[SOLVED] What does it mean this Warn!

[Dirk]

I've had nothing but fail when working with dual NIC systems, I'd suggest dropping the second interface and using a port forward at your firewall to allow external access, although there may be operational reasons why you cant do this.

[samesisa]

HI another time,

I solved this error

Quote:

Originally Posted by samesisa

ArcaneMagus
... i found this log on my gateway.

Code:

Oct 23 12:41:12 gateway kernel: martian source isp-gateway from my-gateway, on dev eth1
Oct 23 12:41:12 gateway kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:56:7f:5a:4d:08:06

For every 20 minuts the msnservice break down, downloads crashes and connections outside of our lan fails when this succes.

Maybe i have bad configuration on our gateway.

I shutdown one service of our GW that send to broadcast arp messages. I found that this service had the MAC address 00:50:56:7f:5a:4d (Is VMotion and IPStorage Service from ESXi4 Server. In this server we have one virtual machine that one of his functions is to play the role of a gateway of our lan.)

I think that i should reconfigure the firewall of our gateway too. I'm now at the same point of first post in this thread.

Quote:

Originally Posted by samesisa

Hi,
Recently we have temporary mistake. We can't login on Zimbra's server. Our clients insert the correct username and password and Zimbra ask this fields again.

Some advice?
We have some logs/info from Zimbra server that the last time. I don't understand what kind of problems can entails configure two interfaces with Zimbra. Before Zimbra we have another mail server using this configuration; one public and private interface's. And running fine several years. We work with Zimbra since of May/2008 wihtout problems using this network configuration until now.


Thanks for your time.

[samesisa]

I found this messages when have the mistake. All services are running but i see that in /var/log/messages

Code:

Oct 30 09:00:57 mail saslauthd[28351]: zmauth: authenticating against elected url 'https://mail.mydomain.com:7071/service/admin/soap/' ...
Oct 30 09:00:57 mail saslauthd[28351]: zmpost: url='https://mail.mydomain.com:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"/></soap:Header><soap:Body><soap:Fault><soap:Code><soap:Value>soap:Receiver</soap:Value></soap:Code><soap:Reason><soap:Text>system failure: getDirectContext</soap:Text></soap:Reason><soap:Detail><Error xmlns="urn:zimbra"><Code>service.FAILURE</Code><Trace>btpool0-51:1256889657720:2fa0d5deaf1cbbdf</Trace></Error></soap:Detail></soap:Fault></soap:Body></soap:Envelope>', hti->error=''
Oct 30 09:00:57 mail saslauthd[28351]: auth_zimbra: user auth failed: system failure: getDirectContext

When this was hapenning can't login on Zimbra's server. Our clients insert the correct username and password and Zimbra ask this fields again. We can't send mails.

I have the same warn on /opt/zimbra/log/mailbox.log

Code:

2009-10-30 08:54:24,612 INFO  [MailboxPurge] [name=user@mydomain.com;mid=126;] purge - Purging messages.
2009-10-30 08:54:25,152 WARN  [MailboxPurge] [name=user@mydomain.com;mid=126;] purge - Unable to purge mailbox 126
com.zimbra.common.service.ServiceException: system failure: getDirectContext
ExceptionId:MailboxPurge:1256889265141:2fa0d5deaf1cbbdf
Code:service.FAILURE
        at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:253)
        at com.zimbra.cs.account.ldap.LdapUtil.getDirContext(LdapUtil.java:253)
        at com.zimbra.cs.account.ldap.LdapUtil.getDirContext(LdapUtil.java:238)
        at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrsInternal(LdapProvisioning.java:279)
        at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrs(LdapProvisioning.java:263)
        at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrs(LdapProvisioning.java:244)
        at com.zimbra.cs.account.Provisioning.modifyAttrs(Provisioning.java:1543)
        at com.zimbra.cs.mailbox.PurgeThread.saveLastPurgedId(PurgeThread.java:204)
        at com.zimbra.cs.mailbox.PurgeThread.run(PurgeThread.java:135)
Caused by: javax.naming.CommunicationException: mail.mydomain.com:389 [Root exception is java.net.ConnectException: Connection refused]
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:197)
        at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
        at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
        at com.zimbra.cs.account.ldap.LdapUtil.getDirContext(LdapUtil.java:246)
        ... 7 more
Caused by: java.net.ConnectException: Connection refused
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
        at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
        at java.net.Socket.connect(Socket.java:519)
        at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at com.sun.jndi.ldap.Connection.createSocket(Connection.java:336)
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:184)
        ... 20 more

Can be a bug??
SMTP authentication failed

[samesisa]

Quote:

Originally Posted by ArcaneMagus

The error that you have posted above is saying that it can't connect to the LDAP server. What is the output of `zmcontrol status`?

