fatal: Connect to the Postfix showq service: Permission denied

[xtrac]

Hi All,
Pulling my hair out here, really need some help with this one.
Upgraded my debian 5 (32-bit) box to 6.0.14 from 5.0.18, in preparation for a move to a new 64-bit server. (didn't get that far even)
The mta won't start with the following error in the log
fatal: Connect to the Postfix showq service: Permission denied
The things I've tried

1. SELinux
2. zmfixperms (both --extended and normal)

3. installed now self signed certs

4. nothing about nosuid in the fstab

5. Reboots
Everything else works fine, I can login and see the old mails, the server has been running like a dream for 4+ years.
I have a separate postfix system which accepts all my mails before they are delivered to zimbra, so all my current inbound mails are still in the queue, which is good.
But I cannot get the MTA to start, tried with zmmtactl after the rest of the system come up, and still gives me the same error.
I still bitches at me about some perms in postfix,even after the extended zmfixperms

=======

Mar 20 00:31:06 faraday postfix/postfix-script[360]: warning: not owned by root:

/opt/zimbra/data/postfix/spool

Mar 20 00:31:06 faraday postfix/postfix-script[366]: warning: group or other wri

table: /opt/zimbra/data/postfix/spool

Mar 20 00:31:06 faraday postfix/postfix-script[368]: warning: not owned by root:

/opt/zimbra/postfix-2.6.10.2z/conf/main.cf

Mar 20 00:31:06 faraday postfix/postfix-script[369]: warning: not owned by root:

/opt/zimbra/postfix-2.6.10.2z/conf/master.cf

Mar 20 00:31:06 faraday postfix/postfix-script[370]: warning: not owned by root:

/opt/zimbra/postfix-2.6.10.2z/conf/master.cf.in

Mar 20 00:31:06 faraday postfix/postfix-script[385]: starting the Postfix mail s

ystem

============
I also get this zmcontrol start, no not know if its connected.

============

Starting spell...Failed.

Starting apache...httpd: Syntax error on line 232 of /opt/zimbra/conf/httpd.conf: Cannot load /opt/zimbra/httpd/modules/libphp5.so into server: /opt/zimbra/httpd/modules/libphp5.so: undefined symbol: gzopen64

failed.

============
This is the other common output asked for in these situations, and it looks clearly broken aswell, as it is not looking in the "right" places, as the spool directory for me is in /opt/zimbra/data/postfix/spool

============

zimbra@faraday:~$ ls -ld /opt/zimbra/postfix/sbin/postqueue /opt/zimbra/postfix/spool/public/* /opt/zimbra/postfix/spool/maildrop

ls: /opt/zimbra/postfix/spool/public/*: No such file or directory

ls: /opt/zimbra/postfix/spool/maildrop: No such file or directory

-rwxr-sr-x 1 root postdrop 610522 May 9 2011 /opt/zimbra/postfix/sbin/postqueue

zimbra@faraday:~$

============
I think the above could really be the problem for me, am tempted to create symlink to the current spool directory location.

which is what i've done, and i get the below

============
faraday:~# ls -ld /opt/zimbra/postfix/sbin/postqueue /opt/zimbra/postfix/spool/public/* /opt/zimbra/postfix/spool/maildrop

-rwxr-sr-x 1 root postdrop 610522 May 9 2011 /opt/zimbra/postfix/sbin/postqueue

drwx-wx--- 2 postfix postdrop 8192 Mar 20 00:40 /opt/zimbra/postfix/spool/maildrop

srwx--x--- 1 postfix postfix 0 Mar 16 23:35 /opt/zimbra/postfix/spool/public/cleanup

srwx--x--- 1 postfix postfix 0 Mar 16 23:35 /opt/zimbra/postfix/spool/public/flush

prwx--x--- 1 postfix postfix 0 Mar 17 01:28 /opt/zimbra/postfix/spool/public/pickup

prwx--x--- 1 postfix postfix 0 Mar 17 01:25 /opt/zimbra/postfix/spool/public/qmgr

srwx--x--- 1 postfix postfix 0 Mar 16 23:35 /opt/zimbra/postfix/spool/public/showq

faraday:~#

===============
i've now run a zmfixperms --extended (after shutting down zimbra), and started zimbra again
I still get the original error.
I'm desperate now folks, any pointers on how to go about getting the mta up and running?
I've looked for incident support for FOSS version, i'm willing to pay , but not found anything, do zimbra even do this?
Best Regards
-Roy

