Zimbra 8.7 SMTP Auth fails

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Bittone
Posts: 14
Joined: Mon Sep 05, 2016 4:30 pm

Zimbra 8.7 SMTP Auth fails

Postby Bittone » Mon Sep 05, 2016 4:55 pm

Hello guys,
Just today I experienced a complete mulfunction in SMTP auth, the funny thing is that it ocured immediatly after one user changed his password throu webmail.

Zimbra is 8.7 on centos 7 .

In logs I found:
In /var/log/messages:
Sep 5 17:43:20 xxxxxxx saslauthd: auth_zimbra_init: zimbra_cert_check is off!
Sep 5 17:43:20 xxxxx saslauthd: auth_zimbra_init: 1 auth urls initialized for round-robin

In /var/log/zimbra.log, at first:

Sep 5 17:32:22 xxxxxxxxx saslauthd[25032]: zmpost: url='https://xxxxxxxxxx:7073/service/admin/soap/' returned buffer->data='
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"/></soap:Header><soap:Bod
y><soap:Fault><soap:Code><soap:Value>soap:Sender</soap:Value></soap:Code><soap:Reason><soap:Text>authentication failed for [xxxxxxxx]</soap:Text></soap:Reason><soap:Detail><Error xmlns="urn:zimbra"><Code>account.AUTH_FAILED</Code><Trace>qtp649734728-262
39:1473089542855:d267934502a0132c</Trace></Error></soap:Detail></soap:Fault></soap:Body></soap:Envelope>', hti->error=''
Sep 5 17:32:22 xxxxxxxxxxx saslauthd[25032]: auth_zimbra: xxxxxxxxxxxx auth failed: authentication failed for [xxxxxxxxxx]
Sep 5 17:32:22 xxxxxxxxxxx saslauthd[25032]: do_auth : auth failure: [user=xxxxxxxxx] [service=smtp] [realm=xxxxxxxxxx] [mech=zimbra] [reason=Unknown]
......

Sep 5 17:33:58 postino saslauthd[25029]: zmpost: url='https://xxxxxxxx:8073/service/admin/soap/' returned buffer->data='
<html>#012<head>#012<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>#012<title>Error 503 Service Unavailable</titl
e>#012</head>#012<body><h2>HTTP ERROR 503</h2>#012<p>Problem accessing /service/admin/soap/. Reason:#012<pre> Service Unavailable<
/pre></p>#012</body>#012</html>#012', hti->error=''
Sep 5 17:33:58 xxxxxxx saslauthd[25029]: auth_zimbra: xxxxxxxxxx auth failed: no authtoken and no soap fault text in do
cument
Sep 5 17:33:58 xxxxxxxx saslauthd[25029]: do_auth : auth failure: [user=xxxxxxxxx] [service=smtp] [realm=xxxxxxxxxx [mech=zimbra] [reason=Unknown]

Servives were all green.
Imap auth was OK.
I had to completely resart all zimbra to have SMTP auth working again.

Any clue someone?
Thanks

Alberto


User avatar
DualBoot
Elite member
Elite member
Posts: 1073
Joined: Mon Apr 18, 2016 8:18 pm
Location: Earth
ZCS/ZD Version: ZCS FLOSS - 8.7.11 Mutli servers

Re: Zimbra 8.7 SMTP Auth fails

Postby DualBoot » Mon Sep 05, 2016 6:31 pm

is this a mono server ?
The Guy - DualBoot

PostMaster - WikiMaster - SysAdmin
"Free Your Mind. Think Open Source"
april.org
Zetalliance Member - zetalliance.org
Bittone
Posts: 14
Joined: Mon Sep 05, 2016 4:30 pm

Re: Zimbra 8.7 SMTP Auth fails

Postby Bittone » Tue Sep 06, 2016 7:41 am

Hello DualBoot,
thanks for your kind reply.
Yes, it's a mono server, a VM with 16GB ram and 3 xeon (e5) cores assigned, loadaverage is always below 1, it actualy hosts 83 accounts , 7 domains, 330GB worth of emails.
Just a small install really.
The server is in DMZ with split-brain dns on DNS forwarder.
Bye