I'am focus with this:

Quote:

Originally Posted by samesisa

warn on /opt/zimbra/log/mailbox.log

Code:

Caused by: javax.naming.CommunicationException: mail.mydomain.com:389 [Root exception is java.net.ConnectException: Connection refused]

Why LDAP Server refuse those connections??+

mail:~ # netstat -anp | grep -i listen | grep 389
tcp 0 0 127.0.0.1:389 0.0.0.0:* LISTEN -

When run zmcontrol status, all services are running.
Exists one log specific for LDAP service??

If i restart the service using zmcontrol stop & zmcontrol start we can send mails again.

[phoenix]

Quote:

Originally Posted by samesisa

Why LDAP Server refuse those connections??+

mail:~ # netstat -anp | grep -i listen | grep 389
tcp 0 0 127.0.0.1:389 0.0.0.0:* LISTEN -

That is incorrect, it should be listening on your LAN IP address not the loopback adapter, you probably have an problem with your DNS or hosts file.

[veronica]

> Why LDAP Server refuse those connections??+

> mail:~ # netstat -anp | grep -i listen | grep 389
> tcp 0 0 127.0.0.1:389 0.0.0.0:* LISTEN -

> When run zmcontrol status, all services are running.

It doesnt mean i your services are running everything is fine.

Try doing this from remote machine :-

telnet mail.yourdomain.com 389

Question is not what your host file has entry rather what does this name resolves to using DNS.

[samesisa]

I edit /etc/hosts file:

Code:

127.0.0.1       localhost.mydomain.com localhost
IP_PRIVATE   mail.mydomain.com mail
IP_PUBLIC    mail.mydomain.com

And modify some registrys of our internal DNS server. Now listen on:

Code:

mail:~ # netstat -anp | grep -i listen | grep 389
tcp        0      0 IP_PRIVATE:389       0.0.0.0:*               LISTEN      -

Today zimbra works fine, without smtp auth. fails. I tested this:

Code:

server:/ # telnet IP_PUBLIC 389
Trying IP_PUBLIC...
telnet: connect to address IP_PUBLIC: Connection refused

server:/ # telnet IP_PUBLIC 389
Trying IP_PRIVATE...
Connected to IP_PRIVATE.
Escape character is '^]'.

If we resolve the mail.mydomain.com from our LAN obtain IP_PRIVATE, for external DNS's resolve IP_PUBLIC. The Zimbra server work with DNS of our ISP like as external DNS servers.

Code:

mail:~ # nslookup mail.mydomaine.com
Server:         80.58.61.250
Address:        80.58.61.250#53

Non-authoritative answer:
Name:   mail.gruposame.com
Address: IP_PUBLIC

[phoenix]

You should remove your public IP from the hosts file, it's incorrect to have that in there as well as the LAN IP. Is this server on a LAN and or does it sit behind a firewall?

[samesisa]

The server have 2 interfaces. One of them is private for users working in our office and the other is for the rest of employees that are working out of the office.

Isn't behind firewall, this have SLES 10 and use his own firewall. Suse distributions have preconfigured firewall. I can remove our public IP from hosts file but i don't know it this can carry some problem.

[phoenix]

Quote:

Originally Posted by samesisa

Isn't behind firewall, this have SLES 10 and use his own firewall. Suse distributions have preconfigured firewall. I can remove our public IP from hosts file but i don't know it this can carry some problem.

It's not advised to have a firewall running on the Zimbra server. Your Zimbra server is, however, behind a firewall whether it's on the same server or not. You should remove the public IP from the hosts file, pass the correct ports through the firewall to the private LAN IP and there should be no problems if your LAN IP can be resolved by a LAN DNS server.