[SOLVED] mail queue error in web admin ui

[emmaylots]

Hi NoDoze,

Is ssh installed an running on your Server. You can do: "netstat -a | grep LISTEN" to see if port ssh is listening. Or rather do; "Telnet yourserveripaddress 22" from the machine from which you are trying to view the AdminPanel from.

Good luck..

[ArcaneMagus]

Samp try going through the steps shown in this part of the wiki: Regenerating Keys
This should regenerate your ssh keys, and will also show you steps to verify that they are working.

[NoDoze]

OMG! It never occurred to me that is a port 22!

Yea, I have SSH installed and working....BUT I created my own backup script which uses a ssh key to auto login to the backup server...I TOTALLY deleted the ssh key when creating a new one for the backup server, DUH! LOL

...I regenerated the keys... but still no luck...same error. Does the zimbra server need a restarting afterwords...?

Hmmmm.....

[NoDoze]

My /var/log/secure file says this:

Quote:

Oct 16 12:30:51 mail sshd[7651]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Oct 16 12:30:51 mail sshd[7654]: fatal: Access denied for user zimbra by PAM account configuration
Oct 16 12:33:23 mail sshd[7769]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Oct 16 12:33:23 mail sshd[7770]: fatal: Access denied for user zimbra by PAM account configuration
Oct 16 12:33:45 mail webmin[7867]: Successful login as root from 192.168.1.191
Oct 16 12:34:05 mail sshd[7943]: Accepted password for root from 192.168.1.191 port 50760 ssh2
Oct 16 12:34:05 mail sshd[7943]: pam_unix(sshd:session): session opened for user root by (uid=0)
Oct 16 12:38:53 mail su: pam_unix(su:session): session opened for user zimbra by root(uid=0)
Oct 16 12:47:47 mail sshd[9012]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Oct 16 12:47:47 mail sshd[9013]: fatal: Access denied for user zimbra by PAM account configuration
Oct 16 12:52:54 mail sshd[9358]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Oct 16 12:52:54 mail sshd[9359]: fatal: Access denied for user zimbra by PAM account configuration
Oct 16 13:01:18 mail sshd[5091]: Received SIGHUP; restarting.
Oct 16 13:01:18 mail sshd[9920]: Server listening on :: port 22.
Oct 16 13:01:18 mail sshd[9920]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Oct 16 13:03:32 mail sshd[10054]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Oct 16 13:03:32 mail sshd[10058]: fatal: Access denied for user zimbra by PAM account configuration

could that b the reason...?

[ArcaneMagus]

Yea that would be a problem, something is already listening to the port 22.

Code:

lsof | grep ":22"

should show you the process name and user at least...

[NoDoze]

Uhmmm... doin: lsof | grep ":22" ...comes up blank....

I login with ssh ok on port 22....so....?

LOL


...centos 5.3

[NoDoze]

On: Mail Queue Monitoring - Zimbra :: Wiki

I've done:
Regenerating Keys
Verifying sshd configuration
/etc/hosts.allow
Another cause, Zimbra account has been disabled

And still have the same error....

[ArcaneMagus]

Quote:

Originally Posted by NoDoze

Uhmmm... doin: lsof | grep ":22" ...comes up blank....

I login with ssh ok on port 22....so....?

LOL


...centos 5.3

Uh... you seem to have a talent for having bizarre things happen for you

Try this one?

Code:

lsof -i | grep ssh

If you can do so, I would also recommend rebooting the server. It might clear up whatever process is holding up the ssh daemon.

[NoDoze]

that worked!

Quote:

lsof -i | grep ssh
sshd 7943 root 3u IPv6 2089540 TCP mail.domain.com:ssh->192.168.1.191:50760 (ESTABLISHED)
sshd 9920 root 3u IPv6 2100808 TCP *:ssh (LISTEN)
sshd 17575 root 3u IPv6 2150646 TCP mail.domain.com:ssh->static-210-214-136-103.maa.sify.net:43591 (ESTABLISHED)
sshd 17576 sshd 3u IPv6 2150646 TCP mail.domain.com:ssh->static-210-214-136-103.maa.sify.net:43591 (ESTABLISHED)

Uhmmm... Do I have a hacker...???

WTF is this:

Quote:

static-210-214-136-103.maa.sify.net:43591

I dunno what IP that is....!?!

Did a lookup, got:

Quote:

IP address: 210.214.136.103
Host name: static-210-214-136-103.maa.sify.net

210.214.136.103 is from India(IN) in region Southern and Eastern Asia

[ArcaneMagus]

Ah ha, your system was changing the :22 to :ssh. And if you are connected locally (the 192.168.1.191 I am guessing), and nobody else should be connected then just maybe as you have 2 remote SSH connections coming into your server from outside. You might want to kill those processes and check what was going on...