Page 1 of 1

proxy does not work anymore after upgrade

Posted: Tue Feb 13, 2018 9:21 am
by goorooj
Hi,

i was upgrading from 12.04 to 16.04 and zimbra 8.0 to 8.8.5 in many steps.
i have a nginx proxy config on my dmz mailserver ( exim4 ) that worked.
it points to the internal mailserver: https://xx.xx.xx.xx:7072/service/extension/nginx-lookup
the internal mailserver has a /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup with the same value
the port 7072 answers if i telnet from the external mailserver.
but it seems it does not work. i cannot connect from external anymore.
the proxy service from zimbra appears to be off? also the /opt/zimbra/nginx hard link goes nowhere. i am lost now. why does it answer then?
everything else works from internal, the zimbra server can also fetch the mails from the external mailserver and send.

proxy on zimbra server is off. checked, ports set to 0

Re: proxy does not work anymore

Posted: Tue Feb 13, 2018 10:23 am
by goorooj
update:

( xxed the addresses out )
telnet mailext 143 from internet gives me
Trying xx.xx.xx.xx...
Connected to mailext.xx.xx.
Escape character is '^]'.
* OK IMAP4 ready
LOGIN xx@xxxxx.xxx xxxxxxx ( username@domain.com and password )
login BAD invalid command

trying tag or a or ? login:
* BAD internal server error

i enabled cleartext logins on zimbra web interface and even
zmprov mcf zimbraImapCleartextLoginEnabled TRUE
and restarted services.

Re: proxy does not work anymore after upgrade

Posted: Tue Feb 13, 2018 2:32 pm
by Gren Elliot
Anything in /opt/zimbra/log/mailbox.log or /opt/zimbra/log/imapd.log at the same time as you did this?

Re: proxy does not work anymore after upgrade

Posted: Tue Feb 13, 2018 3:51 pm
by goorooj
imapd is saying nothing... except that it is running on 8143... i dont understand it, the webinterface says proxy is off. activate mail proxy is unticked and ports are 0

2018-02-13 10:59:36,777 INFO [main] [] imap - Starting IMAP server, port=8143
2018-02-13 10:59:36,896 INFO [main] [] imap - Starting ImapServer on /0:0:0:0:0:0:0:0:8143
2018-02-13 10:59:36,896 INFO [main] [] imap - Starting IMAP server, port=8993
2018-02-13 10:59:36,914 INFO [main] [] imap - Starting ImapSSLServer on /0:0:0:0:0:0:0:0:8993
2018-02-13 10:59:36,914 WARN [main] [] imap - ImapDaemon: This server not member of pool. Check zimbraReverseProxyUpstreamImapServers.

can telnet to localhost 8143 AND 143 on the zimbra server

but nothing shows in the logs when i telnet to mailext. nothing at all.

server reboot:
2018-02-13 17:04:32,963 INFO [Thread-5] [] imap - Shutting down servers
2018-02-13 17:04:33,251 INFO [Thread-5] [] imap - Stopping IMAP server, port=8143
2018-02-13 17:04:33,251 INFO [Thread-5] [] imap - Initiating shutdown
2018-02-13 17:04:33,313 INFO [Thread-5] [] imap - Stopping IMAP server, port=8993
2018-02-13 17:04:33,314 INFO [Thread-5] [] imap - Initiating shutdown
2018-02-13 17:07:02,200 INFO [IncomingDirectorySweeper] [] store - IncomingDirectorySweeper thread starting
2018-02-13 17:07:02,343 INFO [main] [] store - Starting up FileCache at /opt/zimbra/data/tmp/blobs. maxFiles=10000, maxBytes=1073741824.
2018-02-13 17:07:02,343 INFO [main] [] store - Starting up FileCache at /opt/zimbra/data/tmp/uncompressed. maxFiles=10000, maxBytes=1073741824.
2018-02-13 17:07:03,229 INFO [main] [] FileDescriptorCache - Loading settings: zimbraMailFileDescriptorCacheSize=1000.
2018-02-13 17:07:03,559 INFO [main] [] imap - Starting IMAP server, port=8143
2018-02-13 17:07:03,715 INFO [main] [] imap - Starting ImapServer on /0:0:0:0:0:0:0:0:8143
2018-02-13 17:07:03,715 INFO [main] [] imap - Starting IMAP server, port=8993
2018-02-13 17:07:03,742 INFO [main] [] imap - Starting ImapSSLServer on /0:0:0:0:0:0:0:0:8993
2018-02-13 17:07:03,742 WARN [main] [] imap - ImapDaemon: This server not member of pool. Check zimbraReverseProxyUpstreamImapServers.

i switched off proxy in web interface but it still shows....

i edited global and server settings. restarted server, not only services. no joy. the proxy stays like chewing gum on my sole.