[xtrac]

I've now hand fixed the perms to get the below
==================
araday:/opt/zimbra/postfix/spool/public# ls -ld /opt/zimbra/postfix/sbin/postqueue /opt/zimbra/postfix/spool/public/* /opt/zimbra/postfix/spool/maildrop

-rwxr-sr-x 1 root postdrop 610522 May 9 2011 /opt/zimbra/postfix/sbin/postqueue

drwx-wx--- 2 postfix postdrop 8192 Mar 20 01:00 /opt/zimbra/postfix/spool/maildrop

srw-rw-rw- 1 postfix postfix 0 Mar 16 23:35 /opt/zimbra/postfix/spool/public/cleanup

srw-rw-rw- 1 postfix postfix 0 Mar 16 23:35 /opt/zimbra/postfix/spool/public/flush

prw--w--w- 1 postfix postfix 0 Mar 17 01:28 /opt/zimbra/postfix/spool/public/pickup

prw--w--w- 1 postfix postfix 0 Mar 17 01:25 /opt/zimbra/postfix/spool/public/qmgr

srw-rw-rw- 1 postfix postfix 0 Mar 16 23:35 /opt/zimbra/postfix/spool/public/showq

faraday:/opt/zimbra/postfix/spool/public#

==============
which looks more like it should from other posts.
now I get a different error
fatal: Queue report unavailable - mail system is down
Have I made it worse or better?
Regards
-Roy

[xtrac]

I;ve done further digging
output from zmmtactl start

========
Mar 20 01:14:32 faraday postfix/postfix-script[21316]: warning: not owned by roo

t: /opt/zimbra/postfix-2.6.10.2z/conf/main.cf

Mar 20 01:14:32 faraday postfix/postfix-script[21317]: warning: not owned by roo

t: /opt/zimbra/postfix-2.6.10.2z/conf/master.cf

Mar 20 01:14:32 faraday postfix/postfix-script[21318]: warning: not owned by roo

t: /opt/zimbra/postfix-2.6.10.2z/conf/master.cf.in

Mar 20 01:14:32 faraday postfix/postfix-script[21321]: warning: not owned by pos

tfix: /opt/zimbra/data/postfix/./spool

Mar 20 01:14:32 faraday postfix/postfix-script[21322]: warning: not owned by pos

tfix: /opt/zimbra/data/postfix/./spool/maildrop/EB9708FC13A

Mar 20 01:14:32 faraday postfix/postfix-script[21323]: warning: not owned by pos

tfix: /opt/zimbra/data/postfix/./spool/maildrop/E01778FC13B

===============
the directory in question looks like this

===============
faraday:/opt/zimbra/postfix/conf# ls -las

total 192

4 drwxrwxr-x 2 root postfix 4096 Mar 20 01:14 .

4 drwxr-xr-x 6 root root 4096 Mar 20 00:45 ..

12 -rw-r--r-- 1 root postfix 11942 May 9 2011 LICENSE

4 -rw-r--r-- 1 root postfix 1629 May 9 2011 TLS_LICENSE

20 -rw-r--r-- 1 root postfix 19579 May 9 2011 access

12 -rw-r--r-- 1 root postfix 8829 May 9 2011 aliases

4 -rw-r--r-- 1 root postfix 3548 May 9 2011 bounce.cf.default

12 -rw-r--r-- 1 root postfix 11681 May 9 2011 canonical

12 -rw-r--r-- 1 root postfix 9904 May 9 2011 generic

20 -rw-r--r-- 1 root postfix 18287 May 9 2011 header_checks

4 -rw-r--r-- 1 zimbra zimbra 2517 Mar 20 01:14 main.cf

24 -rw-r--r-- 1 root postfix 23502 May 9 2011 main.cf.default

4 -rw-r--r-- 1 root postfix 3193 May 9 2011 makedefs.out

8 -r--r----- 1 zimbra zimbra 5051 Mar 20 01:14 master.cf

8 -rw-r--r-- 1 zimbra zimbra 5195 Aug 2 2011 master.cf.in

8 -rw-r--r-- 1 root postfix 6816 May 9 2011 relocated

16 -rw-r--r-- 1 root postfix 12500 May 9 2011 transport

16 -rw-r--r-- 1 root postfix 12494 May 9 2011 virtual

faraday:/opt/zimbra/postfix/conf#

=================

It looks like the main and master conf files are created on the fly with the zimbra user. Is this the correct mode of operation, it is complaining about root not owning them?
Then it complains about the /opt/zimbra/data/postfix/./spool not being owned by postfix, there is now a symlink as per the original mail which the link is at /opt/zimbra/postfix/spool, and owned by root as per the previous warnings?
I'm getting more and more confused!
Regards
-Roy

[sunambiar]

postfix/postqueue[28198]: fatal: Connect to the Postfix showq service: Permission denied


May 19 14:35:33 postfix/postqueue[28402]: fatal: Connect to the Postfix showq service: Permission denied

May 19 14:36:03 postfix/postqueue[28556]: fatal: Connect to the Postfix showq service: Permission denied

May 19 14:36:18 zmconfigd[2655]: Fetching All configs

May 19 14:36:18 zmconfigd[2655]: All configs fetched in 0.04 seconds

May 19 14:36:19 zmconfigd[2655]: Watchdog: service antivirus status is OK.

May 19 14:36:19 zmconfigd[2655]: All rewrite threads completed in 0.00 sec

May 19 14:36:19 zmconfigd[2655]: All restarts completed in 0.00 sec

The net effect is that I am not able to open the New Message option in the Zimbra browser window.
Further the chat is also not working


Can VMWare help ? Can someone help ?


Thanks in advance.





[quote user="xtrac"]I;ve done further digging
output from zmmtactl start

========
Mar 20 01:14:32 faraday postfix/postfix-script[21316]: warning: not owned by roo

t: /opt/zimbra/postfix-2.6.10.2z/conf/main.cf

Mar 20 01:14:32 faraday postfix/postfix-script[21317]: warning: not owned by roo

t: /opt/zimbra/postfix-2.6.10.2z/conf/master.cf

Mar 20 01:14:32 faraday postfix/postfix-script[21318]: warning: not owned by roo

t: /opt/zimbra/postfix-2.6.10.2z/conf/master.cf.in

Mar 20 01:14:32 faraday postfix/postfix-script[21321]: warning: not owned by pos

tfix: /opt/zimbra/data/postfix/./spool

Mar 20 01:14:32 faraday postfix/postfix-script[21322]: warning: not owned by pos

tfix: /opt/zimbra/data/postfix/./spool/maildrop/EB9708FC13A

Mar 20 01:14:32 faraday postfix/postfix-script[21323]: warning: not owned by pos

tfix: /opt/zimbra/data/postfix/./spool/maildrop/E01778FC13B

===============
the directory in question looks like this

===============
faraday:/opt/zimbra/postfix/conf# ls -las

total 192

4 drwxrwxr-x 2 root postfix 4096 Mar 20 01:14 .

4 drwxr-xr-x 6 root root 4096 Mar 20 00:45 ..

