Zimbra

sjobeck · #1 (**permalink**) 08-07-2007, 12:41 AM

Hi, all, thanks for great forum for such great software. Love it.

We move our SSH daemon to a non-standard port just to slow the kiddies down just an extra hair bit so that their port scans trip or bots so we know theyre out theyre poking at us, anyway, when doing so it breaks the mail queues since they connect to the machine via SSH. How does one tweak the mail queues config' so it connects to the machine on our SSH
port? and or via another method other than SSH?

Thanks much.

Jason Sjobeck
The Sjöbeck Company LLC > Homepage > Portland, Oregon, US > Asterisk Consultants

randall · #2 (**permalink**) 09-04-2007, 08:36 AM

This might be a late reply.

But this maybe able to help you.

Mail Queue Monitoring - ZimbraWiki

Let me know if this solves your problem.

sjobeck · #3 (**permalink**) 09-05-2007, 10:32 PM

Thanks very much. That is the thread I missed & the one I need. I ran the command to change it to port 22222, and it gave me an error about my IMAP SSL and IMAP SSL Proxy conflicting, so I corrected that by following the advice on the forums site about configuring ports in perdition, putting the IMAP Proxy on 993 & the real IMAP port on 7993. Then I restarted everything using zmcontrol stop && zmcontrol start. Then tried to view the queues in the portal & I get this:

Message: system failure: exception during auth {RemoteManager: jefferson.cascadetelephony.com->zimbra@jefferson.cascadetelephony.com:22222}
Error code: service.FAILURE
Method: ZmCsfeCommand.prototype.invoke
Details:soap:Receiver

2. I also see that my commercial SSL cert' is no longer in use but the default Zimbra cert' is back to being in use. I wonder why this happened? I will have to re-do my steps of installing my cert'. Shucks. Damn.

Any advice on the above error output about using port 22222 is most appreciated.

Thanks much.

Jason Sjobeck

sjobeck · #4 (**permalink**) 09-06-2007, 12:41 AM

So ....... hmmmmmm ....... I seem to
have borked this thing pretty good right now. I fussed with some port numbers as spelled-out here:

Configuring Perdition - ZimbraWiki

and am now not able to connect to IMAP4s so checked the listening ports & sure enough, it is listening on the ports the old proaxy was configured to listen on, but not the default ports for imap & pop. When I try to change those, I get this:

[zimbra@jefferson conf]$ zmprov ms jefferson.cascadetelephony.com zimbraPop3BindPort 110 zimbraImapBindPort 143 zimbraPop3SSLBindPort 995 zimbraImapSSLBindPort 993
ERROR: service.INVALID_REQUEST (invalid request: port 993 conflict between zimbraImapSSLBindPort and zimbraImapSSLProxyBindPort on server jefferson.cascadetelephony.com)
[zimbra@jefferson conf]$

I wonder why it wont "take" my change. When I run this:

[root@jefferson conf]# /opt/zimbra/bin/zmprov ms jefferson.cascadetelephony.com zimbraPop3ProxyBindPort "" zimbraImapProxyBindPort "" zimbraPop3SSLProxyBindPort "" zimbraImapSSLProxyBindPort ""

For reference, I am seeing this right now:
[zimbra@jefferson conf]$ zmprov getServer jefferson.cascadetelephony.com | grep -i port
zimbraAdminPort: 7071
zimbraImapBindPort: 7143
zimbraImapProxyBindPort: 143
zimbraImapSSLBindPort: 7993
zimbraImapSSLProxyBindPort: 993
zimbraLmtpBindPort: 7025
zimbraMailPort: 8080
zimbraMailSSLPort: 4443
zimbraNotifyBindPort: 7035
zimbraNotifySSLBindPort: 7036
zimbraPop3BindPort: 7110
zimbraPop3ProxyBindPort: 110
zimbraPop3SSLBindPort: 7995
zimbraPop3SSLProxyBindPort: 995
zimbraRemoteManagementPort: 22222
zimbraSmtpPort: 25

Any and all advice is greatly appreciated. Thanks for the advice on getting imap & pop back to the default ports. I still need to repair my commercial cert', I suppose, once I do, but that is livable considering this mess I made.

randall · #5 (**permalink**) 09-06-2007, 01:40 AM

Quote:

[root@jefferson conf]# /opt/zimbra/bin/zmprov ms jefferson.cascadetelephony.com zimbraPop3ProxyBindPort "" zimbraImapProxyBindPort "" zimbraPop3SSLProxyBindPort "" zimbraImapSSLProxyBindPort ""

I believe you have to run this as zimbra user....

sjobeck · #6 (**permalink**) 09-06-2007, 09:33 AM

Randall: yes, thanks for the possible tip, I did try running it both as root (as you correct caught) and as zimbra, no difference.

All: I ought to note that I am perfectly fine with running the perdition/proxy in front of imap & pop if I can get it to work. But, I cant seem to get that to work either. In fact, the more I go down this path, the more I think I would like to run the proxy, so perhaps I am in need of a push down a different path. Let me rephrase please. How can I get this to work with perdition/proxy on the port's default ports and the real ports over to 7### & get everything to work? It seems I did have it configured this way once but it would not successfully authenticate any of the remote users (most of whom are using Mail.app on Apple). When I hit that authentication issue, perhaps I ought to have forged ahead there & figured that out, instead I thought it was a misconfiguration around these issues & so I un-did it.

sjobeck · #7 (**permalink**) 09-06-2007, 09:44 AM

oh, I get it now, I stopped using the imap proxy and went back to using just straight imap, which is bound to another cert' than the one I configured, since the cert' I configured was for perdition. So, that's why the user's starting seeing the factory default installed cert' when I stopped perdition. Makes perfect sense now, but I just had to walk my way through it once to wrap my brain around it. Nothing to see here, please move on, just some guy talking to himself, please move on.

Thanks.

sjobeck

sjobeck · #8 (**permalink**) 09-07-2007, 12:01 PM

Just for completness, I have moved the rest of the issues from this thread to here:

I broke IMAP authentication

Zimbra

Downloads

Product Information

Toolbox

Why Join?