Download Link for attachments Broken

[btribley]

I've had the Open Source Collaboration Suite running since early March and I am a big fan. Migrated from qmail and have not looked back.

I installed Zimbra 5.13 on a squeaky clean, new CentOS 5 machine with no other applications running on it.

The only issue I am experiencing appears to be an Apache configuration issue. Attached files exist because they can be added to the briefcase. Once there, they can be downloaded and opened. However, clicking the Download link in the message yields this error:

The webpage at http://mail2.tribley.org/service/hom...&part=2&disp=a might be temporarily down or it may have moved permanently to a new web address.

Any ideas?
Thanks,
Bill

[phoenix]

You are quite likely to have another issue that is causing this problem. You said that you've had this server up since March, how long have you experienced this problem? Is there any firewall or SElinux active on this system?

Let's start with the following, post the output of the following commands (run on your Zimbra server):

Code:

cat /etc/hosts
cat /etc/resolv.conf
dig yourdomain.com mx
dig yourdomain.com any
host `hostname`  <-- use that exact command with backticks not single quotes

[btribley]

Hi Bill,
Thanks for your reply. Here are the command responses (note an additional response from kloth.net at the end because my server is using a local domain name server that gives local ip's for local requests).
Best regards,
Bill

[zimbra@samurai ~]$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.188 mail2.tribley.org mail2 samurai.tribley.org samurai
::1 localhost6.localdomain6 localhost6
[zimbra@samurai ~]$ cat /etc/resolv.conf
search mhei
nameserver 192.168.1.191
[zimbra@samurai ~]$ dig tribley.org mx

; <<>> DiG 9.3.3rc2 <<>> tribley.org mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53004
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;tribley.org. IN MX

;; ANSWER SECTION:
tribley.org. 11417 IN MX 0 mail.tribley.org.
tribley.org. 11417 IN MX 0 mail2.tribley.org.

;; Query time: 2 msec
;; SERVER: 192.168.1.191#53(192.168.1.191)
;; WHEN: Sun May 10 09:44:37 2009
;; MSG SIZE rcvd: 72

[zimbra@samurai ~]$ dig tribley.org

; <<>> DiG 9.3.3rc2 <<>> tribley.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65067
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;tribley.org. IN A

;; ANSWER SECTION:
tribley.org. 11293 IN A 192.168.1.190

;; Query time: 0 msec
;; SERVER: 192.168.1.191#53(192.168.1.191)
;; WHEN: Sun May 10 09:46:41 2009
;; MSG SIZE rcvd: 45

[zimbra@samurai ~]$ host `hostname`
samurai.tribley.org has address 192.168.1.188
[zimbra@samurai ~]$

This from kloth.net
; <<>> DiG 9.3.2 <<>> @localhost tribley.org A
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4919
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;tribley.org. IN A

;; ANSWER SECTION:
tribley.org. 86400 IN A 76.192.183.57

[phoenix]

Due to a typing error (on my part) you've not given me the correct output for one of the dig commands, it should have been the following:

Code:

dig tribley.org any

There also appears to be no A record for your mail server in the output you've posted.

While it's not incorrect to have a priority of zero on your MX records it's usual to have higher numbers than that. You've also got two records with the same priority, do you really have two mail servers in this domain?

Your hosts file should really contain only the following (unless there's some reason you have two hostnames for this server?):

Code:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.188 mail2.tribley.org mail2

Could you confirm if you have disabled the firewall and SElinux on this server?

[btribley]

[zimbra@samurai ~]$ dig tribley.org any

; <<>> DiG 9.3.3rc2 <<>> tribley.org any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40194
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;tribley.org. IN ANY

;; ANSWER SECTION:
tribley.org. 257234 IN NS mail.tribley.org.
tribley.org. 257234 IN NS main.tribley.org.

;; Query time: 1 msec
;; SERVER: 192.168.1.191#53(192.168.1.191)
;; WHEN: Sun May 10 20:15:39 2009
;; MSG SIZE rcvd: 67

From kloth.net:
; <<>> DiG 9.3.2 <<>> @localhost tribley.org ANY
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12937
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;tribley.org. IN ANY

;; ANSWER SECTION:
tribley.org. 48543 IN A 76.192.183.57
tribley.org. 48449 IN MX 0 mail.tribley.org.
tribley.org. 48449 IN MX 0 mail2.tribley.org.
tribley.org. 221249 IN NS mail.tribley.org.
tribley.org. 221249 IN NS main.tribley.org.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 11 03:17:56 2009
;; MSG SIZE rcvd: 121

Regarding the priorities, that's a definite screwup, I will fix that early next week. Presently mail.tribley.org does not respond to mx requests because qmail is turned off, I had it this way so that I could revert from zimbra by firing up qmail and shutting down zimbra.

Firewall is off:
[root@samurai ~]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dptop3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:7071
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

To the best of my knowledge, SELinux is off:

[root@samurai selinux]# cat config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

Regarding hosts file, I did not want to use a real machine name for my mail server in case I wanted to turn it off in a hurry or substitute another name. So, samurai is the real host name, mail2 is an alias. The hosts file was set up before I got a good handle on how to set tinydns up, so in order to get it to respond to both fully qualified and shorthand names for each of the ways it is called, I put the entries into hosts. Have not removed any of that, one nice thing about leaving it this way is if my DNS server dies zimbra still works internally...

mail2 does have an "A" record, it appears that "any" just picks up the name servers in my case:

[root@samurai selinux]# dig mail2.tribley.org a

; <<>> DiG 9.3.3rc2 <<>> mail2.tribley.org a
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61016
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail2.tribley.org. IN A

;; ANSWER SECTION:
mail2.tribley.org. 83742 IN A 192.168.1.188

;; Query time: 1 msec
;; SERVER: 192.168.1.191#53(192.168.1.191)
;; WHEN: Sun May 10 20:27:11 2009
;; MSG SIZE rcvd: 51


Thanks again for your help,
Bill

[phoenix]

Quote:

Originally Posted by btribley

mail2 does have an "A" record, it appears that "any" just picks up the name servers in my case:

[root@samurai selinux]# dig mail2.tribley.org al

That's incorrect, you're actually checking a subdomain for the A records not your domain which should be just "tribley.org". Add the A record in the correct place and the "dig tribley.org any" will show the correct A record for your server.