Results 1 to 4 of 4

Thread: Mta fail and others bugs after trying to regenerate another certificate

  1. #1
    WolwX is offline Junior Member
    Join Date
    Jul 2008
    Posts
    6
    Rep Power
    7

    Default Mta fail and others bugs after trying to regenerate another certificate

    Hello,

    Since I restarted my dedicated server I have many bugs and my zimbra mail server don't work anymore :/

    I have some doubt about the certificate because I know that's can be in relation with my starting bug, mta fail with smtp side not working.

    So I tried to work on this side, of regenerating a new certificate, but since I did some try by following this guide
    Problem with Certificate can cause MTA Failure - Zimbra :: Wiki

    Code:
    root@ns384526:/opt/zimbra/conf/ca# cd /opt/zimbra/ssl               
    root@ns384526:/opt/zimbra/ssl# rm -R *
    root@ns384526:/opt/zimbra/ssl# cd /opt/zimbra/conf/ca
    root@ns384526:/opt/zimbra/conf/ca# rm -R *
    root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr createca
    ** Creating directory /opt/zimbra/ssl/zimbra
    ** Creating directory /opt/zimbra/ssl/zimbra/ca
    ** Creating directory /opt/zimbra/ssl/zimbra/server
    ** Creating directory /opt/zimbra/ssl/zimbra/commercial
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Retrieving CA private key from ldap...failed.
    ** Retrieving CA cert from ldap...failed.
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
    root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr deployca
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
    ** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
    ** Copying CA to /opt/zimbra/conf/ca...done.
    I have another bugs now ...

    So Actually here it's the step I'm on :

    Code:
    zimbra@ns384526:~$ zmcontrol stop
    Host ns384526.ovh.net
        Stopping stats...Done.
        Stopping mta...Done.
        Stopping spell...Done.
        Stopping snmp...Done.
        Stopping cbpolicyd...Done.
        Stopping archiving...Done.
        Stopping antivirus...Done.
        Stopping antispam...Done.
        Stopping imapproxy...Done.
        Stopping memcached...Done.
        Stopping mailbox...Done.
        Stopping logger...Done.
        Stopping zmconfigd...Done.
        Stopping ldap...Done.
    You have new mail in /var/mail/zimbra
    zimbra@ns384526:~$ zmcontrol start
    Host ns384526.ovh.net
        Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
        Starting zmconfigd...Done.
        Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
    zimbra logger service is not enabled!  failed.
    
    
        Starting mailbox...Done.
        Starting memcached...Done.
        Starting imapproxy...Done.
        Starting antispam...Done.
        Starting antivirus...Done.
        Starting snmp...Done.
        Starting spell...Done.
        Starting mta...Done.
        Starting stats...Done.
    zimbra@ns384526:~$ zmcontrol status
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Host ns384526.ovh.net
        antispam                Running
        antivirus               Running
        imapproxy               Running
        ldap                    Running
        logger                  Stopped
            zmlogswatchctl is not running
        mailbox                 Stopped
            zmmailboxdctl is not running.
        memcached               Running
        mta                     Stopped
            postfix is not running
        snmp                    Stopped
            zmswatch is not running.
        spell                   Running
        stats                   Running
        zmconfigd               Running
    zimbra@ns384526:~$
    And here the output of my hosts check =>

    Code:
    cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1    localhost.localdomain localhost
    46.105.123.172    ns384526.ovh.net
    # The following lines are desirable for IPv6 capable hosts
    #(added automatically by netbase upgrade)
    ::1     ip6-localhost ip6-loopback
    feo0::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net any
    
    ; <<>> DiG 9.7.3 <<>> ns384526.ovh.net any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21447
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 10, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;ns384526.ovh.net.        IN    ANY
    
