That's a known bug/problem with postdrop that's existed for years, unfortunately. Basically you have to stop postfix and kill any running postdrop instances, then restart postfix. The postdrop instances that are runaway are referencing things that no longer exist.imx wrote:Those errors are/were just in the zimbra.log - for me, nothing was needed to make them happen, due to the file system permissions issues (or process as wrong user perhaps) they increment in the log file.
Queue browse error after 8.7 upgrade
Re: Queue browse error after 8.7 upgrade
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Re: Queue browse error after 8.7 upgrade
Same problem, tried the given solutions but no go.
Multi-Server (2) install.
Upgraded both servers from 8.6 to 8.7 today.
1 Server has the problem, the other doesnt.
The server with the problem is the one where i had to do a zmfixperms on.... the other one, that doesn't have a problem no fixperms!
Can this be the start of the problem, fixperms setting the wrong permissions?
On the server without problems i see postdrop being started under the root user, with problem it is started under the zimbra user.
Any help please...
Multi-Server (2) install.
Upgraded both servers from 8.6 to 8.7 today.
1 Server has the problem, the other doesnt.
The server with the problem is the one where i had to do a zmfixperms on.... the other one, that doesn't have a problem no fixperms!
Can this be the start of the problem, fixperms setting the wrong permissions?
On the server without problems i see postdrop being started under the root user, with problem it is started under the zimbra user.
Any help please...
Re: Queue browse error after 8.7 upgrade
After upgrading my servers (Multiserver setup with two MTA/Mailstore) last week from 8.6 to 8.7 I suddenly have the same problems as described.
In the beginning only one server was effected, now both are.
mail.log
The process of postdrop is running as user zimbra:
This might be necessary, but the user zimbra does not have access to the directories
I checked, zmfixperms does set exactly these permissions. Somthing must be wrong either in running postdrop as zimbra user or in the zmfixperms script.
I contacted zimbra professional support, but after the initial confirmation of my request, I did not get an answer yet.
Is there anyone who can help. Setting perms to 777 is not an option. Also, the suggested killing of postdrop and restarting postfix is not helping. Even an reboot is not.
In the beginning only one server was effected, now both are.
mail.log
Code: Select all
Aug 19 09:48:19 zm0 postfix/postdrop[19936]: warning: mail_queue_enter: create file maildrop/643190.19936: Permission denied
Aug 19 09:48:23 zm0 postfix/postqueue[17689]: fatal: Connect to the Postfix showq service: Permission denied
Aug 19 11:48:23 ser-zimbra postfix/postdrop[8722]: warning: mail_queue_enter: create file maildrop/840207.8722: Permission denied
Aug 19 11:48:24 ser-zimbra postfix/postdrop[23818]: warning: mail_queue_enter: create file maildrop/77746.23818: Permission denied
Aug 19 09:48:25 zm0 postfix/postdrop[29728]: warning: mail_queue_enter: create file maildrop/931055.29728: Permission denied
Code: Select all
root@zm0:~# ps axu | egrep post
postfix 14406 0.0 0.0 46308 2436 ? S 09:42 0:00 pickup -l -t unix -u
postfix 18875 0.0 0.0 46488 824 ? S Aug18 0:00 qmgr -l -t unix -u
zimbra 19936 0.0 0.0 46276 444 ? S Aug18 0:00 /opt/zimbra/common/sbin/postdrop -r
postfix 24146 0.0 0.0 46316 732 ? S Aug18 0:00 tlsmgr -l -t unix -u
zimbra 29728 0.0 0.0 46276 540 ? S Aug17 0:01 /opt/zimbra/common/sbin/postdrop -r
Code: Select all
root@zm0:~# ll /opt/zimbra/data/postfix/spool/
total 64
drwxr-xr-x 16 root root 4096 Jul 9 2011 ./
drwxr-xr-x 4 postfix zimbra 4096 Oct 9 2011 ../
drwx------ 2 postfix postfix 4096 Aug 19 09:43 active/
drwx------ 2 postfix postfix 4096 Aug 3 06:38 bounce/
drwx------ 2 postfix postfix 4096 Jul 9 2011 corrupt/
drwx------ 18 postfix postfix 4096 Jul 2 2012 defer/
drwx------ 18 postfix postfix 4096 Jul 2 2012 deferred/
drwx------ 2 postfix postfix 4096 Jul 9 2011 flush/
drwx------ 2 postfix postfix 4096 Jul 9 2011 hold/
drwx------ 2 postfix postfix 4096 Aug 19 09:43 incoming/
drwx-wx--- 2 postfix postdrop 4096 Aug 17 09:32 maildrop/
drwxr-xr-x 2 postfix root 4096 Aug 14 09:05 pid/
drwx------ 2 postfix postfix 4096 Aug 16 20:18 private/
drwx--x--- 2 postfix postdrop 4096 Aug 16 20:18 public/
drwx------ 2 postfix postfix 4096 Jul 9 2011 saved/
drwx------ 2 postfix postfix 4096 Aug 16 05:48 trace/
I contacted zimbra professional support, but after the initial confirmation of my request, I did not get an answer yet.
Is there anyone who can help. Setting perms to 777 is not an option. Also, the suggested killing of postdrop and restarting postfix is not helping. Even an reboot is not.
Re: Queue browse error after 8.7 upgrade
There is a major bug in zmfixperms version 8.7! Actually there are two!
This is the temporary solution
Bug one is not setting the s-flag any more.
In my system I had all these files owned by zimbra:zimbra.
In addition, I recommend to run
This shows you, if there are more and other files effected by wrong permissions. I had to change permissions of the following directory to eliminate all errors:
Attention!!
Do NOT run zmfixperms -extended!
This will reset all the changes above. This is bug number 2.
This is the temporary solution
Code: Select all
chown root:root -Rh /opt/zimbra/common/sbin/*
chown root:postdrop /opt/zimbra/common/sbin/postdrop
chown root:postdrop /opt/zimbra/common/sbin/postqueue
chmod g+s /opt/zimbra/common/sbin/postdrop
chmod g+s /opt/zimbra/common/sbin/postqueue
Bug one is not setting the s-flag any more.
Code: Select all
ll /opt/zimbra/common/sbin/
insgesamt 23300
-rwxr-xr-x 1 root root 1531710 Dez 6 2015 amavisd
-rwxr-xr-x 1 root root 12671 Dez 6 2015 amavisd-release
-rwxr-xr-x 1 root root 53704 Dez 6 2015 amavisd-snmp-subagent-zmq
-rwxr-xr-x 1 root root 14380 Dez 6 2015 amavisd-status
-rwxr-xr-x 1 root root 19245 Dez 6 2015 amavis-mc
-rwxr-xr-x 1 root root 34311 Dez 6 2015 amavis-services
-rwxr-xr-x 1 root root 226976 Jun 7 04:19 clamav-milter
-rwxr-xr-x 1 root root 175784 Jun 7 04:19 clamd
lrwxrwxrwx 1 root root 8 Jun 14 16:51 mailq -> sendmail
-rwxr-xr-x 1 root root 16857128 Jun 14 01:56 mysqld
lrwxrwxrwx 1 root root 8 Jun 14 16:51 newaliases -> sendmail
-rwxr-xr-x 1 root root 1322336 Jun 14 21:23 nginx
-rwxr-xr-x 1 root root 241784 Mai 2 23:28 opendkim
-rwxr-xr-x 1 root root 66576 Mai 2 23:28 opendkim-atpszone
-rwxr-xr-x 1 root root 6445 Mai 2 23:28 opendkim-genkey
-rwxr-xr-x 1 root root 70768 Mai 2 23:28 opendkim-genzone
-rwxr-xr-x 1 root root 79088 Mai 2 23:28 opendkim-testkey
-rwxr-xr-x 1 root root 14568 Mai 2 23:28 opendkim-testmsg
-rwxr-xr-x 1 root root 14800 Jan 11 2016 pluginviewer
-rwxr-xr-x 1 root root 259096 Jun 14 16:51 postalias
-rwxr-xr-x 1 root root 189560 Jun 14 16:51 postcat
-rwxr-xr-x 1 root root 346712 Jun 14 16:51 postconf
-rwxr-sr-x 1 root postdrop 271616 Jun 14 16:51 postdrop
-rwxr-xr-x 1 root root 176600 Jun 14 16:51 postfix
-rwxr-xr-x 1 root root 176600 Jun 14 16:51 postkick
-rwxr-xr-x 1 root root 180728 Jun 14 16:51 postlock
-rwxr-xr-x 1 root root 176760 Jun 14 16:51 postlog
-rwxr-xr-x 1 root root 259576 Jun 14 16:51 postmap
-rwxr-xr-x 1 root root 189408 Jun 14 16:51 postmulti
-rwxr-sr-x 1 root postdrop 267456 Jun 14 16:51 postqueue
-rwxr-xr-x 1 root root 193432 Jun 14 16:51 postsuper
-rwxr-xr-x 1 root root 12897 Jun 14 16:51 qshape.pl
-rwxr-xr-x 1 root root 73176 Jan 11 2016 saslauthd
-rwxr-xr-x 1 root root 247296 Jun 14 16:51 sendmail
lrwxrwxrwx 1 root root 16 Jul 29 16:27 slapacl -> ../libexec/slapd
lrwxrwxrwx 1 root root 16 Jul 29 16:27 slapadd -> ../libexec/slapd
lrwxrwxrwx 1 root root 16 Jul 29 16:27 slapauth -> ../libexec/slapd
lrwxrwxrwx 1 root root 16 Jul 29 16:27 slapcat -> ../libexec/slapd
lrwxrwxrwx 1 root root 16 Jul 29 16:27 slapdn -> ../libexec/slapd
lrwxrwxrwx 1 root root 16 Jul 29 16:27 slapindex -> ../libexec/slapd
lrwxrwxrwx 1 root root 16 Jul 29 16:27 slappasswd -> ../libexec/slapd
lrwxrwxrwx 1 root root 16 Jul 29 16:27 slapschema -> ../libexec/slapd
lrwxrwxrwx 1 root root 16 Jul 29 16:27 slaptest -> ../libexec/slapd
-rwxr-xr-x 1 root root 14664 Jan 11 2016 testsaslauthd
In my system I had all these files owned by zimbra:zimbra.
In addition, I recommend to run
Code: Select all
su - zimbra
postfix stop
postfix start
Code: Select all
chown root.root -Rh /opt/zimbra/common/libexec/
chown root.root /opt/zimbra/common/libexec
Attention!!
Do NOT run zmfixperms -extended!
This will reset all the changes above. This is bug number 2.
Re: Queue browse error after 8.7 upgrade
A Bug has been filed now: https://bugzilla.zimbra.com/show_bug.cgi?id=106379.
Please up-vote this bug to get it fixed faster.
Please up-vote this bug to get it fixed faster.
-
- Posts: 2
- Joined: Thu Jul 28, 2016 11:21 am
Re: Queue browse error after 8.7 upgrade
Hi Bithammer,
I have tried the solution you posted
After changing the permission as you suggested (and NOT using zmfixperms) , i had run the command
But returned the error
while still getting all the maildrop error message in the mail.log file.
Moreover after rebooting the server the things got worse with the message
My installation is a fresh one and not an upgrade from a previous version, so the files/directory path may differ a little from someone who upgraded.
But if could be of help to anyone, i resolved my problem with the "poor man, but hey... it's work, solution (TM)" by launching again the zimbra installer and doing a 8.7 to 8.7 version upgrade keeping the config.
In this way the permission was fixed and no more error regarding postdrop
Davide
I have tried the solution you posted
but unfortunately it didn't worked for me.bithammer wrote:There is a major bug in zmfixperms version 8.7! Actually there are two!
This is the temporary solution
In my system I had all these files owned by zimbra:zimbra.Code: Select all
chown root:root -Rh /opt/zimbra/common/sbin/* chown root:postdrop /opt/zimbra/common/sbin/postdrop chown root:postdrop /opt/zimbra/common/sbin/postqueue chmod g+s /opt/zimbra/common/sbin/postdrop chmod g+s /opt/zimbra/common/sbin/postqueue
In addition, I recommend to run
This shows you, if there are more and other files effected by wrong permissions. I had to change permissions of the following directory to eliminate all errors:Code: Select all
su - zimbra postfix stop postfix start
Attention!!Code: Select all
chown root.root -Rh /opt/zimbra/common/libexec/ chown root.root /opt/zimbra/common/libexec
Do NOT run zmfixperms -extended!
This will reset all the changes above. This is bug number 2.
After changing the permission as you suggested (and NOT using zmfixperms) , i had run the command
Code: Select all
su - zimbra
postfix stop
postfix start
Code: Select all
postalias: fatal: open database /etc/aliases.lmdb: Permission denied
Moreover after rebooting the server the things got worse with the message
Code: Select all
Aug 25 05:54:30 mail postfix/postqueue[4791]: fatal: Queue report unavailable - mail system is down
Aug 25 05:55:00 mail postfix/postqueue[5293]: fatal: Queue report unavailable - mail system is down
Aug 25 05:55:30 mail postfix/postqueue[5398]: fatal: Queue report unavailable - mail system is down
Aug 25 05:56:00 mail postfix/postqueue[6197]: fatal: Queue report unavailable - mail system is down
But if could be of help to anyone, i resolved my problem with the "poor man, but hey... it's work, solution (TM)" by launching again the zimbra installer and doing a 8.7 to 8.7 version upgrade keeping the config.
