Error when opening Monitor>Mail Queues
Message: system failure: exception during auth
{RemoteManager: server.domain.com->zimbra@server.domain.com:22}
Error code: service.FAILURE Method: [unknown] Details:soap:Receiver
Unable to view Mail Queues with Administrator Console 8.8.12
Re: Unable to view Mail Queues with Administrator Console 8.8.12
See if any of these results help: https://www.startpage.com/do/dsearch?qu ... ge=englishtgx wrote:Error when opening Monitor>Mail Queues
Message: system failure: exception during auth
{RemoteManager: server.domain.com->zimbra@server.domain.com:22}
Error code: service.FAILURE Method: [unknown] Details:soap:Receiver
- tgx
- Outstanding Member
- Posts: 308
- Joined: Fri Sep 12, 2014 10:06 pm
- Location: USA
- ZCS/ZD Version: 8.8.15 CentOS 7.6.180
Re: Unable to view Mail Queues with Administrator Console 8.8.12
Yah I've already exhausted those. They are all rather dated and some tips refer to options that
do not exist.
I went through this one:
https://wiki.zimbra.com/wiki/RemoteManager_exception
And this command:
ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
always prompts for a password even after performing said instructions.
I cannot update sshd_config because it does not appear to adhere to the directives as presented
in the writeup. It may be that RedHat has rewritten sshd. It looks like it is using PAM and ignoring directives
in the conf file.
<soapbox>
I know its a security thing but geeze security key systems are horrible. The only people that seem to get locked
out are the ones that actually use the system. The hackers just march right around this stuff anyway. There has to be
a better way. </soapbox>
do not exist.
I went through this one:
https://wiki.zimbra.com/wiki/RemoteManager_exception
And this command:
ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
always prompts for a password even after performing said instructions.
I cannot update sshd_config because it does not appear to adhere to the directives as presented
in the writeup. It may be that RedHat has rewritten sshd. It looks like it is using PAM and ignoring directives
in the conf file.
<soapbox>
I know its a security thing but geeze security key systems are horrible. The only people that seem to get locked
out are the ones that actually use the system. The hackers just march right around this stuff anyway. There has to be
a better way. </soapbox>
- tgx
- Outstanding Member
- Posts: 308
- Joined: Fri Sep 12, 2014 10:06 pm
- Location: USA
- ZCS/ZD Version: 8.8.15 CentOS 7.6.180
Re: Unable to view Mail Queues with Administrator Console 8.8.12
This page also has exactly what I am experiencing but also, the solution does not apply.
viewtopic.php?t=61166
This line
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
does not exist in the file sshd_conf.
I could maybe do this:
- set PubkeyAuthentication to Yes
- add zimbra@127.0.0.1 to allowed users
- add diffie-hellman-group-exchange-sha1 to KeyAlgorithms
- add hmac-sha1-96 to MACs
BUT, there are no entries for MACs nor KeyAlgorithms nor Allowed Users.
The only entry in the default sshd_conf for this version of CentOS that is applicable is:
set PubkeyAuthentication to Yes
viewtopic.php?t=61166
This line
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
does not exist in the file sshd_conf.
I could maybe do this:
- set PubkeyAuthentication to Yes
- add zimbra@127.0.0.1 to allowed users
- add diffie-hellman-group-exchange-sha1 to KeyAlgorithms
- add hmac-sha1-96 to MACs
BUT, there are no entries for MACs nor KeyAlgorithms nor Allowed Users.
The only entry in the default sshd_conf for this version of CentOS that is applicable is:
set PubkeyAuthentication to Yes
- tgx
- Outstanding Member
- Posts: 308
- Joined: Fri Sep 12, 2014 10:06 pm
- Location: USA
- ZCS/ZD Version: 8.8.15 CentOS 7.6.180
Re: Unable to view Mail Queues with Administrator Console 8.8.12
Referring to this link:
https://wiki.zimbra.com/wiki/Mail_Queue_Monitoring
My zimbra user is indeed locked. However, by following those instructions I receive this message:
usermod -U zimbra
usermod: unlocking the user's password would result in a passwordless account.
You should set a password with usermod -p to unlock this user's password.
As I was never asked to set a zimbra password, I assume it is intended to be in its present configuration
and that by altering it I could cause some other unfortunate series of events.
I'm not doing any of this until I am certain that it is for the current version otherwise I 'd just be making a mess
of things.
Some guidance here is necessary and some more up to date information.
Thanks.
https://wiki.zimbra.com/wiki/Mail_Queue_Monitoring
My zimbra user is indeed locked. However, by following those instructions I receive this message:
usermod -U zimbra
usermod: unlocking the user's password would result in a passwordless account.
You should set a password with usermod -p to unlock this user's password.
As I was never asked to set a zimbra password, I assume it is intended to be in its present configuration
and that by altering it I could cause some other unfortunate series of events.
I'm not doing any of this until I am certain that it is for the current version otherwise I 'd just be making a mess
of things.
Some guidance here is necessary and some more up to date information.
Thanks.
- tgx
- Outstanding Member
- Posts: 308
- Joined: Fri Sep 12, 2014 10:06 pm
- Location: USA
- ZCS/ZD Version: 8.8.15 CentOS 7.6.180
Re: Unable to view Mail Queues with Administrator Console 8.8.12
Okay, so an interesting observation. If I try and run zmqstat from CLI,
using sudo, I get prompted for the zimbra user password. Now as I have never
set a zimbra user password, nor been prompted to create one that proves to be
a bit of an issue. If I just hit enter it tells me wrong password. So it looks like the crux
of the issue has nothing to do with ssh but rather this 'zimbra' user account. I am able
to run zmqstat as root, but I have a feeling that the GUI is trying to use the zimbra account
and that's why it fails.
Also to add to the litany of outdated links that you cannot follow directions from:
https://skrinhitam.wordpress.com/2016/1 ... ail-queue/
[zimbra@mailsvr ~]$ sudo /opt/zimbra/postfix/sbin/postsuper -d ALL
/opt/zimbra/postfix no longer exists. Anyone have an updated command for 8.8.12 to delete deferred emails from CLI?
Note: I was able to find postsuper under /opt/zimbra/common/sbin
using sudo, I get prompted for the zimbra user password. Now as I have never
set a zimbra user password, nor been prompted to create one that proves to be
a bit of an issue. If I just hit enter it tells me wrong password. So it looks like the crux
of the issue has nothing to do with ssh but rather this 'zimbra' user account. I am able
to run zmqstat as root, but I have a feeling that the GUI is trying to use the zimbra account
and that's why it fails.
Also to add to the litany of outdated links that you cannot follow directions from:
https://skrinhitam.wordpress.com/2016/1 ... ail-queue/
[zimbra@mailsvr ~]$ sudo /opt/zimbra/postfix/sbin/postsuper -d ALL
/opt/zimbra/postfix no longer exists. Anyone have an updated command for 8.8.12 to delete deferred emails from CLI?
Note: I was able to find postsuper under /opt/zimbra/common/sbin
- JDunphy
- Outstanding Member
- Posts: 897
- Joined: Fri Sep 12, 2014 11:18 pm
- Location: Victoria, BC
- ZCS/ZD Version: 9.0.0_P39 NETWORK Edition
Re: Unable to view Mail Queues with Administrator Console 8.8.12
Can you verify that sudo was setup properly?
where 02_zimbra-mta is:
Another thing to check about paths is from this thread yesterday if you don't think they look correct. viewtopic.php?f=13&t=66495
Code: Select all
$ ls /etc/sudoers.d
01_zimbra 02_zimbra-core 02_zimbra-ldap 02_zimbra-mta 02_zimbra-proxy 02_zimbra-store
Code: Select all
$ cat /etc/sudoers.d/02_zimbra-mta
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postfix
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postalias
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/qshape.pl
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postconf
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postsuper
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postcat
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmtastatus
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/amavis-mc
Cmnd_Alias RM_MASTER_PID = /bin/rm -f /opt/zimbra/data/postfix/spool/pid/master.pid
%zimbra ALL=NOPASSWD: RM_MASTER_PID