SASL PLAIN authentication failed: - Centos 7.2 ISPConfig 3.1dev

Installed ISPConfig 3.1dev - mostly went OK.

Then moved system to a different network and was getting a virtual users unknown error which went away when I found the typo for the address of the DNS for the new network (doh :-( ) - which of course had stopped all sorts of other things I did not check cos they had been working before I moved the server (double doh :-( ))

I have a virtual domain, and a user in that domain but when I try to set up my email client (OSX not a wondrous client) the client attempts to log into the virtual domain I get :

postfix/smtpd[23907]: connect from 2-3-4-5 .static .tpgi .com .au[2 .3 .4 .5] <spaces inserted for benefit of forum s/w >
postfix/smtpd[23907]: warning: 2-3-4-5 . static . tpgi .com .au[2 .3 .24 .5]: SASL PLAIN authentication failed: <ditto>
postfix/smtpd[23907]: warning: 2-3-4-5 . staticv .vtpgi .com .au[2 .3 .4 .5]: SASL PLAIN authentication failed:<ditto>
postfix/smtpd[23907] disconnect from 60-242-236-219 .static .tpgi .com .au[60 .242 .236 .219]<ditto>
dovecot: imap-login: Disconnected: Inactivity (auth failed, 2 attempts in 180 secs): user=<me@mydomain .com .au>, method=PLAIN, rip=2 .3 .4 .5, lip=1 .2 .3 .4 <und so weiter>

the client reports that it is unable create a login.

Sadly this seems to be the extent of the logging information.

Any suggestions greatly appreciated.

 

Switched on debug for postfix and got a lot more info which I have had to split into more than 1 post:
Ignore the commas they really are full stops:

connect from XX-XXX-236-219.static,tpgi,com,au[XX.XXX.236.219]

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: smtp_stream_setup: maxtime=300 enable_deadline=0

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_hostname: XX-XXX-236-219.static.tpgi.com.au ~? 127.0.0.0/8

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_hostaddr: XX.XXX.236.219 ~? 127.0.0.0/8

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_hostname: XX-XXX-236-219.static.tpgi.com.au ~? [::1]/128

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_hostaddr: XX.XXX.236.219 ~? [::1]/128

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX-XXX-236-219,static,tpgi,com,au: no match

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX.XXX.236.219: no match

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: auto_clnt_open: connected to private/anvil

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: send attr request = connect

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: send attr ident = smtp:XX.XXX,236.219
<continued below>

 

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/anvil: wanted attribute: status
Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: status

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute value: 0

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/anvil: wanted attribute: count

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: count

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute value: 1

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/anvil: wanted attribute: rate

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: rate

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute value: 1

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/anvil: wanted attribute: (list terminator)

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: (end)

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com.au[XX,XXX,236,219]: 220

Hugh2.mydomain.com.au ESMTP Postfix

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null)

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: name_mask: noanonymous

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: watchdog_pat: 0x7f1467babd90

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: < XX-XXX-236-219,static,tpgi,com.au[XX,XXX,236.219]: EHLO [192.168.0.111]
<dynamic IP address of my laptop on its remote network>
Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX-XXX-236-219,static,tpgi,com.au: no match

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX,XXX,236.219: no match

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com,au[XX,XXX,236,219]: 250-Hugh2.mydomain.com.au

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi,com,au[XX.XXX.236.219]: 250-PIPELINING

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static.tpgi.com.au[XX,XXX,236,219]: 250-SIZE 10240000

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi,com,au[XX.XXX,236,219]: 250-VRFY

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi,com,au[XX.XXX,236.219]: 250-ETRN

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-2XXX-236-219,static,tpgi,com,au[XX.XXX.236.219]: 250-STARTTLS

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi.com.au[XX.XXX,236,219]: 250-AUTH PLAIN

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,stati,.tpgi,com,au[XX.XXX.236.219]: 250-AUTH=PLAIN

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > 6XX-XXX-236-219,static,tpgi,com.au[XX.XXX.236.219]: 250-ENHANCEDSTATUSCODES