    ;; ANSWER SECTION:
    ns384526.ovh.net.    79481    IN    A    46.105.123.172
    
    ;; AUTHORITY SECTION:
    ovh.net.        79480    IN    NS    dns11.ovh.net.
    ovh.net.        79480    IN    NS    ns10.ovh.net.
    ovh.net.        79480    IN    NS    dns15.ovh.net.
    ovh.net.        79480    IN    NS    dns13.ovh.net.
    ovh.net.        79480    IN    NS    ns11.ovh.net.
    ovh.net.        79480    IN    NS    ns13.ovh.net.
    ovh.net.        79480    IN    NS    ns12.ovh.net.
    ovh.net.        79480    IN    NS    dns12.ovh.net.
    ovh.net.        79480    IN    NS    dns10.ovh.net.
    ovh.net.        79480    IN    NS    ns15.ovh.net.
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Nov 15 10:16:27 2011
    ;; MSG SIZE  rcvd: 245
    
    root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net mx
    
    ; <<>> DiG 9.7.3 <<>> ns384526.ovh.net mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52707
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;ns384526.ovh.net.        IN    MX
    
    ;; AUTHORITY SECTION:
    ovh.net.        600    IN    SOA    dns10.ovh.net. tech.ovh.net. 2011111508 86400 3600 3600000 600
    
    ;; Query time: 5 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Nov 15 10:17:02 2011
    ;; MSG SIZE  rcvd: 81
    
    root@ns384526:/opt/zimbra/conf/ca# host `hostname`
    ns384526.ovh.net has address 46.105.123.172

    So if someone could help me I will he very happy ^^

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,499
    Rep Power
    56

    Default

    Let's start with the following information, update your forum profile with the output of the following command (do not post the output in this thread:

    Code:
    zmcontrol -v
    Quote Originally Posted by WolwX View Post
    Hello,

    Since I restarted my dedicated server I have many bugs and my zimbra mail server don't work anymore :/

    I have some doubt about the certificate because I know that's can be in relation with my starting bug, mta fail with smtp side not working.

    So I tried to work on this side, of regenerating a new certificate, but since I did some try by following this guide
    Problem with Certificate can cause MTA Failure - Zimbra :: Wiki

    Code:
    root@ns384526:/opt/zimbra/conf/ca# cd /opt/zimbra/ssl               
    root@ns384526:/opt/zimbra/ssl# rm -R *
    root@ns384526:/opt/zimbra/ssl# cd /opt/zimbra/conf/ca
    root@ns384526:/opt/zimbra/conf/ca# rm -R *
    root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr createca
    ** Creating directory /opt/zimbra/ssl/zimbra
    ** Creating directory /opt/zimbra/ssl/zimbra/ca
    ** Creating directory /opt/zimbra/ssl/zimbra/server
    ** Creating directory /opt/zimbra/ssl/zimbra/commercial
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Retrieving CA private key from ldap...failed.
    ** Retrieving CA cert from ldap...failed.
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
    root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr deployca
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
    ** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
    ** Copying CA to /opt/zimbra/conf/ca...done.
    I have another bugs now ...

    So Actually here it's the step I'm on :

    Code:
    zimbra@ns384526:~$ zmcontrol stop
    Host ns384526.ovh.net
        Stopping stats...Done.
        Stopping mta...Done.
        Stopping spell...Done.
        Stopping snmp...Done.
        Stopping cbpolicyd...Done.
        Stopping archiving...Done.
        Stopping antivirus...Done.
        Stopping antispam...Done.
        Stopping imapproxy...Done.
        Stopping memcached...Done.
        Stopping mailbox...Done.
        Stopping logger...Done.
        Stopping zmconfigd...Done.
        Stopping ldap...Done.
    You have new mail in /var/mail/zimbra
    zimbra@ns384526:~$ zmcontrol start
    Host ns384526.ovh.net
        Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
        Starting zmconfigd...Done.
        Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
    zimbra logger service is not enabled!  failed.
    
    
        Starting mailbox...Done.
        Starting memcached...Done.
        Starting imapproxy...Done.
        Starting antispam...Done.
        Starting antivirus...Done.
        Starting snmp...Done.
        Starting spell...Done.
        Starting mta...Done.
        Starting stats...Done.
    zimbra@ns384526:~$ zmcontrol status
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Host ns384526.ovh.net
        antispam                Running
        antivirus               Running
        imapproxy               Running
        ldap                    Running
        logger                  Stopped
            zmlogswatchctl is not running
        mailbox                 Stopped
            zmmailboxdctl is not running.
        memcached               Running
        mta                     Stopped
            postfix is not running
        snmp                    Stopped
            zmswatch is not running.
        spell                   Running
        stats                   Running
        zmconfigd               Running
    zimbra@ns384526:~$
    And here the output of my hosts check =>