In this way the permission was fixed and no more error regarding postdrop
Davide
-
- Posts: 1
- Joined: Sun Sep 11, 2016 8:44 am
Re: Queue browse error after 8.7 upgrade
tried both the above steps to manually set perms for postfix and postdrop as well as tried running installer again
no errors when starting postfix as zimbra but same errors in maillog
permisssions denied
wondering if there is another workaround?
any more updates on this i desperately need to get this production server working
update got this from bugzilla email
no errors when starting postfix as zimbra but same errors in maillog
permisssions denied
wondering if there is another workaround?
any more updates on this i desperately need to get this production server working
update got this from bugzilla email
Code: Select all
Rick King 2016-09-13 17:02:46 UTC
To manually correct the permissions for postqueue and postdrop, run as root...
chown root:postdrop /opt/zimbra/common/sbin/postqueue
chown root:postdrop /opt/zimbra/common/sbin/postdrop
chmod g+s /opt/zimbra/common/sbin/postqueue
chmod g+s /opt/zimbra/common/sbin/postdrop
Switch to zimbra user...
su - zimbra
postfix check <<== there should be no output
Re: Queue browse error after 8.7 upgrade
dafftu wrote:After upgrading to 8.7 queue browsing (summary counters and details) doesnt work.
Logs shows errors:
Jul 15 15:45:30 mail1 postfix/postqueue[25522]: fatal: Connect to the Postfix showq service: Permission denied
I already tried fixing permissions with below commands (as root), but no change:
/opt/zimbra/libexec/zmfixperms
/opt/zimbra/libexec/zmfixperms -extended
EDIT:
Additionally I need to run zmfixperms after every zmcontrol restart, because of errors with storing message in queue!
Jul 15 16:30:03 mail1 postfix/postdrop[7889]: warning: mail_queue_enter: create file maildrop/370137.7889: Permission denied
Jul 15 16:30:13 mail1 postfix/postdrop[7889]: warning: mail_queue_enter: create file maildrop/378964.7889: Permission denied
Jul 15 16:30:23 mail1 postfix/postdrop[7889]: warning: mail_queue_enter: create file maildrop/402504.7889: Permission denied
I was running into the same series of errors after upgrading to Zimbra 8.7.
Initially I modified the maildrop folder permissions to be slightly more relaxed (as root: chmod 733 /opt/zimbra/data/postfix/spool/maildrop). I noticed that a file owned by zimbra:zimbra was created successfully moments later but the Connect to the Postfix showq service: Permission denied error persisted, so I restored the maildrop folder permission (as root: chmod 730 /opt/zimbra/data/postfix/spool/maildrop) then tried adding the zimbra user to the postdrop group instead.
Code: Select all
$ su root
# usermod -a -G postdrop zimbra
# su zimbra
$ zmcontrol restart
Running /opt/zimbra/libexec/zmfixperms -extended or /opt/zimbra/libexec/zmfixperms has not reverted my change in group membership, and the change persisted through a reboot, by the way.
Re: Queue browse error after 8.7 upgrade
I had the same problems on a clean install of Zimbra 8.7.1 on Ubuntu 16.04.
Right now the permission denied problems are fixed using the suggested chown in the other posts.
But what I have seen afterwards that there are a lot of symbolic links which will get a postfix check warning:
www /postfix-script[13003]: warning: not owned by root: /opt/zimbra/common/libexec/./openldap/sssvlv-2.4.so.2
The Zimbra install script is maybe setting some wrong persmissions for postfix and the zmfixperms will not fix them.
Right now the permission denied problems are fixed using the suggested chown in the other posts.
But what I have seen afterwards that there are a lot of symbolic links which will get a postfix check warning:
www /postfix-script[13003]: warning: not owned by root: /opt/zimbra/common/libexec/./openldap/sssvlv-2.4.so.2
The Zimbra install script is maybe setting some wrong persmissions for postfix and the zmfixperms will not fix them.
Re: Queue browse error after 8.7 upgrade
I had the same problems on a clean install of Zimbra 8.7.1 on Ubuntu 16.04 running inside a Proxmox KVM virtual machine.
The fresh install work great from the beginning (one week) and problems start after using for the first time zmfixperms script :-/
Adding zimbra user to the postdrop group work for me.
I have fixed perm's like whattheserver say but running postfix check as zimbra user give me lot of right problem :
So, I won't try removing zimbra from postdrop group before zmfixperms do his job in the right way... Anyone know the existence of a patch for that script ?
The fresh install work great from the beginning (one week) and problems start after using for the first time zmfixperms script :-/
Adding zimbra user to the postdrop group work for me.
Code: Select all
sudo adduser zimbra postdrop
Code: Select all
sudo -u zimbra -i postfix check
postalias: fatal: open database /etc/aliases.lmdb: Permission denied
postsuper: warning: bogus file name: maildrop/871634.1141
/postfix-script: warning: not owned by root: /opt/zimbra/common/libexec/.
/postfix-script: warning: not owned by root: /opt/zimbra/common/libexec/./post-install
/postfix-script: warning: not owned by root: /opt/zimbra/common/libexec/./spawn
(... 177 others "warning: not owned by root:" ...)
/postfix-script: warning: not owned by root: /opt/zimbra/common/libexec/./dnsblog
/postfix-script: warning: not owned by root: /opt/zimbra/common/libexec/./smtpd