12 -rw-r--r-- 1 root postfix 11942 May 9 2011 LICENSE

4 -rw-r--r-- 1 root postfix 1629 May 9 2011 TLS_LICENSE

20 -rw-r--r-- 1 root postfix 19579 May 9 2011 access

12 -rw-r--r-- 1 root postfix 8829 May 9 2011 aliases

4 -rw-r--r-- 1 root postfix 3548 May 9 2011 bounce.cf.default

12 -rw-r--r-- 1 root postfix 11681 May 9 2011 canonical

12 -rw-r--r-- 1 root postfix 9904 May 9 2011 generic

20 -rw-r--r-- 1 root postfix 18287 May 9 2011 header_checks

4 -rw-r--r-- 1 zimbra zimbra 2517 Mar 20 01:14 main.cf

24 -rw-r--r-- 1 root postfix 23502 May 9 2011 main.cf.default

4 -rw-r--r-- 1 root postfix 3193 May 9 2011 makedefs.out

8 -r--r----- 1 zimbra zimbra 5051 Mar 20 01:14 master.cf

8 -rw-r--r-- 1 zimbra zimbra 5195 Aug 2 2011 master.cf.in

8 -rw-r--r-- 1 root postfix 6816 May 9 2011 relocated

16 -rw-r--r-- 1 root postfix 12500 May 9 2011 transport

16 -rw-r--r-- 1 root postfix 12494 May 9 2011 virtual

faraday:/opt/zimbra/postfix/conf#

=================

It looks like the main and master conf files are created on the fly with the zimbra user. Is this the correct mode of operation, it is complaining about root not owning them?
Then it complains about the /opt/zimbra/data/postfix/./spool not being owned by postfix, there is now a symlink as per the original mail which the link is at /opt/zimbra/postfix/spool, and owned by root as per the previous warnings?
I'm getting more and more confused!
Regards
-Roy[/QUOTE]

[phoenix]

[quote user="sunambiar"]postfix/postqueue[28198]: fatal: Connect to the Postfix showq service: Permission denied


May 19 14:35:33 postfix/postqueue[28402]: fatal: Connect to the Postfix showq service: Permission denied

May 19 14:36:03 postfix/postqueue[28556]: fatal: Connect to the Postfix showq service: Permission denied

May 19 14:36:18 zmconfigd[2655]: Fetching All configs

May 19 14:36:18 zmconfigd[2655]: All configs fetched in 0.04 seconds

May 19 14:36:19 zmconfigd[2655]: Watchdog: service antivirus status is OK.

May 19 14:36:19 zmconfigd[2655]: All rewrite threads completed in 0.00 sec

May 19 14:36:19 zmconfigd[2655]: All restarts completed in 0.00 sec

The net effect is that I am not able to open the New Message option in the Zimbra browser window. [/QUOTE]
[quote user="sunambiar"]Further the chat is also not working.[/QUOTE]There is no 'chat' in ZCS version 8 onwards (if that's what you're using).


[quote user="sunambiar"]Can VMWare help ?[/QUOTE]Not really as these are Zimbra forums (not VMware) and they are also Community Support forums not official Zimbra support.
[quote user="sunambiar"] Can someone help ?[/QUOTE]Try some of the solutions from a forum search. You also haven't given any information about the version & release of Zimbra that's installed and which operating system nor whether this is an upgrade or a clean install and no information about what changes (if any) you've made to the server nor what solutions you've tried from the forums an what was the outcome of any of those solutions.

[xtrac]

Hi Folks,
Apologies for not replying to this thread. I eventually sought out expert help for this, and got it sorted. I hope this info helps out others.
It turns out it was a broken Debian upgrade that caused all the problems, once the expert had fixed the upgrade and broken packages/dependencies, it all worked again.
It was a trying few days,but was glad to get it sorted.
Best Regards
-Roy

[Gram]

Initially I modified the maildrop folder permissions to be slightly more relaxed (as root: chmod 733 /opt/zimbra/data/postfix/spool/maildrop). I noticed that a file owned by zimbra:zimbra was created successfully moments later, so I restored the maildrop folder permission (as root: chmod 730 /opt/zimbra/data/postfix/spool/maildrop) then added the zimbra user to the postdrop group.

Code: Select all

$ su root
# usermod -a -G postdrop zimbra
# su zimbra
$ zmcontrol restart

The postdrop and postqueue permission denied error no longer appears in zimbra.log. In looking at the maildrop folder permissions the zimbra user should have had write access already, since the zimbra user is a member of the postfix group. There's probably some other access postdrop has that I'm unaware of. But presumably it's safe to add the zimbra user to the postdrop group, considering the much wider reach the zimbra user already has. Correct me if I'm wrong though please!

Running /opt/zimbra/libexec/zmfixperms -extended or /opt/zimbra/libexec/zmfixperms has not reverted my change in group membership, and the change persisted through a reboot, by the way.