    Code:
    cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1    localhost.localdomain localhost
    46.105.123.172    ns384526.ovh.net
    # The following lines are desirable for IPv6 capable hosts
    #(added automatically by netbase upgrade)
    ::1     ip6-localhost ip6-loopback
    feo0::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net any
    
    ; <<>> DiG 9.7.3 <<>> ns384526.ovh.net any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21447
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 10, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;ns384526.ovh.net.        IN    ANY
    
    ;; ANSWER SECTION:
    ns384526.ovh.net.    79481    IN    A    46.105.123.172
    
    ;; AUTHORITY SECTION:
    ovh.net.        79480    IN    NS    dns11.ovh.net.
    ovh.net.        79480    IN    NS    ns10.ovh.net.
    ovh.net.        79480    IN    NS    dns15.ovh.net.
    ovh.net.        79480    IN    NS    dns13.ovh.net.
    ovh.net.        79480    IN    NS    ns11.ovh.net.
    ovh.net.        79480    IN    NS    ns13.ovh.net.
    ovh.net.        79480    IN    NS    ns12.ovh.net.
    ovh.net.        79480    IN    NS    dns12.ovh.net.
    ovh.net.        79480    IN    NS    dns10.ovh.net.
    ovh.net.        79480    IN    NS    ns15.ovh.net.
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Nov 15 10:16:27 2011
    ;; MSG SIZE  rcvd: 245
    
    root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net mx
    
    ; <<>> DiG 9.7.3 <<>> ns384526.ovh.net mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52707
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;ns384526.ovh.net.        IN    MX
    
    ;; AUTHORITY SECTION:
    ovh.net.        600    IN    SOA    dns10.ovh.net. tech.ovh.net. 2011111508 86400 3600 3600000 600
    
    ;; Query time: 5 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Nov 15 10:17:02 2011
    ;; MSG SIZE  rcvd: 81
    
    root@ns384526:/opt/zimbra/conf/ca# host `hostname`
    ns384526.ovh.net has address 46.105.123.172

    So if someone could help me I will he very happy ^^
    These are not 'bugs' they are configuration issues.

    Go to the wiki and search for the words 'certificates cli' and you'll find a Certified Document that tells you how to generate the certificates for each version of Zimbra, pick the one that's suitable for your versions.

    Your hosts file is incorrect as, apparently, are your DNS records. According to the output of the commands you've posted there's no MX record for your server. I'd suggest you go to the Split DNS article and read what's necessary for the correct configuration of the hosts & resolv.conf files adn the DNS A & MX records. When you've read that article and fixed your config you can run all the commands in the 'Verify....' section of that article to confirm your settings.

    I'm assuming this is a single server install? If that's the case then you should not have imapproxy nor memcached installed or running, search the forums for details on how to disable and remove those services and reset the ports to their defaults.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    WolwX is offline Junior Member
    Join Date
    Jul 2008
    Posts
    6
    Rep Power
    7

    Default

    Ok, information updated into my profile

    Thanks for your help

    But, my zimbra settings was working, and my server was working correctly

    Since my I restarted my dedicated server I have those problems of configuration, but I don't changed nothing (at less since some month, but the dedicated was running without restart since two months).

    I use the default hostname, the one used by my dedicated hoster.

    I will check all thoses informations, but there'snt any way to fix my problem and start the mail server before having corrected all those things ?

    About those things, how I can't change nothing about mx record for exemple since I use a subdomain name ?
    There is a way to keep my hostname and to correctly set mx records to pass the dig request side ?

  4. #4
    WolwX is offline Junior Member
    Join Date
    Jul 2008
    Posts
    6
    Rep Power
    7

    Default

    Ok so to solve this problem of bad configuration I tried to reinstall

    As expected, all was ok, but not the mta side.

    So I wish to know what are the good settings I must set to work with my dedicated who already have working DNS settings

    Actually my dedicated server always use the classic reverse and hostname, so something like xxxx.ovh.net

    Can I install the zcs with one of my domain name or I must install it with xxxx.ovh.net and add my domain name into the administration gui ?

    If I not I must change the reverse and hostname ? or can I have help to set the correct dns settings taking in consideration I'm not the DNS master of the hostname I use because that's a subdomain ?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •