Installed ISPConfig 3.1dev - mostly went OK. Then moved system to a different network and was getting a virtual users unknown error which went away when I found the typo for the address of the DNS for the new network (doh :-( ) - which of course had stopped all sorts of other things I did not check cos they had been working before I moved the server (double doh :-( )) I have a virtual domain, and a user in that domain but when I try to set up my email client (OSX not a wondrous client) the client attempts to log into the virtual domain I get : postfix/smtpd[23907]: connect from 2-3-4-5 .static .tpgi .com .au[2 .3 .4 .5] <spaces inserted for benefit of forum s/w > postfix/smtpd[23907]: warning: 2-3-4-5 . static . tpgi .com .au[2 .3 .24 .5]: SASL PLAIN authentication failed: <ditto> postfix/smtpd[23907]: warning: 2-3-4-5 . staticv .vtpgi .com .au[2 .3 .4 .5]: SASL PLAIN authentication failed:<ditto> postfix/smtpd[23907] disconnect from 60-242-236-219 .static .tpgi .com .au[60 .242 .236 .219]<ditto> dovecot: imap-login: Disconnected: Inactivity (auth failed, 2 attempts in 180 secs): user=<me@mydomain .com .au>, method=PLAIN, rip=2 .3 .4 .5, lip=1 .2 .3 .4 <und so weiter> the client reports that it is unable create a login. Sadly this seems to be the extent of the logging information. Any suggestions greatly appreciated.
Switched on debug for postfix and got a lot more info which I have had to split into more than 1 post: Ignore the commas they really are full stops: connect from XX-XXX-236-219.static,tpgi,com,au[XX.XXX.236.219] Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: smtp_stream_setup: maxtime=300 enable_deadline=0 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_hostname: XX-XXX-236-219.static.tpgi.com.au ~? 127.0.0.0/8 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_hostaddr: XX.XXX.236.219 ~? 127.0.0.0/8 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_hostname: XX-XXX-236-219.static.tpgi.com.au ~? [::1]/128 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_hostaddr: XX.XXX.236.219 ~? [::1]/128 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX-XXX-236-219,static,tpgi,com,au: no match Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX.XXX.236.219: no match Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: auto_clnt_open: connected to private/anvil Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: send attr request = connect Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: send attr ident = smtp:XX.XXX,236.219 <continued below>
Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/anvil: wanted attribute: status Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: status Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute value: 0 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/anvil: wanted attribute: count Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: count Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute value: 1 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/anvil: wanted attribute: rate Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: rate Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute value: 1 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/anvil: wanted attribute: (list terminator) Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: (end) Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com.au[XX,XXX,236,219]: 220 Hugh2.mydomain.com.au ESMTP Postfix Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null) Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: name_mask: noanonymous Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: watchdog_pat: 0x7f1467babd90 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: < XX-XXX-236-219,static,tpgi,com.au[XX,XXX,236.219]: EHLO [192.168.0.111] <dynamic IP address of my laptop on its remote network> Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX-XXX-236-219,static,tpgi,com.au: no match Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX,XXX,236.219: no match Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com,au[XX,XXX,236,219]: 250-Hugh2.mydomain.com.au Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi,com,au[XX.XXX.236.219]: 250-PIPELINING Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static.tpgi.com.au[XX,XXX,236,219]: 250-SIZE 10240000 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi,com,au[XX.XXX,236,219]: 250-VRFY Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi,com,au[XX.XXX,236.219]: 250-ETRN Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-2XXX-236-219,static,tpgi,com,au[XX.XXX.236.219]: 250-STARTTLS Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi.com.au[XX.XXX,236,219]: 250-AUTH PLAIN Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,stati,.tpgi,com,au[XX.XXX.236.219]: 250-AUTH=PLAIN Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > 6XX-XXX-236-219,static,tpgi,com.au[XX.XXX.236.219]: 250-ENHANCEDSTATUSCODES Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com,au[6XX.XXX.236.219]: 250-8BITMIME Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi,com,au[XX.XXX,236.219]: 250 DSN <last piece follows>
Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: watchdog_pat: 0x7f1467babd90 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: < XX-XXX-236-219.static,tpgi,com.au[6XX.2XXX.236.219]: STARTTLS Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com,au[XX.XXX.236.219]: 220 2.0.0 Ready to start TLS Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: auto_clnt_open: connected to private/tlsmgr Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: send attr request = seed Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: send attr size = 32 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/tlsmgr: wanted attribute: status Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: status Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute value: 0 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/tlsmgr: wanted attribute: seed Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: seed Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute value: mYQgyNbsGR9gZxo7KXFYUQVzUxlmMaVWeesxymDMnI8= Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: private/tlsmgr: wanted attribute: (list terminator) Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: input attribute name: (end) Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null) Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: name_mask: noanonymous Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: watchdog_pat: 0x7f1467babd90 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: < XX-XXX-236-219.static.tpgi.com.au[XX.XXX,236,219]: EHLO [192.168.0.111] < its my laptop address on my remote network again> Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX-XXX-236-219,static,tpgi,com.au: no match Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: match_list_match: XX,XXX,236.219: no match Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi.com.au[XX,XXX.236.219]: 250-Hugh2.mydomain.com.au Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219,static,tpgi,com.au[XX,XXX,236,219]: 250-PIPELINING Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com,au[60.242.236.219]: 250-SIZE 10240000 Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static.tpgi,com,au[XX.XXX,236,219]: 250-VRFY Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static,tpgi,com,au[XX.XXX.236.219]: 250-ETRN Feb 12 13:40:50 Hugh2 postfix/smtpd[58717]: > XX-XXX-236-219.static.tpgi,com,au[XX.XXX,236,219]: 250-AUTH PLAIN SORRY about that being in 3 parts. Apparently there is a 10k limit to file size. The Apple mail client then attempted to check out IMAP with the following results: Feb 11 17:54:28 Hugh2 dovecot: imap-login: Login: user=<gary>, method=PLAIN, rip=XX.XXX,236,219, lip=192.168.0.42, mpid=41112, TLS, session=<SlXWrjtIuAA88uzb> Feb 11 17:54:28 Hugh2 dovecot: imap(gary): Error: user gary: Initialization failed: Namespace '': Mail storage autodetection failed with home=/home/gary <home/gary does not sound right to me> Feb 11 17:54:28 Hugh2 dovecot: imap(gary): Error: Invalid user settings. Refer to server log for more information. Feb 11 17:54:28 Hugh2 dovecot: imap-login: Login: user=<gary>, method=PLAIN, rip=XX.XXX.236,219, lip=192.168.0.42, mpid=41116, TLS, session=<TwuKrztIvAA88uzb> Feb 11 17:54:28 Hugh2 dovecot: imap(gary): Error: user gary: Initialization failed: Namespace '': Mail storage autodetection failed with home=/home/gary Feb 11 17:54:28 Hugh2 dovecot: imap(gary): Error: Invalid user settings. Refer to server log for more information. Feb 11 17:54:29 Hugh2 dovecot: imap-login: Login: user=<gary>, method=PLAIN, rip=XX.XXX,236,219, lip=192.168.0.42, mpid=41118, TLS, session=</RSPrztIvgA88uzb> SO there we have it. If I were to guess I'd say its looking for validation in the wrong place for both IMAP and smtp but I have no idea why :-(
Take a look into the mail_user table in ispconfig and compare the non-working account with a working one to see if there is something missing in that mail user record.
Right now I have one client and that client has one user and that one user does not work. After much debugging it seems that the problem is this: Code: Feb 13 18:20:01 Hugh2 postfix/smtpd[39484]: connect from localhost[::1] Feb 13 18:20:01 Hugh2 postfix/smtpd[39484]: warning: SASL: Connect to /var/spool/postfix/private/auth failed: Connection refused Feb 13 18:20:01 Hugh2 postfix/smtpd[39484]: fatal: no SASL authentication mechanisms Feb 13 18:20:02 Hugh2 postfix/master[38768]: warning: process /usr/libexec/postfix/smtpd pid 39484 exit status 1 Feb 13 18:20:02 Hugh2 postfix/master[38768]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling I tried removing the auth file and it did not get created, and it is a symlink, although the ownership and permissions look OK Code: [root@Hugh2 gary]# ls -l /var/spool/postfix/private/auth srw-rw-rw- 1 postfix postfix 0 Feb 12 16:25 /var/spool/postfix/private/auth Any ideas ?
Please post your /etc/dovecot/dovecot.conf file and check that /etc/dovecot.conf and /etc/dovecot/dovecot.conf contains the same content.
They are completely different files ! but there is a nasty line 1 in /etc/dovecot/dovecot.conf from when I turned on debug: Code: auth_verbose yes mail_debug = yes DOH !! however the mode of failure makes more sense thus: Code: Feb 14 17:53:00 Hugh2 postfix/smtpd[4029]: connect from XX-XXX-236-219.static.tpgi.com.au[XX.XXX.236.219] Feb 14 17:53:02 Hugh2 dovecot: auth-worker(4031): pam([email protected],XX.XXX.236.219): unknown user Feb 14 17:53:02 Hugh2 dovecot: auth-worker(4033): pam([email protected],XX.XXX.236.219): unknown user Feb 14 17:53:04 Hugh2 postfix/smtpd[4029]: warning: XX-XXX-236-219.static.tpgi.com.au[XX.XXX.236.219]: SASL PLAIN authentication failed: Feb 14 17:53:05 Hugh2 dovecot: auth-worker(4031): pam([email protected],XX.XXX.236.219): unknown user Feb 14 17:53:05 Hugh2 dovecot: auth-worker(4033): pam([email protected],XX.XXX.236.219): unknown user Feb 14 17:53:07 Hugh2 postfix/smtpd[4029]: warning: XX-XXX-236-219.static.tpgi.com.au[XX.XXX.236.219]: SASL PLAIN authentication failed: Feb 14 17:53:07 Hugh2 postfix/smtpd[4029]: disconnect from XX-XXX-236-219.static.tpgi.com.au[XX.XXX.236.219] Feb 14 17:53:09 Hugh2 dovecot: auth-worker(4033): pam([email protected],XX.XXX.236.219): unknown user Feb 14 17:53:11 Hugh2 dovecot: imap-login: Login: user=<gary>, method=PLAIN, rip=XX.XXX.236.219, lip=192.168.0.42, mpid=4070, TLS, session=<saPOA3hICAA88uzb> Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: Effective uid=1000, gid=1000, home=/home/gary Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location= Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mdbox: access(/home/gary/mdbox, rwx): failed: No such file or directory Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mdbox: couldn't find root dir Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: sdbox: access(/home/gary/sdbox, rwx): failed: No such file or directory Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: sdbox: couldn't find root dir Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: maildir: access(/home/gary/Maildir, rwx): failed: No such file or directory Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: maildir: couldn't find root dir Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has .imap/: stat(/home/gary/mail/.imap) failed: No such file or directory Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has inbox: stat(/home/gary/mail/inbox) failed: No such file or directory Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has mbox: stat(/home/gary/mail/mbox) failed: No such file or directory Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has .imap/: stat(/home/gary/Mail/.imap) failed: No such file or directory Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has inbox: stat(/home/gary/Mail/inbox) failed: No such file or directory Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox autodetect: has mbox: stat(/home/gary/Mail/mbox) failed: No such file or directory Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: mbox: couldn't find root dir Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: sdbox: access(/home/gary/sdbox, rwx): failed: No such file or directory Feb 14 17:53:11 Hugh2 dovecot: imap(gary): Debug: sdbox: couldn't find root dir the dovecot/dovecot.conf file: Code: [root@Hugh2 log]# cat /etc/dovecot/dovecot.conf auth_verbose = yes mail_debug = yes ## Dovecot configuration file # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration # "doveconf -n" command gives a clean output of the changed settings. Use it # instead of copy&pasting files when posting to the Dovecot mailing list. # '#' character and everything after it is treated as comments. Extra spaces # and tabs are ignored. If you want to use either of these explicitly, put the # value inside quotes, eg.: key = "# char and trailing whitespace " # Most (but not all) settings can be overridden by different protocols and/or # source/destination IPs by placing the settings inside sections, for example: # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } # Default values are shown for each setting, it's not required to uncomment # those. These are exceptions to this though: No sections (e.g. namespace {}) # or plugin settings are added by default, they're listed only as examples. # Paths are also just examples with the real defaults being based on configure # options. The paths listed here are for configure --prefix=/usr # --sysconfdir=/etc --localstatedir=/var # Protocols we want to be serving. #protocols = imap pop3 lmtp # A comma separated list of IPs or hosts where to listen in for connections. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. # If you want to specify non-default ports or anything more complex, # edit conf.d/master.conf. #listen = *, :: # Base directory where to store runtime data. #base_dir = /var/run/dovecot/ # Name of this instance. In multi-instance setup doveadm and other commands # can use -i <instance_name> to select which instance is used (an alternative # to -c <config_path>). The instance name is also added to Dovecot processes # in ps output. #instance_name = dovecot # Greeting message for clients. #login_greeting = Dovecot ready. # Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. #login_trusted_networks = # Space separated list of login access check sockets (e.g. tcpwrap) #login_access_sockets = # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do # proxying. This isn't necessary normally, but may be useful if the destination # IP is e.g. a load balancer's IP. #auth_proxy_self = # Show more verbose process titles (in ps). Currently shows user name and # IP address. Useful for seeing who are actually using the IMAP processes # (eg. shared mailboxes or if same uid is used for multiple accounts). #verbose_proctitle = no # Should all processes be killed when Dovecot master process shuts down. # Setting this to "no" means that Dovecot can be upgraded without # forcing existing client connections to close (although that could also be # a problem if the upgrade is e.g. because of a security fix). #shutdown_clients = yes # If non-zero, run mail commands via this many connections to doveadm server, # instead of running them directly in the same process. #doveadm_worker_count = 0 # UNIX socket or host:port used for connecting to doveadm server #doveadm_socket_path = doveadm-server # Space separated list of environment variables that are preserved on Dovecot # startup and passed down to all of its child processes. You can also give # key=value pairs to always set specific settings. #import_environment = TZ ## ## Dictionary server settings ## # Dictionary can be used to store key=value lists. This is used by several # plugins. The dictionary can be accessed either directly or though a # dictionary server. The following dict block maps dictionary names to URIs # when the server is used. These can then be referenced using URIs in format # "proxy::<name>". dict { #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext } # Most of the actual configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes # in filenames are intended to make it easier to understand the ordering. !include conf.d/*.conf # A config file can also tried to be included without giving an error if # it's not found: !include_try local.conf whereas the postfix.conf file contains : Code: [root@Hugh2 log]# cat /etc/dovecot.conf listen = *,[::] protocols = imap pop3 auth_mechanisms = plain login disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key ssl_protocols = !SSLv2 !SSLv3 passdb { args = /etc/dovecot-sql.conf driver = sql } userdb { driver = prefetch } userdb { args = /etc/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve=/var/vmail/%d/%n/.sieve } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service imap-login { client_limit = 1000 process_limit = 500 } protocol imap { mail_plugins = quota imap_quota } protocol pop3 { pop3_uidl_format = %08Xu%08Xv mail_plugins = quota } protocol lda { mail_plugins = sieve quota postmaster_address = root@localhost } protocol lmtp { postmaster_address = webmaster@localhost mail_plugins = quota sieve } mail_plugins = $mail_plugins quota All suggestions gratefully received
Try this: mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.bak ln -s /etc/dovecot.conf /etc/dovecot/dovecot.conf and then restart dovecot.
Nice one Till ! That seems to have worked !! I have been beating my head (and google) over this for a couple of weeks :-( Many thanks Now for bonus points can you tell me WHY I have 2 dovecot.conf files one of which is apparently not required ? Answers on a postcard please as we say Now I can start digging through the logs and stomp out any remaining buglets ! Oh and increase the fail2ban ban timeout massively Cheers !!
Centos uses both locations and tehy swicth between both locations from time to time, so ispconfig creates the file in one location and adds a symlink to the file in the other location. I can't say why this failed on your system.
Well I checked the ISPC install log and there was no mention of it creating that link, or even failing to so thats going to remain a little mystery for now. However, checking all my mail logs revealed a further small problem: Code: Feb 16 15:00:07 Hugh2 postfix/smtp[58908]: warning: host Hugh2.mydomain.com.au[XX.XXX.135.50]:25 greeted me with my own hostname Hugh2.mydomain.com.au Feb 16 15:00:07 Hugh2 postfix/smtp[58908]: warning: host Hugh2.mydomain.com.au[XX.XXX.135.50]:25 replied to HELO/EHLO with my own hostname Hugh2.mydomain.com.au Feb 16 15:00:07 Hugh2 postfix/smtp[58908]: 893FB6003702: to=<[email protected]>, relay=Hugh2.thepearces.com.au[XX.XXX.135.50]:25, delay=0.88, delays=0.03/0/0.84/0, dsn=5.4.6, status=bounced (mail for Hugh2.mydomain.com.au loops back to myself) Feb 16 15:00:07 Hugh2 postfix/smtpd[58889]: disconnect from pppXX-XXX-135-50.static.internode.on.net[XX.XXX.135.50] Feb 16 15:00:07 Hugh2 postfix/qmgr[38770]: 893FB6003702: removed A bit of googling (often a dangerous thing, I know) indicated that the my destination variable should be altered to include my domain thus: Code: mydestination = Hugh2.mydomain.com.au, localhost, localhost.localdomain I gather I could alsternatively have added this to the relay_domains variable, so I hope I altered the correct variable. mail to [email protected] now appears to work OK as does mail to [email protected] So I hope I have done the right thing. Cheers
If hugh2.mydomain.com.au is the server hostname, then this should be added to the mydestination line.
All seemed to be OK until I checked out mailman. I am getting emails to the effect that: Code: The [email protected] mailing list has 1484 request(s) waiting for your consideration at: http://Hugh2.mydomain.com.au/mailman/admindb/mailman Please attend to this at your earliest convenience. This notice of pending requests, if any, will be sent out daily. Pending posts: From: [email protected] on Sat Jan 21 13:53:42 2017 Subject: Cron <mailman@Hugh2> /usr/lib/mailman/cron/gate_news Cause: Post by non-member to a members-only list and yes it is being sent out daily, although the number of requests is not increasing I have been back and checked all the HowToForge steps and I do not think I missed anything. I DID get the initial mailman list owners email but clicking on that link now 500s. Restarting httpd gives a possible clue: Code: [root@Hugh2 log]# grep ScriptAlias messages Feb 26 15:46:33 Hugh2 httpd: [Sun Feb 26 15:46:33.211327 2017] [alias:warn] [pid 49057] AH00671: The ScriptAlias directive in /etc/httpd/conf.d/mailman.conf at line 6 will probably never match because it overlaps an earlier ScriptAlias. The line in question appears to be: Code: 1 # 2 # httpd configuration settings for use with mailman. 3 # 4 5 ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/ >>> 6 ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/ <<<< 7 <Directory /usr/lib/mailman/cgi-bin/> 8 AllowOverride None 9 Options ExecCG #### changed line below to match install instructions Order allow,deny #### Require all granted was also changed to Allow from all </Directory> but I am unable to find where this earlier ScriptAlias might be. Buried somewhere in the bowels of Centos 7.2 I guess. All assistance gratefully received.
Which is the 500 error that you get in the apache error.log file? You can search for the script alias with: grep -n -r ScriptAlias /etc/httpd/
OK, Searching for ScriptAlias: Code: [root@Hugh2 httpd]# grep -n -r ScriptAlias /etc/httpd/ /etc/httpd/conf/sites-available/mydomain.com.au.vhost:53: ScriptAlias /php5-cgi /var/www/php-cgi-scripts/web1/php-cgi-starter /etc/httpd/conf/httpd.conf:240: # ScriptAlias: This controls which directories contain server scripts. /etc/httpd/conf/httpd.conf:241: # ScriptAliases are essentially the same as Aliases, except that /etc/httpd/conf/httpd.conf:244: # client. The same rules about trailing "/" apply to ScriptAlias /etc/httpd/conf/httpd.conf:247: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" /etc/httpd/conf/httpd.conf:252:# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased /etc/httpd/conf/httpd.conf:291: # To use CGI scripts outside of ScriptAliased directories: /etc/httpd/conf.d/awstats.conf:18:ScriptAlias /awstats/ "/usr/share/awstats/wwwroot/cgi-bin/" /etc/httpd/conf.d/mailman.conf:5:ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/ /etc/httpd/conf.d/mailman.conf:6:ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/ The httpd error log is less helpful. Code: ERROR 500 - Internal Server Error! The following error occurred: The requested URL caused an internal server error. If you get this message repeatedly please contact the webmaster. nothing is written to the /var/log/httpd/error.log but Code: [root@Hugh2 httpd]# cat /var/www/clients/client3/web2/log/error.log shows: Code: [Mon Feb 27 21:01:48.815109 2017] [cgi:error] [pid 49388] [client XX.XXX.236.219:57935] End of script output before headers: admindb which may be a hint
I guess the warning about the script alias refers to this one: /etc/httpd/conf/httpd.conf line 247 you can try to comment it out by adding a # in front of it.
well that gets rid of the ScriptAlias messages but trying to access the mailman mailman list still 500s restarting httpd gives a few more errors: Code: [Mon Feb 27 21:34:25.074617 2017] [ssl:error] [pid 35015] AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate! [Mon Feb 27 21:34:25.074642 2017] [ssl:error] [pid 35015] AH02235: Unable to configure server certificate for stapling [Mon Feb 27 21:34:25.074651 2017] [ssl:warn] [pid 35015] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Mon Feb 27 21:34:25.074687 2017] [ssl:warn] [pid 35015] AH01909: RSA certificate configured for pppXX-XXX-135-50.static.internode.on.net:8080 does NOT include an ID which matches the server name [Mon Feb 27 21:34:25.075118 2017] [ssl:warn] [pid 35015] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Mon Feb 27 21:34:25.104660 2017] [so:warn] [pid 35015] AH01574: module python_module is already loaded, skipping [Mon Feb 27 21:34:25.679117 2017] [auth_digest:notice] [pid 35015] AH01757: generating secret for digest authentication ... [Mon Feb 27 21:34:25.679965 2017] [lbmethod_heartbeat:notice] [pid 35015] AH02282: No slotmem from mod_heartmonitor [Mon Feb 27 21:34:25.681678 2017] [ssl:error] [pid 35015] AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate! [Mon Feb 27 21:34:25.681702 2017] [ssl:error] [pid 35015] AH02235: Unable to configure server certificate for stapling [Mon Feb 27 21:34:25.681711 2017] [ssl:warn] [pid 35015] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Mon Feb 27 21:34:25.681747 2017] [ssl:warn] [pid 35015] AH01909: RSA certificate configured for pppXX-XXX-135-50.static.internode.on.net:8080 does NOT include an ID which matches the server name [Mon Feb 27 21:34:25.682154 2017] [ssl:warn] [pid 35015] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Mon Feb 27 21:34:25.682223 2017] [:notice] [pid 35015] mod_python: Creating 8 session mutexes based on 256 max processes and 0 max threads. [Mon Feb 27 21:34:25.682250 2017] [:notice] [pid 35015] mod_python: using mutex_directory /tmp [Mon Feb 27 21:34:25.888604 2017] [mpm_prefork:notice] [pid 35015] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_python/3.5.0- Python/2.7.5 mod_fcgid/2.3.9 PHP/5.4.16 configured -- resuming normal operations [Mon Feb 27 21:34:25.888648 2017] [core:notice] [pid 35015] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Commenting out that line got rid of the ScriptAlias complaint. HOWEVER mailman was still unreachable and giving a 500 error. For testing purposes I had set up TWO websites. I had been working on the first domain but not the second which was set up using the defaults ..... and then ignored while I looked into my mailman troubles. I eventually decided to look at the SECOND domain where I noted that the check box for SU Exec was ticked. It was NOT ticked on the domain I had been working on, but the second domain WAS TICKED and this enabling SuExec which broke mailman. That makes me wonder why SuExec is a PER SITE switch. There is clearly a further issue I am not grasping here. However, although I can now get the mydomain/mailman/listinfo web page, it does not allow me to create a new list. It says I do not have permission, but the error in ssl_error_log appears to be: Code: [Sun Mar 05 11:49:29.310335 2017] [autoindex:error] [pid 12200] [client XX.XXX236.219:56821] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive [Sun Mar 05 11:49:33.531890 2017] [cgi:error] [pid 12474] [client XX.XXX236.219:56828] script not found or unable to stat: /usr/lib/mailman/cgi-bin/mailman [Sun Mar 05 11:49:40.858168 2017] [cgi:error] [pid 12293] [client XX.XXX.236.219:56832] script not found or unable to stat: /usr/lib/mailman/cgi-bin/mailman [Sun Mar 05 11:50:33.284775 2017] [cgi:error] [pid 12293] [client XX.XXX.236.219:56855] script not found or unable to stat: /usr/lib/mailman/cgi-bin/mailman checking we find that: Code: [root@Hugh2 httpd]# ls -l /usr/lib/mailman/cgi-bin/mailman ls: cannot access /usr/lib/mailman/cgi-bin/mailman: No such file or directory just to be thorough I reset the mailman site password and tried again. This time I got a different error: Code: Bug in Mailman version 2.1.15 We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs. the mailman error log in /var/log/mailman/error also thinks its a permission problem: Code: Mar 05 13:20:05 2017 (22034) command failed: /etc/mailman/virtual_to_transport.sh /etc/mailman/virtual-mailman (status: 1, Operation not permitted) Mar 05 13:20:05 2017 admin(22034): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(22034): [----- Mailman Version: 2.1.15 -----] admin(22034): [----- Traceback ------] admin(22034): Traceback (most recent call last): admin(22034): File "/usr/lib/mailman/scripts/driver", line 112, in run_main admin(22034): main() admin(22034): File "/usr/lib/mailman/Mailman/Cgi/create.py", line 56, in main admin(22034): process_request(doc, cgidata) admin(22034): File "/usr/lib/mailman/Mailman/Cgi/create.py", line 239, in process_request admin(22034): sys.modules[modname].create(mlist, cgi=1) admin(22034): File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 241, in create admin(22034): _update_maps() admin(22034): File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 60, in _update_maps admin(22034): raise RuntimeError, msg % (vcmd, status, errstr) admin(22034): RuntimeError: command failed: /etc/mailman/virtual_to_transport.sh /etc/mailman/virtual-mailman (status: 1, Operation not permitted) admin(22034): [----- Python Information -----] admin(22034): sys.version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] admin(22034): sys.executable = /usr/bin/python admin(22034): sys.prefix = /usr admin(22034): sys.exec_prefix = /usr admin(22034): sys.path = ['/usr/lib/mailman/pythonlib', '/usr/lib/mailman', '/usr/lib/mailman/scripts', '/usr/lib/mailman', '/usr/lib64/python27.zip', '/usr/lib64/python2.7/', '/usr/lib64/python2.7/plat-linux2', '/usr/lib64/python2.7/lib-tk', '/usr/lib64/python2.7/lib-old', '/usr/lib64/python2.7/lib-dynload', '/usr/lib/python2.7/site-packages'] admin(22034): sys.platform = linux2 admin(22034): [----- Environment Variables -----] admin(22034): HTTP_COOKIE: __cfduid=dd487f3da55a48ad9d753ba6d62dd3efb1477979245 admin(22034): CONTEXT_DOCUMENT_ROOT: /usr/lib/mailman/cgi-bin/ admin(22034): SERVER_SOFTWARE: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_python/3.5.0- Python/2.7.5 mod_fcgid/2.3.9 PHP/5.4.16 admin(22034): CONTEXT_PREFIX: /cgi-bin/mailman/ admin(22034): SERVER_SIGNATURE: admin(22034): REQUEST_METHOD: POST admin(22034): HTTP_ORIGIN: https://hugh2.thepearces.com.au admin(22034): SERVER_PROTOCOL: HTTP/1.1 admin(22034): QUERY_STRING: admin(22034): SSL_TLS_SNI: hugh2.mydomain.com.au admin(22034): CONTENT_LENGTH: 151 admin(22034): HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8 admin(22034): HTTP_CONNECTION: keep-alive admin(22034): HTTP_REFERER: https://hugh2.mydomain.com.au/cgi-bin/mailman/create admin(22034): SERVER_NAME: hugh2.mydomain.com.au admin(22034): REMOTE_ADDR: XX.XXX.236.219 admin(22034): SERVER_PORT: 443 admin(22034): SERVER_ADDR: 192.168.X.42 admin(22034): DOCUMENT_ROOT: /var/www/html admin(22034): PYTHONPATH: /usr/lib/mailman admin(22034): SCRIPT_FILENAME: /usr/lib/mailman/cgi-bin/create admin(22034): SERVER_ADMIN: root@localhost admin(22034): HTTP_HOST: hugh2.mydomain.com.au admin(22034): SCRIPT_NAME: /cgi-bin/mailman/create admin(22034): HTTPS: on admin(22034): REQUEST_URI: /cgi-bin/mailman/create admin(22034): HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 admin(22034): PERL5LIB: /usr/share/awstats/lib:/usr/share/awstats/plugins admin(22034): GATEWAY_INTERFACE: CGI/1.1 admin(22034): REMOTE_PORT: 58577 admin(22034): HTTP_ACCEPT_LANGUAGE: en-au admin(22034): REQUEST_SCHEME: https admin(22034): CONTENT_TYPE: application/x-www-form-urlencoded admin(22034): HTTP_ACCEPT_ENCODING: gzip, deflate admin(22034): UNIQUE_ID: WLt107TVmvftdMLka-wceAAAAAM So now I am getting even more confused. All help gratefully received Cheers
