Zimbra

WolwX · #1 (**permalink**) 11-15-2011, 01:47 AM

Hello,

Since I restarted my dedicated server I have many bugs and my zimbra mail server don't work anymore :/

I have some doubt about the certificate because I know that's can be in relation with my starting bug, mta fail with smtp side not working.

So I tried to work on this side, of regenerating a new certificate, but since I did some try by following this guide
Problem with Certificate can cause MTA Failure - Zimbra :: Wiki

Code:

root@ns384526:/opt/zimbra/conf/ca# cd /opt/zimbra/ssl               
root@ns384526:/opt/zimbra/ssl# rm -R *
root@ns384526:/opt/zimbra/ssl# cd /opt/zimbra/conf/ca
root@ns384526:/opt/zimbra/conf/ca# rm -R *
root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr createca
** Creating directory /opt/zimbra/ssl/zimbra
** Creating directory /opt/zimbra/ssl/zimbra/ca
** Creating directory /opt/zimbra/ssl/zimbra/server
** Creating directory /opt/zimbra/ssl/zimbra/commercial
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Retrieving CA private key from ldap...failed.
** Retrieving CA cert from ldap...failed.
** Retrieving Commercial CA cert from ldap...failed.
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
** Copying CA to /opt/zimbra/conf/ca...done.

I have another bugs now ...

So Actually here it's the step I'm on :

Code:

zimbra@ns384526:~$ zmcontrol stop
Host ns384526.ovh.net
Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping cbpolicyd...Done.
Stopping archiving...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping imapproxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping logger...Done.
Stopping zmconfigd...Done.
Stopping ldap...Done.
You have new mail in /var/mail/zimbra
zimbra@ns384526:~$ zmcontrol start
Host ns384526.ovh.net
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd...Done.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
zimbra logger service is not enabled! failed.

Starting mailbox...Done.
Starting memcached...Done.
Starting imapproxy...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
zimbra@ns384526:~$ zmcontrol status
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Host ns384526.ovh.net
antispam Running
antivirus Running
imapproxy Running
ldap Running
logger Stopped
zmlogswatchctl is not running
mailbox Stopped
zmmailboxdctl is not running.
memcached Running
mta Stopped
postfix is not running
snmp Stopped
zmswatch is not running.
spell Running
stats Running
zmconfigd Running
zimbra@ns384526:~$

And here the output of my hosts check =>

Code:

cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1    localhost.localdomain localhost
46.105.123.172    ns384526.ovh.net
# The following lines are desirable for IPv6 capable hosts
#(added automatically by netbase upgrade)
::1     ip6-localhost ip6-loopback
feo0::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net any

; <<>> DiG 9.7.3 <<>> ns384526.ovh.net any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21447
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 10, ADDITIONAL: 0

;; QUESTION SECTION:
;ns384526.ovh.net.        IN    ANY

;; ANSWER SECTION:
ns384526.ovh.net.    79481    IN    A    46.105.123.172

;; AUTHORITY SECTION:
ovh.net.        79480    IN    NS    dns11.ovh.net.
ovh.net.        79480    IN    NS    ns10.ovh.net.
ovh.net.        79480    IN    NS    dns15.ovh.net.
ovh.net.        79480    IN    NS    dns13.ovh.net.
ovh.net.        79480    IN    NS    ns11.ovh.net.
ovh.net.        79480    IN    NS    ns13.ovh.net.
ovh.net.        79480    IN    NS    ns12.ovh.net.
ovh.net.        79480    IN    NS    dns12.ovh.net.
ovh.net.        79480    IN    NS    dns10.ovh.net.
ovh.net.        79480    IN    NS    ns15.ovh.net.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Nov 15 10:16:27 2011
;; MSG SIZE  rcvd: 245

root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net mx

; <<>> DiG 9.7.3 <<>> ns384526.ovh.net mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52707
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns384526.ovh.net.        IN    MX

;; AUTHORITY SECTION:
ovh.net.        600    IN    SOA    dns10.ovh.net. tech.ovh.net. 2011111508 86400 3600 3600000 600

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Nov 15 10:17:02 2011
;; MSG SIZE  rcvd: 81

root@ns384526:/opt/zimbra/conf/ca# host `hostname`
ns384526.ovh.net has address 46.105.123.172

So if someone could help me I will he very happy ^^

phoenix · #2 (**permalink**) 11-15-2011, 02:33 AM

Let's start with the following information, update your forum profile with the output of the following command (do not post the output in this thread:

Code:

zmcontrol -v

Quote:

Originally Posted by WolwX

Hello,

Since I restarted my dedicated server I have many bugs and my zimbra mail server don't work anymore :/

I have some doubt about the certificate because I know that's can be in relation with my starting bug, mta fail with smtp side not working.

So I tried to work on this side, of regenerating a new certificate, but since I did some try by following this guide
Problem with Certificate can cause MTA Failure - Zimbra :: Wiki

Code:

root@ns384526:/opt/zimbra/conf/ca# cd /opt/zimbra/ssl               
root@ns384526:/opt/zimbra/ssl# rm -R *
root@ns384526:/opt/zimbra/ssl# cd /opt/zimbra/conf/ca
root@ns384526:/opt/zimbra/conf/ca# rm -R *
root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr createca
** Creating directory /opt/zimbra/ssl/zimbra
** Creating directory /opt/zimbra/ssl/zimbra/ca
** Creating directory /opt/zimbra/ssl/zimbra/server
** Creating directory /opt/zimbra/ssl/zimbra/commercial
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Retrieving CA private key from ldap...failed.
** Retrieving CA cert from ldap...failed.
** Retrieving Commercial CA cert from ldap...failed.
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
** Copying CA to /opt/zimbra/conf/ca...done.

