[SOLVED] zmtlsctl broke install

[babytof]

Hi all,
Since yesterday my Zimbra installation was working fine. I want to free port 80 so I run a:

Code:

su - zimbra
zmtlsctl https
zmcontrol stop
zmcontrol start

but since that, all incoming email go to the deferred queue. Looking in logs I got:

Code:

, relay=127.0.0.1[127.0.0.1]:10024, delay=9604, delays=9603/0.03/0.01/0.01, dsn=4.4.2, status=deferred (lost connecti
on with 127.0.0.1[127.0.0.1] while sending RCPT TO)
 postfix/qmgr[9441]: warning: connect to transport retry: No such file or directory
May 22 10:28:53 nsXXXX postfix/qmgr[9441]: warning: connect to transport retry: No such file or directory

cat /etc/shadow:

Code:

zimbra::14014:0:99999:7:::

trying to log through ssh:

Code:

root@ns:~# su - zimbra
zimbra@nsXXXX:~$ ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@nsXXXXX..XXX.XX
OpenSSH_4.2p1 Debian-7ubuntu3.1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to nsXXXX.XX.XX [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file .ssh/zimbra_identity type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 Debian-7ubuntu3.1
debug1: match: OpenSSH_4.2p1 Debian-7ubuntu3.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu3.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'nsXXX.XX.XX' is known and matches the RSA host key.
debug1: Found key in /opt/zimbra/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/zimbra_identity
debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.

ERROR: Invalid hostlist
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to nsXX.XX.XX closed.
debug1: Transferred: stdin 0, stdout 0, stderr 39 bytes in 4.8 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 8.2
debug1: Exit status 1

I then try to revert back with a "zmtlsctl http" but still got the problem.

version:

Code:

Release 5.0.5_GA_2201.UBUNTU6 UBUNTU6 NETWORK edition

Can someone help me that ?

[uxbod]

Welcome to the forums

As you have changed the web server mode you may need to fix the SMTP authentication aswell :- SMTP Auth Problems - Zimbra :: Wiki

[babytof]

Yes I already read that

Code:

zimbra@nsXX:~$ zmprov getServer nsXX.XX | grep Auth
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: nsXX.XX
zimbraMtaAuthTarget: TRUE
zimbraMtaAuthURL: https://nsXX.XX/service/soap/
zimbraMtaTlsAuthOnly: TRUE
zimbra@nsXX:~$ zmprov getServer nsXXXX | grep Mode
zimbraBackupMode: Standard
zimbraMailMode: https
zimbraMailReferMode: wronghost
zimbraReverseProxyImapStartTlsMode: only
zimbraReverseProxyPop3StartTlsMode: only

Thanks for your help

[babytof]

What type of return should I get with :

Code:

root@ns:~# su - zimbra
zimbra@nsXXXX:~$ ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@nsXXXXX..XXX.XX

Exploring in verbose mode it seems to me that I've not an authentication problem but I get no bash login prompt. The process wait until I send a character and then exit with "connection close"

It that correct behavior ?

Thanks

[babytof]

after lots of researchs and tests I can't find a way to have a stable zimbra install. Sometimes emails are received correctly, sometimes they get stucks in the deferred queue. It seems that it depends mainly on the AV/AS config: sometimes I need to disable AS to receive email, sometimes not !
One constant: I found that everytime email works I have a "relay=mon.serveur[XX.XX.XX.XX]:7025" line in zimbra.log and a "relay=127.0.0.1[127.0.0.1]:10024" when they are deferred.
I'm not sure if internal communication should be on the public IP or the internal 127.0.0.1.

Any clue on that ?

Thanks a lot for helping

[uxbod]

Amavis should be communicating on the localhost address. If you are getting deferred messages then you need to check your DNS setup. Please provide the following

Code:

cat /etc/hosts
cat /etc/resolv.conf
dig _domainname_ mx
dig _domainname_ any
host `hostname` <- note backticks and not double quotes

[babytof]

Thanks for your help, here is what you ask for:

root@ns38128:~# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
91.121.11.58 ns38128.ovh.net ns38128 mail mail.ns38128.ovh.net maprofession.com
# The following lines are desirable for IPv6 capable hosts
#(added automatically by netbase upgrade)
::1 ip6-localhost ip6-loopback
feo0::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
root@ns38128:~# cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver 91.121.11.58
nameserver 213.186.33.99
root@ns38128:~# dig maprofession.com mx

; <<>> DiG 9.3.2 <<>> maprofession.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60057
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;maprofession.com. IN MX

;; ANSWER SECTION:
maprofession.com. 86221 IN MX 1 ns38128.ovh.net.

;; AUTHORITY SECTION:
maprofession.com. 86215 IN NS dns11.ovh.net.
maprofession.com. 86215 IN NS ns11.ovh.net.

;; ADDITIONAL SECTION:
ns38128.ovh.net. 604800 IN A 91.121.11.58
ns11.ovh.net. 109560 IN A 213.251.128.130
dns11.ovh.net. 112765 IN A 213.251.188.130

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 28 09:23:15 2008
;; MSG SIZE rcvd: 152
root@ns38128:~# dig maprofession.com any

; <<>> DiG 9.3.2 <<>> maprofession.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29956
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;maprofession.com. IN ANY

;; ANSWER SECTION:
maprofession.com. 86200 IN MX 1 ns38128.ovh.net.
maprofession.com. 86194 IN NS ns11.ovh.net.
maprofession.com. 86194 IN NS dns11.ovh.net.
maprofession.com. 86194 IN A 91.121.20.26

;; AUTHORITY SECTION:
maprofession.com. 86194 IN NS dns11.ovh.net.
maprofession.com. 86194 IN NS ns11.ovh.net.

;; ADDITIONAL SECTION:
ns38128.ovh.net. 604800 IN A 91.121.11.58
ns11.ovh.net. 109539 IN A 213.251.128.130
dns11.ovh.net. 112744 IN A 213.251.188.130

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 28 09:23:36 2008
;; MSG SIZE rcvd: 196
root@ns38128:~# host `hostname`
ns38128.ovh.net has address 91.121.11.58
ns38128.ovh.net mail is handled by 10 mail.ns38128.ovh.net.

[uxbod]

Hmmm, your server is reporting its hostname as ns38128.ovh.net, with the primary MX for it being mail.ns38128.ovh.net. Therefore your hosts file should look like

Code:

127.0.0.1 localhost.localdomain localhost
91.121.11.58 mail.ns38128.ovh.net ns38128.ovh.net ns38128 mail

what is maprofession.com ? as the digs you have performed were against that domain and not ovh.net ?

[babytof]

ns38128.ovh.net is the name of the server
I need to manage mail for 2 domains and maprofession.com is the second domain. My tests where run on the maprofession.com domain, this is why I put the dig on that domain.

[uxbod]

Okay so your hosts file should look like

Code:

127.0.0.1 localhost.localdomain localhost
91.121.11.58 ns38128.ovh.net ns38128

you do not need to add maprofession.com into it, you just need a MX record for that domain which points to host ns38128.ovh.net. And then for the ovh.net domain you will require two records

Code:

IN MX 10 ns38128
ns38128 IN A 91.121.11.58

once these changes have been made run the same checks again and post please.