Unable to send / receive mail.

[brucealeg]

OpenSUSE10.2 - ZCS 5.0.2_GA

I'll start by saying I think this is a cert issue, but I am not sure what's broke. A couple days ago I reissued the self signed cert via the admin console and restarted services and everything looked success. All was working wonderful. Today I noticed that a mail server forwarding mail to Zimbra was backing up. I checked the server and it looked at to me, but when I send mail I get the following error:

msg: system failure: MessagingException
code: service.FAILURE
method: ZmCsfeCommand.prototype.invoke
detail: soap:Receiver

The tail from mailbox log at that same time is:



2009-12-08 15:00:14,938 INFO [btpool0-7] [name=user;mid=9;ip=192.168.1.37;ua=ZimbraWebClient - FF3.0 (Linux)/5.0.0_GA_1869.openSUSE_10.2;] SendMsg - <SendMsg> LC(mbox=a120f126-e28f-45fa-b723-8c638f7ccbde, sessions=135)
2009-12-08 15:00:14,939 INFO [btpool0-7] [user;mid=9;ip=192.168.1.37;ua=ZimbraWebClient - FF3.0 (Linux)/5.0.0_GA_1869.openSUSE_10.2;] smtp - Sending message: Message-ID=<24826634.91260302414939.JavaMail.root@zimbra.p rivate.domain.com>, replyType=r
2009-12-08 15:00:14,988 INFO [btpool0-7] [name=user;mid=9;ip=192.168.1.37;ua=ZimbraWebClient - FF3.0 (Linux)/5.0.0_GA_1869.openSUSE_10.2;] mailbox - Added message: id=15983, digest=1kuI3BQBAYVqIKSwp9iB,y8dAgw=, folderId=5, folderName=Sent
2009-12-08 15:00:38,240 INFO [IndexWritersSweeperThread] [] index - open index writers sweep: before=2, closed=0, after=2 (0ms)
2009-12-08 15:00:38,792 INFO [Timer-3] [] SessionCache - Removed 2 idle sessions (SOAP). 28 active sessions remain.
2009-12-08 15:01:08,245 INFO [IndexWritersSweeperThread] [] index - open index writers sweep: before=2, closed=0, after=2 (0ms)

I saw some theads that had this issue and blamed the wed tool, so I used the following article to issue a self signed by hand. The page says my version is missing some commands and offered alternatives. I followed it and the show cert command seems to give me the right info. Before I finished I was unable to get into the SSL web admin page and after finishing and restarting the services I got right in.

I am able to login my mail account on the web tool (we don't use SSL for that) and see my inbox. I just get that error when sending and mail destined foer this mail server is backing up.

It made me thing my MTA may be the issue? It is started when I check running services and all services are up for that matter.

Any help is appreciated, this server is unusable right now.

Bruce

[brucealeg]

I tried the web tool again and when installing the cert it gives this error:

Your certificate was not installed due to the error : system failure: XXXXX ERROR: failed to create jetty.pkcs12

[brucealeg]

I did the command line again to make sure I didn't miss anything. Here is the output from the cert deployment showing it worked:

zimbra:/opt/zimbra/ssl/zimbra/server # /opt/zimbra/bin/zmcertmgr install self
** Installing Certificates from /opt/zimbra/ssl/zimbra/server/server.crt
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20091208153244
** Creating /opt/zimbra/conf/zmssl.cnf...done
** /opt/zimbra/ssl/zimbra/server/server.crt already exists.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Installing CA to /opt/zimbra/conf/ca...done.

[brucealeg]

<< ** /opt/zimbra/ssl/zimbra/server/server.crt already exists. >>

Is this the issue maybe?

[brucealeg]

I check /var/mail and got some more info. It looks cert related to me, not sure what fix is.