on the mailext. nginx.log is saying 2018/02/13 17:29:27 [error] 1570#0: *3074 send() failed (111: Connection refused) while in http auth state, client: xxx....

zmprov -l gs `zmhostname` | grep -i port says:

zimbraAdminImapImportNumThreads: 20
zimbraAdminPort: 7071
zimbraAdminProxyPort: 9071
zimbraBackupReportEmailSubjectPrefix: ZCS Backup Report
zimbraCBPolicydBindPort: 10031
zimbraChatXmppPort: 5222
zimbraChatXmppSslPort: 5223
zimbraChatXmppSslPortEnabled: FALSE
zimbraClamAVListenPort: 3310
zimbraExtensionBindPort: 7072
zimbraImapBindPort: 143
zimbraImapProxyBindPort: 0
zimbraImapSSLBindPort: 993
zimbraImapSSLProxyBindPort: 0
zimbraLmtpBindPort: 7025
zimbraLowestSupportedAuthVersion: 1
zimbraMailPort: 80
zimbraMailProxyPort: 8080
zimbraMailSSLClientCertPort: 9443
zimbraMailSSLPort: 443
zimbraMailSSLProxyClientCertPort: 3443
zimbraMailSSLProxyPort: 8443
zimbraMemcachedBindPort: 11211
zimbraMessageChannelPort: 7285
zimbraMilterBindPort: 7026
zimbraMtaAuthPort: 7073
zimbraMtaLmtpTlsCiphers: export
zimbraMtaSmtpDnsSupportLevel: enabled
zimbraMtaSmtpTlsCiphers: export
zimbraMtaSmtpTransportRateDelay: $default_transport_rate_delay
zimbraMtaSmtpdClientPortLogging: no
zimbraMtaSmtpdTlsCiphers: export
zimbraMtaSmtpdVirtualTransport: error
zimbraMtaTransportMaps: proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
zimbraNotifyBindPort: 7035
zimbraNotifySSLBindPort: 7036
zimbraPop3BindPort: 110
zimbraPop3ProxyBindPort: 0
zimbraPop3SSLBindPort: 995
zimbraPop3SSLProxyBindPort: 0
zimbraRemoteImapBindPort: 8143
zimbraRemoteImapSSLBindPort: 8993
zimbraRemoteManagementPort: 22
zimbraSmtpPort: 25

Re: proxy does not work anymore after upgrade

Posted: Tue Feb 13, 2018 9:02 pm
by Gren Elliot
Ok, that answers one question that I didn't actually ask - you're running the embedded IMAP, not the remote one, which is fine.
That does mean that any useful logging will be in mailbox.log rather than imapd.log - anything there?

Re: proxy does not work anymore after upgrade

Posted: Wed Feb 14, 2018 1:43 pm
by goorooj
hmmm the direct connects to imap from internal clients are ok. everythings works as expected there.
no sign from connects from the mailext, whatsoever.
where would i have to look for 7072 auth fails?

oh, found something in a trace_log.2018_02_14, ip is mailext
14:44:45.232:qtp510113906-1401 OPENED HttpConnection@10d9377c[DecryptedEndPoint@62fc06bc{/192.168.xx.xx:41953<->7072,Open,in,out,-,-,1/60000,HttpConnection}->SelectChannelEndPoint@4fd499bd{/192.168.xx.xx:41953<->7072,Open,in,out,-,-,1/60000,SslConnection}{io=0/0,kio=0,kro=0}][p=HttpParser{s=START,0 of 0},g=HttpGenerator@98e622f{s=START},c=HttpChannelOverHttp@4ffdf85f{r=0,c=false,a=IDLE,uri=null}]
14:44:45.233:qtp510113906-1446 CLOSED HttpConnection@10d9377c[DecryptedEndPoint@62fc06bc{/192.168.xx.xx:41953<->7072,CLOSED,ISHUT,OSHUT,-,-,1/60000,HttpConnection}->SelectChannelEndPoint@4fd499bd{/192.168.xx.xx:41953<->7072,CLOSED,ISHUT,OSHUT,-,-,1/60000,SslConnection}{io=0/0,kio=-1,kro=-1}][p=HttpParser{s=START,0 of 0},g=HttpGenerator@98e622f{s=START},c=HttpChannelOverHttp@4ffdf85f{r=0,c=false,a=IDLE,uri=null}]

on the mailext i got this nginx log entries
send() failed (111: Connection refused) while in http auth state, client: ( ipv6 address ) using starttls, server: [::]:110, login: xxxx ( valid user )

Re: proxy does not work anymore after upgrade

Posted: Mon Feb 19, 2018 8:52 am
by goorooj
I tried everything in the book now, no joy. i just cant find where the problem is.
i fear i will have to dump our trusted exim4 mailext and install a zimbra proxy/relay instead...