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com,au[6XX.XXX.236.219]: 250-8BITMIME

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi,com,au[XX.XXX,236.219]: 250 DSN

<last piece follows>

 

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: watchdog_pat: 0x7f1467babd90
Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: < XX-XXX-236-219.static,tpgi,com.au[6XX.2XXX.236.219]: STARTTLS

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com,au[XX.XXX.236.219]: 220 2.0.0 Ready to start TLS

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: auto_clnt_open: connected to private/tlsmgr

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: send attr request = seed

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: send attr size = 32

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/tlsmgr: wanted attribute: status

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: status

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute value: 0

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/tlsmgr: wanted attribute: seed

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: seed
Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute value: mYQgyNbsGR9gZxo7KXFYUQVzUxlmMaVWeesxymDMnI8=

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/tlsmgr: wanted attribute: (list terminator)

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: (end)

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null)

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: name_mask: noanonymous

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: watchdog_pat: 0x7f1467babd90

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: < XX-XXX-236-219.static.tpgi.com.au[XX.XXX,236,219]: EHLO [192.168.0.111]
< its my laptop address on my remote network again>
Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX-XXX-236-219,static,tpgi,com.au: no match

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX,XXX,236.219: no match
Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi.com.au[XX,XXX.236.219]: 250-Hugh2.mydomain.com.au

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi,com.au[XX,XXX,236,219]: 250-PIPELINING

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com,au[60.242.236.219]: 250-SIZE 10240000

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static.tpgi,com,au[XX.XXX,236,219]: 250-VRFY

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com,au[XX.XXX.236.219]: 250-ETRN

Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static.tpgi,com,au[XX.XXX,236,219]: 250-AUTH PLAIN

SORRY about that being in 3 parts. Apparently there is a 10k limit to file size.

The Apple mail client then attempted to check out IMAP with the following results:

Feb 11 17:54:28 Hugh2 dovecot: imap-login: Login: user=<gary>, method=PLAIN, rip=XX.XXX,236,219, lip=192.168.0.42, mpid=41112, TLS, session=<SlXWrjtIuAA88uzb>

Feb 11 17:54:28 Hugh2 dovecot: imap(gary): Error: user gary: Initialization failed: Namespace '': Mail storage autodetection failed with home=/home/gary
<home/gary does not sound right to me>
Feb 11 17:54:28 Hugh2 dovecot: imap(gary): Error: Invalid user settings. Refer to server log for more information.

Feb 11 17:54:28 Hugh2 dovecot: imap-login: Login: user=<gary>, method=PLAIN, rip=XX.XXX.236,219, lip=192.168.0.42, mpid=41116, TLS, session=<TwuKrztIvAA88uzb>

Feb 11 17:54:28 Hugh2 dovecot: imap(gary): Error: user gary: Initialization failed: Namespace '': Mail storage autodetection failed with home=/home/gary
Feb 11 17:54:28 Hugh2 dovecot: imap(gary): Error: Invalid user settings. Refer to server log for more information.

Feb 11 17:54:29 Hugh2 dovecot: imap-login: Login: user=<gary>, method=PLAIN, rip=XX.XXX,236,219, lip=192.168.0.42, mpid=41118, TLS, session=</RSPrztIvgA88uzb>

SO there we have it.

If I were to guess I'd say its looking for validation in the wrong place for both IMAP and smtp but I have no idea why :-(

 

Right now I have one client and that client has one user and that one user does not work.

After much debugging it seems that the problem is this:

Code:

Feb 13 18:20:01 Hugh2 postfix/smtpd[39484]: connect from localhost[::1]
Feb 13 18:20:01 Hugh2 postfix/smtpd[39484]: warning: SASL: Connect to /var/spool/postfix/private/auth failed: Connection refused
Feb 13 18:20:01 Hugh2 postfix/smtpd[39484]: fatal: no SASL authentication mechanisms
Feb 13 18:20:02 Hugh2 postfix/master[38768]: warning: process /usr/libexec/postfix/smtpd pid 39484 exit status 1
Feb 13 18:20:02 Hugh2 postfix/master[38768]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

I tried removing the auth file and it did not get created, and it is a symlink, although the ownership and permissions look OK

Code:

[root@Hugh2 gary]# ls -l /var/spool/postfix/private/auth
srw-rw-rw- 1 postfix postfix 0 Feb 12 16:25 /var/spool/postfix/private/auth

Any ideas ?

 

They are completely different files !

but there is a nasty line 1 in /etc/dovecot/dovecot.conf from when I turned on debug:

Code:

auth_verbose  yes
mail_debug = yes

DOH !!

however the mode of failure makes more sense thus:

Code:

Feb 14 17:53:00 Hugh2 postfix/smtpd[4029]: connect from XX-XXX-236-219.static.tpgi.com.au[XX.XXX.236.219]

Feb 14 17:53:02 Hugh2 dovecot: auth-worker(4031): pam([email protected],XX.XXX.236.219): unknown user

Feb 14 17:53:02 Hugh2 dovecot: auth-worker(4033): pam([email protected],XX.XXX.236.219): unknown user

Feb 14 17:53:04 Hugh2 postfix/smtpd[4029]: warning: XX-XXX-236-219.static.tpgi.com.au[XX.XXX.236.219]: SASL PLAIN authentication failed:

Feb 14 17:53:05 Hugh2 dovecot: auth-worker(4031): pam([email protected],XX.XXX.236.219): unknown user

Feb 14 17:53:05 Hugh2 dovecot: auth-worker(4033): pam([email protected],XX.XXX.236.219): unknown user

Feb 14 17:53:07 Hugh2 postfix/smtpd[4029]: warning: XX-XXX-236-219.static.tpgi.com.au[XX.XXX.236.219]: SASL PLAIN authentication failed:

Feb 14 17:53:07 Hugh2 postfix/smtpd[4029]: disconnect from XX-XXX-236-219.static.tpgi.com.au[XX.XXX.236.219]

Feb 14 17:53:09 Hugh2 dovecot: auth-worker(4033): pam([email protected],XX.XXX.236.219): unknown user

Feb 14 17:53:11 Hugh2 dovecot: imap-login: Login: user=<gary>, method=PLAIN, rip=XX.XXX.236.219, lip=192.168.0.42, mpid=4070, TLS, session=<saPOA3hICAA88uzb>

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: Effective uid=1000, gid=1000, home=/home/gary

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mdbox: access(/home/gary/mdbox, rwx): failed: No such file or directory

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mdbox: couldn't find root dir

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: sdbox: access(/home/gary/sdbox, rwx): failed: No such file or directory

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: sdbox: couldn't find root dir

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: maildir: access(/home/gary/Maildir, rwx): failed: No such file or directory

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: maildir: couldn't find root dir

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has .imap/: stat(/home/gary/mail/.imap) failed: No such file or directory

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has inbox: stat(/home/gary/mail/inbox) failed: No such file or directory

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has mbox: stat(/home/gary/mail/mbox) failed: No such file or directory

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has .imap/: stat(/home/gary/Mail/.imap) failed: No such file or directory

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has inbox: stat(/home/gary/Mail/inbox) failed: No such file or directory

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has mbox: stat(/home/gary/Mail/mbox) failed: No such file or directory

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox: couldn't find root dir

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: sdbox: access(/home/gary/sdbox, rwx): failed: No such file or directory

Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: sdbox: couldn't find root dir

the dovecot/dovecot.conf file:

Code:

[root@Hugh2 log]# cat  /etc/dovecot/dovecot.conf

auth_verbose = yes

mail_debug = yes


## Dovecot configuration file


# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration


# "doveconf -n" command gives a clean output of the changed settings. Use it

# instead of copy&pasting files when posting to the Dovecot mailing list.


# '#' character and everything after it is treated as comments. Extra spaces

# and tabs are ignored. If you want to use either of these explicitly, put the

# value inside quotes, eg.: key = "# char and trailing whitespace  "


# Most (but not all) settings can be overridden by different protocols and/or

# source/destination IPs by placing the settings inside sections, for example:

# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }


# Default values are shown for each setting, it's not required to uncomment

# those. These are exceptions to this though: No sections (e.g. namespace {})

# or plugin settings are added by default, they're listed only as examples.

# Paths are also just examples with the real defaults being based on configure

# options. The paths listed here are for configure --prefix=/usr

# --sysconfdir=/etc --localstatedir=/var


# Protocols we want to be serving.

#protocols = imap pop3 lmtp


# A comma separated list of IPs or hosts where to listen in for connections. 

# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.

# If you want to specify non-default ports or anything more complex,

# edit conf.d/master.conf.

#listen = *, ::


# Base directory where to store runtime data.

#base_dir = /var/run/dovecot/


# Name of this instance. In multi-instance setup doveadm and other commands

# can use -i <instance_name> to select which instance is used (an alternative

# to -c <config_path>). The instance name is also added to Dovecot processes

# in ps output.

#instance_name = dovecot


# Greeting message for clients.

#login_greeting = Dovecot ready.


# Space separated list of trusted network ranges. Connections from these

# IPs are allowed to override their IP addresses and ports (for logging and

# for authentication checks). disable_plaintext_auth is also ignored for

# these networks. Typically you'd specify your IMAP proxy servers here.

#login_trusted_networks =


# Space separated list of login access check sockets (e.g. tcpwrap)

#login_access_sockets = 


# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do

# proxying. This isn't necessary normally, but may be useful if the destination

# IP is e.g. a load balancer's IP.

#auth_proxy_self =


# Show more verbose process titles (in ps). Currently shows user name and

# IP address. Useful for seeing who are actually using the IMAP processes

# (eg. shared mailboxes or if same uid is used for multiple accounts).

#verbose_proctitle = no


# Should all processes be killed when Dovecot master process shuts down.

# Setting this to "no" means that Dovecot can be upgraded without

# forcing existing client connections to close (although that could also be

# a problem if the upgrade is e.g. because of a security fix).

#shutdown_clients = yes


# If non-zero, run mail commands via this many connections to doveadm server,

# instead of running them directly in the same process.

#doveadm_worker_count = 0

# UNIX socket or host:port used for connecting to doveadm server

#doveadm_socket_path = doveadm-server


# Space separated list of environment variables that are preserved on Dovecot

# startup and passed down to all of its child processes. You can also give

# key=value pairs to always set specific settings.

#import_environment = TZ


##

## Dictionary server settings

##


# Dictionary can be used to store key=value lists. This is used by several

# plugins. The dictionary can be accessed either directly or though a

# dictionary server. The following dict block maps dictionary names to URIs

# when the server is used. These can then be referenced using URIs in format

# "proxy::<name>".


dict {

  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext

  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext

}



# Most of the actual configuration gets included below. The filenames are

# first sorted by their ASCII value and parsed in that order. The 00-prefixes

# in filenames are intended to make it easier to understand the ordering.

!include conf.d/*.conf


# A config file can also tried to be included without giving an error if

# it's not found:

!include_try local.conf

whereas the postfix.conf file contains :

Code:

[root@Hugh2 log]# cat  /etc/dovecot.conf

listen = *,[::]

protocols = imap pop3

auth_mechanisms = plain login

disable_plaintext_auth = no

log_timestamp = "%Y-%m-%d %H:%M:%S "