Alberto
User avatar
DualBoot
Elite member
Elite member
Posts: 1073
Joined: Mon Apr 18, 2016 8:18 pm
Location: Earth
ZCS/ZD Version: ZCS FLOSS - 8.7.11 Mutli servers

Re: Zimbra 8.7 SMTP Auth fails

Postby DualBoot » Tue Sep 06, 2016 7:50 am

looking at the log you provided, I found something strange :
this line is OK :

Code: Select all

Sep 5 17:32:22 xxxxxxxxx saslauthd[25032]: zmpost: url='https://xxxxxxxxxx:7073/service/admin/soap/' returned buffer->data='

But the following is KO :

Code: Select all

Sep 5 17:33:58 postino saslauthd[25029]: zmpost: url='https://xxxxxxxx:8073/service/admin/soap/' returned buffer->data='

The port is wrong. Have you change it in your server configuration ?
The Guy - DualBoot

PostMaster - WikiMaster - SysAdmin
"Free Your Mind. Think Open Source"
april.org
Zetalliance Member - zetalliance.org
Bittone
Posts: 14
Joined: Mon Sep 05, 2016 4:30 pm

Re: Zimbra 8.7 SMTP Auth fails

Postby Bittone » Tue Sep 06, 2016 8:26 am

Hello Dualboot,
no, it's a clean install on a dedicated VM, nothing running on it apart from zimbra, I only added fail2ban in order to avoid eccessive acoount lockouts.

I executed zmprov getAllConfig | grep port and this is the output:

zimbraAdminPort: 7071
zimbraAdminProxyPort: 9071
zimbraCBPolicydBindPort: 10031
zimbraClamAVListenPort: 3310
zimbraExtensionBindPort: 7072
zimbraImapBindPort: 7143
zimbraImapProxyBindPort: 143
zimbraImapSSLBindPort: 7993
zimbraImapSSLProxyBindPort: 993
zimbraLmtpBindPort: 7025
zimbraMailPort: 80
zimbraMailProxyPort: 0
zimbraMailSSLClientCertPort: 9443
zimbraMailSSLPort: 0
zimbraMailSSLProxyClientCertPort: 3443
zimbraMailSSLProxyPort: 0
zimbraMemcachedBindPort: 11211
zimbraMessageChannelPort: 7285
zimbraMilterBindPort: 7026
zimbraMtaAuthPort: 7073
zimbraMtaSmtpdClientPortLogging: no
zimbraNotifyBindPort: 7035
zimbraNotifySSLBindPort: 7036
zimbraPop3BindPort: 7110
zimbraPop3ProxyBindPort: 110
zimbraPop3SSLBindPort: 7995
zimbraPop3SSLProxyBindPort: 995
zimbraRemoteManagementPort: 22
zimbraReverseProxyAdminPortAttribute: zimbraAdminPort
zimbraReverseProxyHttpPortAttribute: zimbraMailPort
zimbraReverseProxyHttpSSLPortAttribute: zimbraMailSSLPort
zimbraReverseProxyImapPortAttribute: zimbraImapBindPort
zimbraReverseProxyImapSSLPortAttribute: zimbraImapSSLBindPort
zimbraReverseProxyPop3PortAttribute: zimbraPop3BindPort
zimbraReverseProxyPop3SSLPortAttribute: zimbraPop3SSLBindPort
zimbraReverseProxyPortQuery: (&(zimbraServiceHostname=${MAILHOST})(objectClass=zimbraServer))
zimbraSmtpPort: 25

As you can see I have no 8073 port configured.

What really worries me is that it looks like a webapp failure and Zimbra just didn't notice.
Might it be that the password change caused any trouble to the zimbraMtaAut service?

Thanks for your kind help.

Alberto

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 9 guests