Page 1 of 1

Unable to view Mail Queues with Administrator Console 8.8.12

Posted: Tue Jul 09, 2019 6:50 pm
by tgx
Error when opening Monitor>Mail Queues

Message: system failure: exception during auth
{RemoteManager: server.domain.com->zimbra@server.domain.com:22}
Error code: service.FAILURE Method: [unknown] Details:soap:Receiver

Re: Unable to view Mail Queues with Administrator Console 8.8.12

Posted: Tue Jul 09, 2019 6:55 pm
by phoenix
tgx wrote:Error when opening Monitor>Mail Queues

Message: system failure: exception during auth
{RemoteManager: server.domain.com->zimbra@server.domain.com:22}
Error code: service.FAILURE Method: [unknown] Details:soap:Receiver
See if any of these results help: https://www.startpage.com/do/dsearch?query=%2Bzimbra+%2B%22system+failure%3A+exception+during+auth%22&cat=web&pl=opensearch&language=english

Re: Unable to view Mail Queues with Administrator Console 8.8.12

Posted: Tue Jul 09, 2019 7:29 pm
by tgx
Yah I've already exhausted those. They are all rather dated and some tips refer to options that
do not exist.

I went through this one:

https://wiki.zimbra.com/wiki/RemoteManager_exception

And this command:

ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM

always prompts for a password even after performing said instructions.
I cannot update sshd_config because it does not appear to adhere to the directives as presented
in the writeup. It may be that RedHat has rewritten sshd. It looks like it is using PAM and ignoring directives
in the conf file.

<soapbox>
I know its a security thing but geeze security key systems are horrible. The only people that seem to get locked
out are the ones that actually use the system. The hackers just march right around this stuff anyway. There has to be
a better way. </soapbox>

Re: Unable to view Mail Queues with Administrator Console 8.8.12

Posted: Tue Jul 09, 2019 7:48 pm
by tgx
This page also has exactly what I am experiencing but also, the solution does not apply.

viewtopic.php?t=61166

This line

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

does not exist in the file sshd_conf.

I could maybe do this:

- set PubkeyAuthentication to Yes
- add zimbra@127.0.0.1 to allowed users
- add diffie-hellman-group-exchange-sha1 to KeyAlgorithms
- add hmac-sha1-96 to MACs

BUT, there are no entries for MACs nor KeyAlgorithms nor Allowed Users.
The only entry in the default sshd_conf for this version of CentOS that is applicable is:
set PubkeyAuthentication to Yes

Re: Unable to view Mail Queues with Administrator Console 8.8.12

Posted: Tue Jul 09, 2019 7:56 pm
by tgx
Referring to this link:

https://wiki.zimbra.com/wiki/Mail_Queue_Monitoring

My zimbra user is indeed locked. However, by following those instructions I receive this message:

usermod -U zimbra
usermod: unlocking the user's password would result in a passwordless account.
You should set a password with usermod -p to unlock this user's password.

As I was never asked to set a zimbra password, I assume it is intended to be in its present configuration
and that by altering it I could cause some other unfortunate series of events.

I'm not doing any of this until I am certain that it is for the current version otherwise I 'd just be making a mess
of things.

Some guidance here is necessary and some more up to date information.

Thanks.

Re: Unable to view Mail Queues with Administrator Console 8.8.12

Posted: Tue Jul 09, 2019 9:06 pm
by tgx
Okay, so an interesting observation. If I try and run zmqstat from CLI,
using sudo, I get prompted for the zimbra user password. Now as I have never
set a zimbra user password, nor been prompted to create one that proves to be
a bit of an issue. If I just hit enter it tells me wrong password. So it looks like the crux
of the issue has nothing to do with ssh but rather this 'zimbra' user account. I am able
to run zmqstat as root, but I have a feeling that the GUI is trying to use the zimbra account
and that's why it fails.

Also to add to the litany of outdated links that you cannot follow directions from:

https://skrinhitam.wordpress.com/2016/1 ... ail-queue/
[zimbra@mailsvr ~]$ sudo /opt/zimbra/postfix/sbin/postsuper -d ALL
/opt/zimbra/postfix no longer exists. Anyone have an updated command for 8.8.12 to delete deferred emails from CLI?

Note: I was able to find postsuper under /opt/zimbra/common/sbin

Re: Unable to view Mail Queues with Administrator Console 8.8.12

Posted: Wed Jul 10, 2019 12:02 am
by JDunphy
Can you verify that sudo was setup properly?

Code: Select all

$ ls /etc/sudoers.d
01_zimbra  02_zimbra-core  02_zimbra-ldap  02_zimbra-mta  02_zimbra-proxy  02_zimbra-store

where 02_zimbra-mta is:

Code: Select all

$ cat /etc/sudoers.d/02_zimbra-mta
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postfix
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postalias
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/qshape.pl
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postconf
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postsuper
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postcat
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmtastatus
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/amavis-mc

Cmnd_Alias RM_MASTER_PID = /bin/rm -f /opt/zimbra/data/postfix/spool/pid/master.pid
%zimbra ALL=NOPASSWD: RM_MASTER_PID

Another thing to check about paths is from this thread yesterday if you don't think they look correct. https://forums.zimbra.org/viewtopic.php?f=13&t=66495