mail_privileged_group = vmail

ssl_cert = </etc/postfix/smtpd.cert

ssl_key = </etc/postfix/smtpd.key

ssl_protocols = !SSLv2 !SSLv3

passdb {

  args = /etc/dovecot-sql.conf

  driver = sql

}

userdb {

  driver = prefetch

}

userdb {

  args = /etc/dovecot-sql.conf

  driver = sql

}

plugin {

  quota = dict:user::file:/var/vmail/%d/%n/.quotausage

  sieve=/var/vmail/%d/%n/.sieve

}

service auth {

  unix_listener /var/spool/postfix/private/auth {

    group = postfix

    mode = 0660

    user = postfix

  }

  unix_listener auth-userdb {

    group = vmail

    mode = 0600

    user = vmail

  }

  user = root

}

service lmtp {

  unix_listener /var/spool/postfix/private/dovecot-lmtp {

  group = postfix

  mode = 0600

  user = postfix

  }

}

service imap-login {

  client_limit = 1000

  process_limit = 500

}

protocol imap {

  mail_plugins = quota imap_quota

}

protocol pop3 {

  pop3_uidl_format = %08Xu%08Xv

  mail_plugins = quota

}

protocol lda {

  mail_plugins = sieve quota

  postmaster_address = root@localhost

}

protocol lmtp {

  postmaster_address = webmaster@localhost

  mail_plugins = quota sieve

}

mail_plugins = $mail_plugins quota

All suggestions gratefully received

 

Nice one Till !
That seems to have worked !!
I have been beating my head (and google) over this for a couple of weeks :-(

Many thanks

Now for bonus points can you tell me WHY I have 2 dovecot.conf files one of which is apparently not required ?

Answers on a postcard please as we say

Now I can start digging through the logs and stomp out any remaining buglets !
Oh and increase the fail2ban ban timeout massively

Cheers !!

 

Well I checked the ISPC install log and there was no mention of it creating that link, or even failing to so thats going to remain a little mystery for now.

However, checking all my mail logs revealed a further small problem:

Code:

Feb 16 15:00:07 Hugh2 postfix/smtp[58908]: warning: host Hugh2.mydomain.com.au[XX.XXX.135.50]:25 greeted me with my own hostname Hugh2.mydomain.com.au

Feb 16 15:00:07 Hugh2 postfix/smtp[58908]: warning: host Hugh2.mydomain.com.au[XX.XXX.135.50]:25 replied to HELO/EHLO with my own hostname Hugh2.mydomain.com.au

Feb 16 15:00:07 Hugh2 postfix/smtp[58908]: 893FB6003702: to=<[email protected]>, relay=Hugh2.thepearces.com.au[XX.XXX.135.50]:25, delay=0.88, delays=0.03/0/0.84/0, dsn=5.4.6, status=bounced (mail for Hugh2.mydomain.com.au loops back to myself)

Feb 16 15:00:07 Hugh2 postfix/smtpd[58889]: disconnect from pppXX-XXX-135-50.static.internode.on.net[XX.XXX.135.50]

Feb 16 15:00:07 Hugh2 postfix/qmgr[38770]: 893FB6003702: removed

A bit of googling (often a dangerous thing, I know) indicated that the my destination variable should be altered to include my domain thus:

Code:

mydestination = Hugh2.mydomain.com.au, localhost, localhost.localdomain

I gather I could alsternatively have added this to the relay_domains variable, so I hope I altered the correct variable.

mail to [email protected] now appears to work OK as does mail to [email protected]

So I hope I have done the right thing.

Cheers

 

All seemed to be OK until I checked out mailman.

I am getting emails to the effect that:

Code:

The [email protected] mailing list has 1484 request(s)
waiting for your consideration at:

    http://Hugh2.mydomain.com.au/mailman/admindb/mailman
  
Please attend to this at your earliest convenience.  This notice of
pending requests, if any, will be sent out daily.


Pending posts:
From: [email protected] on Sat Jan 21 13:53:42 2017
Subject: Cron <mailman@Hugh2> /usr/lib/mailman/cron/gate_news
Cause: Post by non-member to a members-only list

and yes it is being sent out daily, although the number of requests is not increasing

I have been back and checked all the HowToForge steps and I do not think I missed anything.

I DID get the initial mailman list owners email but clicking on that link now 500s.

Restarting httpd gives a possible clue:

Code:

[root@Hugh2 log]# grep ScriptAlias messages

Feb 26 15:46:33 Hugh2 httpd: [Sun Feb 26 15:46:33.211327 2017] [alias:warn] [pid 49057] AH00671: The ScriptAlias directive in /etc/httpd/conf.d/mailman.conf at line 6 will probably never match because it overlaps an earlier ScriptAlias.

The line in question appears to be:

Code:

1 #
2 #  httpd configuration settings for use with mailman.
3 #
4
5 ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
>>> 6 ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/   <<<<
7 <Directory /usr/lib/mailman/cgi-bin/>
8    AllowOverride None
9    Options ExecCG
#### changed line below to match install instructions
Order allow,deny
#### Require all granted was also changed to
    Allow from all
</Directory>

but I am unable to find where this earlier ScriptAlias might be.

Buried somewhere in the bowels of Centos 7.2 I guess.

All assistance gratefully received.

 

OK,

Searching for ScriptAlias:

Code:

[root@Hugh2 httpd]# grep -n -r ScriptAlias /etc/httpd/
/etc/httpd/conf/sites-available/mydomain.com.au.vhost:53:        ScriptAlias /php5-cgi /var/www/php-cgi-scripts/web1/php-cgi-starter
/etc/httpd/conf/httpd.conf:240:    # ScriptAlias: This controls which directories contain server scripts. 
/etc/httpd/conf/httpd.conf:241:    # ScriptAliases are essentially the same as Aliases, except that
/etc/httpd/conf/httpd.conf:244:    # client.  The same rules about trailing "/" apply to ScriptAlias
/etc/httpd/conf/httpd.conf:247:    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
/etc/httpd/conf/httpd.conf:252:# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
/etc/httpd/conf/httpd.conf:291:    # To use CGI scripts outside of ScriptAliased directories:
/etc/httpd/conf.d/awstats.conf:18:ScriptAlias /awstats/ "/usr/share/awstats/wwwroot/cgi-bin/"
/etc/httpd/conf.d/mailman.conf:5:ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
/etc/httpd/conf.d/mailman.conf:6:ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/

The httpd error log is less helpful.

Code:

ERROR 500 - Internal Server Error!
The following error occurred:
The requested URL caused an internal server error.

If you get this message repeatedly please contact the webmaster.

nothing is written to the /var/log/httpd/error.log

but

Code:

[root@Hugh2 httpd]# cat /var/www/clients/client3/web2/log/error.log

shows:

Code:

[Mon Feb 27 21:01:48.815109 2017] [cgi:error] [pid 49388] [client XX.XXX.236.219:57935] End of script output before headers: admindb

which may be a hint

 

well that gets rid of the ScriptAlias messages but trying to access the mailman mailman list still 500s

restarting httpd gives a few more errors:

Code:

[Mon Feb 27 21:34:25.074617 2017] [ssl:error] [pid 35015] AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!
[Mon Feb 27 21:34:25.074642 2017] [ssl:error] [pid 35015] AH02235: Unable to configure server certificate for stapling
[Mon Feb 27 21:34:25.074651 2017] [ssl:warn] [pid 35015] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 27 21:34:25.074687 2017] [ssl:warn] [pid 35015] AH01909: RSA certificate configured for pppXX-XXX-135-50.static.internode.on.net:8080 does NOT include an ID which matches the server name
[Mon Feb 27 21:34:25.075118 2017] [ssl:warn] [pid 35015] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Mon Feb 27 21:34:25.104660 2017] [so:warn] [pid 35015] AH01574: module python_module is already loaded, skipping
[Mon Feb 27 21:34:25.679117 2017] [auth_digest:notice] [pid 35015] AH01757: generating secret for digest authentication ...
[Mon Feb 27 21:34:25.679965 2017] [lbmethod_heartbeat:notice] [pid 35015] AH02282: No slotmem from mod_heartmonitor
[Mon Feb 27 21:34:25.681678 2017] [ssl:error] [pid 35015] AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!
[Mon Feb 27 21:34:25.681702 2017] [ssl:error] [pid 35015] AH02235: Unable to configure server certificate for stapling
[Mon Feb 27 21:34:25.681711 2017] [ssl:warn] [pid 35015] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 27 21:34:25.681747 2017] [ssl:warn] [pid 35015] AH01909: RSA certificate configured for pppXX-XXX-135-50.static.internode.on.net:8080 does NOT include an ID which matches the server name
[Mon Feb 27 21:34:25.682154 2017] [ssl:warn] [pid 35015] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Mon Feb 27 21:34:25.682223 2017] [:notice] [pid 35015] mod_python: Creating 8 session mutexes based on 256 max processes and 0 max threads.
[Mon Feb 27 21:34:25.682250 2017] [:notice] [pid 35015] mod_python: using mutex_directory /tmp 
[Mon Feb 27 21:34:25.888604 2017] [mpm_prefork:notice] [pid 35015] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_python/3.5.0- Python/2.7.5 mod_fcgid/2.3.9 PHP/5.4.16 configured -- resuming normal operations
[Mon Feb 27 21:34:25.888648 2017] [core:notice] [pid 35015] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

 

Commenting out that line got rid of the ScriptAlias complaint.

HOWEVER mailman was still unreachable and giving a 500 error.

For testing purposes I had set up TWO websites. I had been working on the first domain but not the second which was set up using the defaults ..... and then ignored while I looked into my mailman troubles.

I eventually decided to look at the SECOND domain where I noted that the check box for SU Exec was ticked.

It was NOT ticked on the domain I had been working on, but the second domain WAS TICKED and this enabling SuExec which broke mailman.

That makes me wonder why SuExec is a PER SITE switch. There is clearly a further issue I am not grasping here.

However, although I can now get the mydomain/mailman/listinfo web page, it does not allow me to create a new list. It says I do not have permission, but the error in ssl_error_log appears to be:

Code:

[Sun Mar 05 11:49:29.310335 2017] [autoindex:error] [pid 12200] [client XX.XXX236.219:56821] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive

[Sun Mar 05 11:49:33.531890 2017] [cgi:error] [pid 12474] [client XX.XXX236.219:56828] script not found or unable to stat: /usr/lib/mailman/cgi-bin/mailman

[Sun Mar 05 11:49:40.858168 2017] [cgi:error] [pid 12293] [client XX.XXX.236.219:56832] script not found or unable to stat: /usr/lib/mailman/cgi-bin/mailman

[Sun Mar 05 11:50:33.284775 2017] [cgi:error] [pid 12293] [client XX.XXX.236.219:56855] script not found or unable to stat: /usr/lib/mailman/cgi-bin/mailman

checking we find that:

Code:

[root@Hugh2 httpd]# ls -l /usr/lib/mailman/cgi-bin/mailman
ls: cannot access /usr/lib/mailman/cgi-bin/mailman: No such file or directory

just to be thorough I reset the mailman site password and tried again.

This time I got a different error:

Code:

Bug in Mailman version 2.1.15


We're sorry, we hit a bug!
Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs.

the mailman error log in /var/log/mailman/error also thinks its a permission problem:

Code:

Mar 05 13:20:05 2017 (22034) command failed: /etc/mailman/virtual_to_transport.sh /etc/mailman/virtual-mailman (status: 1, Operation not permitted)

Mar 05 13:20:05 2017 admin(22034): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 

admin(22034): [----- Mailman Version: 2.1.15 -----] 

admin(22034): [----- Traceback ------] 

admin(22034): Traceback (most recent call last):

admin(22034):   File "/usr/lib/mailman/scripts/driver", line 112, in run_main

admin(22034):     main()

admin(22034):   File "/usr/lib/mailman/Mailman/Cgi/create.py", line 56, in main

admin(22034):     process_request(doc, cgidata)

admin(22034):   File "/usr/lib/mailman/Mailman/Cgi/create.py", line 239, in process_request

admin(22034):     sys.modules[modname].create(mlist, cgi=1)

admin(22034):   File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 241, in create

admin(22034):     _update_maps()

admin(22034):   File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 60, in _update_maps

admin(22034):     raise RuntimeError, msg % (vcmd, status, errstr)

admin(22034): RuntimeError: command failed: /etc/mailman/virtual_to_transport.sh /etc/mailman/virtual-mailman (status: 1, Operation not permitted)

admin(22034): [----- Python Information -----] 

admin(22034): sys.version     =   2.7.5 (default, Nov  6 2016, 00:28:07) 

[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] 

admin(22034): sys.executable  =   /usr/bin/python 

admin(22034): sys.prefix      =   /usr 

admin(22034): sys.exec_prefix =   /usr 

admin(22034): sys.path        =   ['/usr/lib/mailman/pythonlib', '/usr/lib/mailman', '/usr/lib/mailman/scripts', '/usr/lib/mailman', '/usr/lib64/python27.zip', '/usr/lib64/python2.7/', '/usr/lib64/python2.7/plat-linux2', '/usr/lib64/python2.7/lib-tk', '/usr/lib64/python2.7/lib-old', '/usr/lib64/python2.7/lib-dynload', '/usr/lib/python2.7/site-packages'] 

admin(22034): sys.platform    =   linux2 

admin(22034): [----- Environment Variables -----] 

admin(22034):     HTTP_COOKIE: __cfduid=dd487f3da55a48ad9d753ba6d62dd3efb1477979245 

admin(22034):     CONTEXT_DOCUMENT_ROOT: /usr/lib/mailman/cgi-bin/ 

admin(22034):     SERVER_SOFTWARE: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_python/3.5.0- Python/2.7.5 mod_fcgid/2.3.9 PHP/5.4.16 

admin(22034):     CONTEXT_PREFIX: /cgi-bin/mailman/ 

admin(22034):     SERVER_SIGNATURE:  

admin(22034):     REQUEST_METHOD: POST 

admin(22034):     HTTP_ORIGIN: https://hugh2.thepearces.com.au 

admin(22034):     SERVER_PROTOCOL: HTTP/1.1 

admin(22034):     QUERY_STRING:  

admin(22034):     SSL_TLS_SNI: hugh2.mydomain.com.au 

admin(22034):     CONTENT_LENGTH: 151 

admin(22034):     HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8 

admin(22034):     HTTP_CONNECTION: keep-alive 

admin(22034):     HTTP_REFERER: https://hugh2.mydomain.com.au/cgi-bin/mailman/create 

admin(22034):     SERVER_NAME: hugh2.mydomain.com.au 

admin(22034):     REMOTE_ADDR: XX.XXX.236.219 

admin(22034):     SERVER_PORT: 443 

admin(22034):     SERVER_ADDR: 192.168.X.42 

admin(22034):     DOCUMENT_ROOT: /var/www/html 

admin(22034):     PYTHONPATH: /usr/lib/mailman 

admin(22034):     SCRIPT_FILENAME: /usr/lib/mailman/cgi-bin/create 

admin(22034):     SERVER_ADMIN: root@localhost 

admin(22034):     HTTP_HOST: hugh2.mydomain.com.au 

admin(22034):     SCRIPT_NAME: /cgi-bin/mailman/create 

admin(22034):     HTTPS: on 

admin(22034):     REQUEST_URI: /cgi-bin/mailman/create 

admin(22034):     HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 

admin(22034):     PERL5LIB: /usr/share/awstats/lib:/usr/share/awstats/plugins 

admin(22034):     GATEWAY_INTERFACE: CGI/1.1 

admin(22034):     REMOTE_PORT: 58577 

admin(22034):     HTTP_ACCEPT_LANGUAGE: en-au 

admin(22034):     REQUEST_SCHEME: https 

admin(22034):     CONTENT_TYPE: application/x-www-form-urlencoded 

admin(22034):     HTTP_ACCEPT_ENCODING: gzip, deflate 

admin(22034):     UNIQUE_ID: WLt107TVmvftdMLka-wceAAAAAM

So now I am getting even more confused.

All help gratefully received

Cheers