Results 1 to 9 of 9

Thread: Zimbra 6.0.5: GetAllMTAAuthUrls returns 7071-ports

  1. #1
    ploeger's Avatar
    ploeger is offline Senior Member
    Join Date
    Oct 2008
    Posts
    74
    Rep Power
    6

    Default Zimbra 6.0.5: GetAllMTAAuthUrls returns 7071-ports

    Hi everyone!

    When I do a zmprov gamau I get:

    https://<host1>:7071/service/admin/soap/ https://<host2>:7071/service/admin/soap/

    (<host1> and <host2> are replaced with our hostnames)

    This breaks my whole sasl configuration. I had to manually set the hosts in the conf.in-file.

    Can somebody tell me, why he thinks, that he's supposed to go to the admin-services on 7071?

    Thanks in advance.

    Kind regards

    Dennis

  2. #2
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,373
    Rep Power
    10

    Default

    Hi Dennis,

    I see you are new to the Forums; welcome! Please update your profile with the output of zmcontrol -v.

    To your question, perhaps I am misunderstanding it, but Zimbra's intention and design is to have the Admin Console accessible only via https on port 7071.

    All the best,
    Mark

  3. #3
    ploeger's Avatar
    ploeger is offline Senior Member
    Join Date
    Oct 2008
    Posts
    74
    Rep Power
    6

    Default

    Hi Mark!

    I've been around the forums for some while, but haven actually posted it. But you're right, I've updated my profile.

    Quote Originally Posted by LMStone View Post
    To your question, perhaps I am misunderstanding it, but Zimbra's intention and design is to have the Admin Console accessible only via https on port 7071.
    I think, you misunderstand it. I know, that the admin console is only accessible via https. The problem is, that that connection is wrong for the MTA auth-urls (or at least it's not working here).

    It should be http://<host1>:80/service/soap (or https://<host1>:443/service/soap when using https), not :7071...

    When I manually edit the saslauthd.conf.in and put the right urls in it, saslauth works, with the :7071-connection it doesn't work.

    My question is, where Zimbra get's that information to return when doing a zmprov gamau.

    Thanks.

    Kind regards
    Dennis
    Release 8.0.6.GA.5922.UBUNTU12.64 UBUNTU12_64 NETWORK edition.

  4. #4
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,373
    Rep Power
    10

    Default

    On our hosting farm, running zmprov gamua generates a list of all of the servers, separated by spaces, in the same format you show:

    Code:
    https://<server1_fqdn>:7071/service/admin/soap/ https://<server1_fqdn>:7071/service/admin/soap/ https://<server2_fqdn>:7071/service/admin/soap/ https://<server3_fqdn>:7071/service/admin/soap/ https://<server4_fqdn>:7071/service/admin/soap/ https://<server5_fqdn>:7071/service/admin/soap/ https://<server6_fqdn>:7071/service/admin/soap/ https://<server7_fqdn>:7071/service/admin/soap/
    Not sure why that breaks things on your end, but at least I can confirm that what you are seeing is correct.

    Hope that helps,
    Mark

  5. #5
    ploeger's Avatar
    ploeger is offline Senior Member
    Join Date
    Oct 2008
    Posts
    74
    Rep Power
    6

    Default

    Quote Originally Posted by LMStone View Post
    Not sure why that breaks things on your end, but at least I can confirm that what you are seeing is correct.
    That is strange. When I set up the system using the 7071-ports for saslauthd, nobody can do smtp-auth. In the logs all authenticate requests get an error 403...

    Can you imagine what's wrong here? How can I debug that further?

    Thanks.

    Kind regards
    Dennis
    Release 8.0.6.GA.5922.UBUNTU12.64 UBUNTU12_64 NETWORK edition.

  6. #6
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,373
    Rep Power
    10

    Default

    Quote Originally Posted by ploeger View Post
    When I set up the system using the 7071-ports for saslauthd, nobody can do smtp-auth.
    What do mean by this? There's no end-user setup of saslauthd required.

    Sorry to answer a question with a question, but to help I need to understand better exactly what you have done here.

    All the best,
    Mark

  7. #7
    ploeger's Avatar
    ploeger is offline Senior Member
    Join Date
    Oct 2008
    Posts
    74
    Rep Power
    6

    Default

    Quote Originally Posted by LMStone View Post
    What do mean by this? There's no end-user setup of saslauthd required.
    To clarify:

    Zimbra automatically writes saslauthd.conf using the admin-ports like said earlier. When I use this configuration, I see 403-errors in the logs whenever a user tries to do smtp-auth.

    When I manually rewrite saslauthd.conf.in to use port 80 and use that config, everything works fine.

    You said, that in your configuration, the admin-ports are written in the saslauthd.conf and everything works fine.

    I don't understand, why it doesn't work on my side.

    Kind regards
    Dennis
    Release 8.0.6.GA.5922.UBUNTU12.64 UBUNTU12_64 NETWORK edition.

  8. #8
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,373
    Rep Power
    10

    Default

    So let's start from the beginning...

    Did smtp_auth ever work on this server?

    Is the server more than a year old?

    In the admin console under the MTA tab for this server's configuration, are "Enable authentication" and "TLS authentication only" both checked?

    Have you changed anything in the underlying operating system or with Zimbra's default install?

    Please also post a log file snippet showing authentication failing.

    Mark

  9. #9
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    Going to the admin port in this case is the correct behavior. Did you block off access to port 7071? It is done to ensure that an https encrypted connection is always made.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 15
    Last Post: 11-24-2009, 08:46 AM
  2. slapd message error
    By smoke in forum Administrators
    Replies: 7
    Last Post: 04-27-2008, 03:23 PM
  3. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 07:25 PM
  4. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  5. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •