[SOLVED] mail queue error in web admin ui

[NoDoze]

ok, killed the process, however the IP was already automatically banned by the firewall....

[NoDoze]

Quote:

I your system was changing the :22 to :ssh

How do I change it back?

[NoDoze]

OK....

Change the ssh port with this:

Quote:

zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 2222

Added this:

Quote:

AllowUsers admin zimbra

Quote:

lsof -i | grep ssh
sshd 19598 root 3u IPv6 2167219 TCP mail.domain.com:2222->192.168.1.191:53437 (ESTABLISHED)
sshd 20011 root 3u IPv6 2168932 TCP *:2222 (LISTEN)

Restarted ssh, refreshed web admin ui...

....still get same error...

[danny.sierra@omtech.net]

This might do the trick:


as zimbra user:

zmsshkeygen

zmupdateauthkeys


zmprov ms mail.example.com zimbraRemoteManagementPort <ssh port>


zmcontrol stop/start/status

[ArcaneMagus]

If you read earlier in the thread danny.sierra you will see that that was already tried and it didn't solve the issue.

Nodoze did you find anything in the mentioned /var/log/secure? If you don't have that file (I don't on Ubuntu) you might try /var/log/auth.log.

[NoDoze]

Sorry it took me so long to get back to you, had to deal with some other server issues...

my secure.log has this....

Quote:

Nov 9 09:51:58 mail sshd[13188]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Nov 9 09:51:58 mail sshd[13190]: fatal: Access denied for user zimbra by PAM account configuration
Nov 9 09:52:51 mail sudo: zimbra : TTY=unknown ; PWD=/usr/libexec/webmin/cron ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Nov 9 09:52:51 mail sudo: zimbra : TTY=unknown ; PWD=/usr/libexec/webmin/cron ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmtastatus

What does it mean?

[ArcaneMagus]

Hmm... are user accounts on this server accessed via LDAP or the local users file? It looks like when Zimbra tries to open a ssh connection to itself it is getting an access denied by your PAM configuration.

Try running this command as the zimbra user and see what you get. It should look like this:

Code:

zimbra@email:~$ ssh -p 12345 -i /opt/zimbra/.ssh/zimbra_identity localhost
The authenticity of host '[localhost]:12345 ([127.0.0.1]:12345)' can't be established.
RSA key fingerprint is 95:fa:10:74:ee:58:2f:56:03:f9:4c:85:cd:d8:f1:89.
Are you sure you want to continue connecting (yes/no)?

Also... looks like we both forgot that you already posted your /var/log/secure.log right here

[NoDoze]

Well... while you were posting I did this:

Quote:

su - zimbra
then run
ssh-keygen -t dsa

Choose to save the generated keys at /opt/zimbra/.ssh/zimbra_identity
do not give it a password

then edit your /opt/zimbra/.ssh/authorized_keys file to use the text that is in the /opt/zimbra/.ssh/zimbra-identity.pub file. it replaces the old key text.

that will permit zimbra to run remote ssh

From: [SOLVED] ZCS 5.0.1 and admin console problems (SSH?)

But still get the same error...I dunno if I have to restart the server to make it in effect...?

I did:

Quote:

ssh -p 22 -i /opt/zimbra/.ssh/zimbra_identity localhost

and got:

Quote:

The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is af:06:44:4f:5c:ff:c9:19:02:99:34:a9:f3:08:ab:9e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Connection closed by 127.0.0.1

Second try I got only:

Quote:

Connection closed by 127.0.0.1

refeshed the browser, I still get the same error...

[ArcaneMagus]

It looks like the script that it is running is /opt/zimbra/libexec/zmqstat, what do you get when you run that as root?

This is what I get:

Code:

root@email:~# /opt/zimbra/libexec/zmqstat
hold=0
corrupt=0
deferred=0
active=0
incoming=0

[NoDoze]

Got the same thing:

Quote:

[root@mail /]# /opt/zimbra/libexec/zmqstat
hold=0
corrupt=0
deferred=1
active=0
incoming=0