/0 no 2014-09-16
2 ACCEPT TCP 8888 0.0.0.0/0 no 2014-05-25
3 ACCEPT TCP 143,993 0.0.0.0/0 no 2014-05-25
4 ACCEPT TCP 110,995 0.0.0.0/0 no 2014-05-25
5 ACCEPT TCP 25,465,587 0.0.0.0/0 no 2018-11-07
6 ACCEPT TCP 53 0.0.0.0/0 no 2014-05-25
7 ACCEPT UDP 53 0.0.0.0/0 no 2014-05-25
8 DROP TCP 21,12000-12100 0.0.0.0/0 no 2024-12-20
9 ACCEPT TCP 80,443 0.0.0.0/0 no 2014-09-24
10 ACCEPT TCP 7777 0.0.0.0/0 no 2014-09-16
11 DROP TCP 0 ipset:permaban no 2024-10-30
12 DROP TCP 0 ipset:blacklist no 2025-04-06
v-delete-firewall-rule 12
, thank you very much. 