Dec 8 16:07:24 zimbra postfix/smtpd[23030]: warning: problem talking to service rewrite: Success
Dec 8 16:07:24 zimbra postfix/master[22571]: warning: process /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite pid 23034 exit status 1
Dec 8 16:07:24 zimbra postfix/master[22571]: warning: /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite: bad command startup -- throttling
Dec 8 16:07:25 zimbra postfix/smtpd[23036]: warning: 192.168.1.151: hostname messaging-200 verification failed: Name or service not known
Dec 8 16:07:25 zimbra postfix/smtpd[23036]: connect from unknown[192.168.1.151]
Dec 8 16:07:25 zimbra postfix/smtpd[23036]: setting up TLS connection from unknown[192.168.1.151]
Dec 8 16:07:25 zimbra postfix/smtpd[23036]: TLS connection established from unknown[192.168.1.151]: TLSv1 with cipher AES128-SHA (128/128 bits)
Dec 8 16:07:30 zimbra postfix/smtpd[23046]: warning: 192.168.1.151: hostname messaging-200 verification failed: Name or service not known
Dec 8 16:07:30 zimbra postfix/smtpd[23046]: connect from unknown[192.168.1.151]
Dec 8 16:07:30 zimbra postfix/smtpd[23046]: setting up TLS connection from unknown[192.168.1.151]
Dec 8 16:07:30 zimbra postfix/smtpd[23046]: TLS connection established from unknown[192.168.1.151]: TLSv1 with cipher AES128-SHA (128/128 bits)
Dec 8 16:08:02 zimbra postfix/smtpd[23234]: connect from zimbra[192.168.1.161]
Dec 8 16:08:06 zimbra zmmailboxdmgr[23335]: status requested
Dec 8 16:08:06 zimbra zmmailboxdmgr[23335]: status OK
Dec 8 16:08:25 zimbra postfix/trivial-rewrite[23416]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:08:25 zimbra postfix/trivial-rewrite[23416]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:08:25 zimbra postfix/trivial-rewrite[23416]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:08:25 zimbra postfix/trivial-rewrite[23416]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
Dec 8 16:08:25 zimbra postfix/trivial-rewrite[23417]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:08:25 zimbra postfix/trivial-rewrite[23417]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:08:25 zimbra postfix/trivial-rewrite[23417]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:08:25 zimbra postfix/trivial-rewrite[23417]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
Dec 8 16:08:25 zimbra postfix/trivial-rewrite[23418]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:08:25 zimbra postfix/trivial-rewrite[23418]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:08:26 zimbra postfix/smtpd[23030]: warning: problem talking to service rewrite: Success
Dec 8 16:08:26 zimbra postfix/master[22571]: warning: process /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite pid 23416 exit status 1
Dec 8 16:08:26 zimbra postfix/master[22571]: warning: /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite: bad command startup -- throttling
Dec 8 16:08:26 zimbra postfix/smtpd[23234]: warning: problem talking to service rewrite: Connection reset by peer
Dec 8 16:08:26 zimbra postfix/master[22571]: warning: process /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite pid 23417 exit status 1
Dec 8 16:08:26 zimbra postfix/smtpd[23036]: warning: problem talking to service rewrite: Connection reset by peer

[brucealeg]

I redid the whole cert process based on this thread:

[SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure

It looked like it was going to work and then it gave me this:

Dec 8 16:50:55 zimbra postfix/smtpd[7793]: warning: problem talking to service rewrite: Success
Dec 8 16:50:59 zimbra postfix/smtpd[7870]: connect from messaging-200[192.168.1.151]
Dec 8 16:50:59 zimbra postfix/smtpd[7870]: setting up TLS connection from messaging-200[192.168.1.151]
Dec 8 16:50:59 zimbra postfix/smtpd[7870]: TLS connection established from messaging-200[192.168.1.151]: TLSv1 with cipher AES128-SHA (128/128 bits)
Dec 8 16:51:04 zimbra postfix/smtpd[7950]: connect from messaging-200[192.168.1.151]
Dec 8 16:51:04 zimbra postfix/smtpd[7950]: setting up TLS connection from messaging-200[192.168.1.151]
Dec 8 16:51:04 zimbra postfix/smtpd[7950]: TLS connection established from messaging-200[192.168.1.151]: TLSv1 with cipher AES128-SHA (128/128 bits)
Dec 8 16:51:24 zimbra postfix/smtpd[7959]: connect from zimbra.com[192.168.1.161]
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7974]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7974]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7974]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7974]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7975]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7975]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7975]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7975]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7976]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7976]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7976]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7976]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7977]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:55 zimbra postfix/trivial-rewrite[7977]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:51:56 zimbra postfix/master[7498]: warning: process /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite pid 7974 exit status 1
Dec 8 16:51:56 zimbra postfix/master[7498]: warning: /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite: bad command startup -- throttling
Dec 8 16:51:56 zimbra postfix/smtpd[7818]: warning: problem talking to service rewrite: Success
Dec 8 16:51:56 zimbra postfix/master[7498]: warning: process /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite pid 7975 exit status 1
Dec 8 16:51:56 zimbra postfix/smtpd[7793]: warning: problem talking to service rewrite: Success
Dec 8 16:51:56 zimbra postfix/smtpd[7959]: warning: problem talking to service rewrite: Connection reset by peer
Dec 8 16:51:56 zimbra postfix/master[7498]: warning: process /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite pid 7976 exit status 1
Dec 8 16:51:56 zimbra postfix/smtpd[7950]: warning: problem talking to service rewrite: Connection reset by peer
Dec 8 16:52:07 zimbra zmmailboxdmgr[8170]: status requested
Dec 8 16:52:07 zimbra zmmailboxdmgr[8170]: status OK
Dec 8 16:52:56 zimbra postfix/trivial-rewrite[8353]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:52:56 zimbra postfix/trivial-rewrite[8353]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:52:56 zimbra postfix/trivial-rewrite[8353]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:52:56 zimbra postfix/trivial-rewrite[8353]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
Dec 8 16:52:56 zimbra postfix/trivial-rewrite[8354]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:52:56 zimbra postfix/trivial-rewrite[8354]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 8 16:52:56 zimbra postfix/trivial-rewrite[8354]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error

[brucealeg]

I think the long term solution is to upgrade. The short term solution ended up being:

[SOLVED] Argh Commercial Certificates after a 4.10 > 5.0 FOSS upgrade!