I have another bugs now ...

So Actually here it's the step I'm on :

Code:

zimbra@ns384526:~$ zmcontrol stop
Host ns384526.ovh.net
Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping cbpolicyd...Done.
Stopping archiving...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping imapproxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping logger...Done.
Stopping zmconfigd...Done.
Stopping ldap...Done.
You have new mail in /var/mail/zimbra
zimbra@ns384526:~$ zmcontrol start
Host ns384526.ovh.net
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd...Done.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
zimbra logger service is not enabled! failed.

Starting mailbox...Done.
Starting memcached...Done.
Starting imapproxy...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
zimbra@ns384526:~$ zmcontrol status
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Host ns384526.ovh.net
antispam Running
antivirus Running
imapproxy Running
ldap Running
logger Stopped
zmlogswatchctl is not running
mailbox Stopped
zmmailboxdctl is not running.
memcached Running
mta Stopped
postfix is not running
snmp Stopped
zmswatch is not running.
spell Running
stats Running
zmconfigd Running
zimbra@ns384526:~$

And here the output of my hosts check =>

Code:

cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1    localhost.localdomain localhost
46.105.123.172    ns384526.ovh.net
# The following lines are desirable for IPv6 capable hosts
#(added automatically by netbase upgrade)
::1     ip6-localhost ip6-loopback
feo0::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net any

; <<>> DiG 9.7.3 <<>> ns384526.ovh.net any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21447
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 10, ADDITIONAL: 0

;; QUESTION SECTION:
;ns384526.ovh.net.        IN    ANY

;; ANSWER SECTION:
ns384526.ovh.net.    79481    IN    A    46.105.123.172

;; AUTHORITY SECTION:
ovh.net.        79480    IN    NS    dns11.ovh.net.
ovh.net.        79480    IN    NS    ns10.ovh.net.
ovh.net.        79480    IN    NS    dns15.ovh.net.
ovh.net.        79480    IN    NS    dns13.ovh.net.
ovh.net.        79480    IN    NS    ns11.ovh.net.
ovh.net.        79480    IN    NS    ns13.ovh.net.
ovh.net.        79480    IN    NS    ns12.ovh.net.
ovh.net.        79480    IN    NS    dns12.ovh.net.
ovh.net.        79480    IN    NS    dns10.ovh.net.
ovh.net.        79480    IN    NS    ns15.ovh.net.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Nov 15 10:16:27 2011
;; MSG SIZE  rcvd: 245

root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net mx

; <<>> DiG 9.7.3 <<>> ns384526.ovh.net mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52707
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns384526.ovh.net.        IN    MX

;; AUTHORITY SECTION:
ovh.net.        600    IN    SOA    dns10.ovh.net. tech.ovh.net. 2011111508 86400 3600 3600000 600

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Nov 15 10:17:02 2011
;; MSG SIZE  rcvd: 81

root@ns384526:/opt/zimbra/conf/ca# host `hostname`
ns384526.ovh.net has address 46.105.123.172

So if someone could help me I will he very happy ^^

These are not 'bugs' they are configuration issues.

Go to the wiki and search for the words 'certificates cli' and you'll find a Certified Document that tells you how to generate the certificates for each version of Zimbra, pick the one that's suitable for your versions.

Your hosts file is incorrect as, apparently, are your DNS records. According to the output of the commands you've posted there's no MX record for your server. I'd suggest you go to the Split DNS article and read what's necessary for the correct configuration of the hosts & resolv.conf files adn the DNS A & MX records. When you've read that article and fixed your config you can run all the commands in the 'Verify....' section of that article to confirm your settings.

I'm assuming this is a single server install? If that's the case then you should not have imapproxy nor memcached installed or running, search the forums for details on how to disable and remove those services and reset the ports to their defaults.

WolwX · #3 (**permalink**) 11-15-2011, 03:59 AM

Ok, information updated into my profile

Thanks for your help

But, my zimbra settings was working, and my server was working correctly

Since my I restarted my dedicated server I have those problems of configuration, but I don't changed nothing (at less since some month, but the dedicated was running without restart since two months).

I use the default hostname, the one used by my dedicated hoster.

I will check all thoses informations, but there'snt any way to fix my problem and start the mail server before having corrected all those things ?

About those things, how I can't change nothing about mx record for exemple since I use a subdomain name ?
There is a way to keep my hostname and to correctly set mx records to pass the dig request side ?

WolwX · #4 (**permalink**) 11-16-2011, 04:04 AM

Ok so to solve this problem of bad configuration I tried to reinstall

As expected, all was ok, but not the mta side.

So I wish to know what are the good settings I must set to work with my dedicated who already have working DNS settings

Actually my dedicated server always use the classic reverse and hostname, so something like xxxx.ovh.net

Can I install the zcs with one of my domain name or I must install it with xxxx.ovh.net and add my domain name into the administration gui ?

If I not I must change the reverse and hostname ? or can I have help to set the correct dns settings taking in consideration I'm not the DNS master of the hostname I use because that's a subdomain ?

Zimbra

Downloads

Product Information

Toolbox

Why Join?