Topic: [Solved] Post upgrade problem

[toothandnail]

I've just upgraded an SME 7.6 machine to SME 8, while also upgrading the hard drives. The machine originally had two 250 GB drives in hardware raid (IBM X system server, about 4 years old), which I replaced with two 500 GB drives.

I stripped out installed contribs (  forgot unjunkmgr), backed the system up, then replaced the drives with the new, bigger drives. Did a clean install of SME 7.6 and restored the backup. Checked that everything worked as it should, then upgraded to SME 8.

While the system is working, I've hit a problem with sending email from machines on the local network. Thunderbird is the standard client used, and I've set it to port 25, using STARTTLS with plain passwords. But I'm getting relaying refused errors every time I try and send an email.

Before I raise a bug, is there anything I should be checking? I tried changing the outgoing server to the fully qualified server name, which didn't change anything. I've searched bugzilla, but either there's nothing relevant or my search terms aren't correct. So, any ideas?

Paul.

[janet]

toothandnail

Please take the time to familiarize yourself with available information in FAQ's, Howtos & Release Notes. You will save yourself time resolving issues.
http://wiki.contribs.org/Email_-_Setting_up_E-mail_clients_for_SME_8.0

[CharlieBrady]

Mary, Paul (toothandnail) already told us that he has enabled encryption and authentication in the mail clients.

[toothandnail]

toothandnail

Please take the time to familiarize yourself with available information in FAQ's, Howtos & Release Notes. You will save yourself time resolving issues.
http://wiki.contribs.org/Email_-_Setting_up_E-mail_clients_for_SME_8.0

Sorry, should have been clearer. I followed all the details in that FAQ before posting. I'm about to raise a bug on the issue, but wondered if I had missed something specific regarding upgraded machines. I had some memory of seeing something of the sort, but searching didn't bring up any useful hits.

Paul.

[toothandnail]

Mary, Paul (toothandnail) already told us that he has enabled encryption and authentication in the mail clients.

Yes, I had. Everything else on the server is working well. All the contribs that I removed prior to the upgrade are back and working. I've also installed SOGO on the machine, and mail is working fine through its webmail interface.

I'm going back tomorrow to have another look. If I can't find any errors I'll raise a bug with as much detail as I can get.

Paul.

[janet]

toothandnail

I've also installed SOGO on the machine, and mail is working fine through its webmail interface

If mail is working for one contrib, then sme server mail system is working OK.
You can confirm again using webmail (Horde/imp).

So the problem could be to do with settings in Thunderbird.
Check the qmail, qpsmtpd & sqpsmtd logs

[toothandnail]

toothandnail

If mail is working for one contrib, then sme server mail system is working OK.
You can confirm again using webmail (Horde/imp).

Haven't used Horde for a while, but it works also.

So the problem could be to do with settings in Thunderbird.
Check the qmail, qpsmtpd & sqpsmtd logs

Well, I tried changing the outbound mail server name (from mail.xxx to the fully qualified server name), I also tried both StartTLS and TLS. Same response in each case.

I've just had a look at the logs (have SSH access to the box from here). The only thing I can find is this, from the sqpsmtpd log:

Code: [Select]

17545 auth::auth_cvm_unix_local plugin (auth-login): authcvm/login authentication attempt for: pblane                                                                           
17545 logging::logterse plugin (deny): ` 87.229.7.76  Unknown szamado2                        auth::auth_cvm_unix_local       901     authcvm/login   msg denied before queued   
17545 535 Authentication failed for pblane - authcvm/login                                                                                                                       
17545 Authentication failed for pblane - authcvm/login                                                                                                                           
17545 dispatching QUIT                                                                                                                                                           
17545 221 geminiprototyping.org closing connection. Have a wonderful day.                                                                                                       
17545 click, disconnecting
There is also an in the  qpsmtpd log which I don't understand:

Code: [Select]

Permissions on spool_dir /var/spool/qpsmtpd/ are not 0700
I have no idea whether that is significant or not...

Paul.

[CharlieBrady]

If mail is working for one contrib, then sme server mail system is working OK.
You can confirm again using webmail (Horde/imp).

No, that's not sufficient.  That only shows that mail submission from localhost is permitted. That doesn't show that relay is permitted from the LAN and from the Internet after authentication.

Paul, it should "just work". If it doesn't, open a bug report.

BTW, we need more troubleshooters in the bug tracker. There's plenty with good skills and knowledge out there. Help needed.

[ricks1950]

You indicate that you have set your parameters to TLS on port 25 ... my setup at home and my laptop from remote locations use port 465.  When I set the port to 25, I cannot send mail -- when I just tried it, I got a "server timed out" error; as I remember from upgrade time it was the relay refused error ... as soon as I set the port to 465, I connect and send instantly.

[toothandnail]

You indicate that you have set your parameters to TLS on port 25 ... my setup at home and my laptop from remote locations use port 465.  When I set the port to 25, I cannot send mail -- when I just tried it, I got a "server timed out" error; as I remember from upgrade time it was the relay refused error ... as soon as I set the port to 465, I connect and send instantly.

Sorry, not entirely clear. Is your setup at home remote from the server, or is the server local? From what I've read, the local encrypted mail should be using port 25, but I could always be wrong....

I've not yet tried a remote connection to the server. Thought I'd try it, but so far I'm getting timeouts, so I suspect I've not got the server address correct. This system uses two domains - a .org and a .co.uk domain (needed because they historically used the 'admin' address as an information email address). I'm not quite sure whether I should be using the .org or the .co.uk address in email. I'll have to do some more checking when I get on site tomorrow.

Paul.


Paul.

[ricks1950]

My server is in my basement ... I ran a small business here for several years, now just keep it going to keep up with my skills.  The test I just did was from home, PC is right next to the server.  I use the same settings on my laptop, whether I am at home or off doing a contract somewhere.  It just works, as they say.I run Thunderbird as the client on Linux on both boxes. 

I don't ever remember reading that SSL/TLS uses port 25; and when I set up Thunderbird in Linux, the "recommended" port is 465 with that setting for sending. 

[toothandnail]

My server is in my basement ... I ran a small business here for several years, now just keep it going to keep up with my skills.  The test I just did was from home, PC is right next to the server.  I use the same settings on my laptop, whether I am at home or off doing a contract somewhere.  It just works, as they say.I run Thunderbird as the client on Linux on both boxes.

Interesting. I was under the impression that ports 465 and 993 were for remote mail access only.

I don't ever remember reading that SSL/TLS uses port 25; and when I set up Thunderbird in Linux, the "recommended" port is 465 with that setting for sending.

If you check the link in Mary's first reply, it specifies SSL/TLS on port 25 for local network access under SME8.

Suddenly worked out why my attempts at remote access to the mail failed - the ports aren't open on the router, so I'll not be able to do anything with that until I can get back to the site and reconfigure the router to allow remote mail access.

Paul.

[ricks1950]

Port 465 is the "standard" port for SMTP over SSL, and it works on my server, SME8, while attempts to connect on port 25 do not.  I suspect the article referred to by Mary may just be outdated.  My SME is the gateway, and I never did anything to it to open port 465; like I said before, it just works.  I did nothing change settings from my upgrade, (although, it did go horribly wrong and I ended up restoring my data to clean install on the same hardware).

If I am mistaken, it will be hard to believe from the performance of my server, here in Canada.  Not impossible, but hard ...

[toothandnail]

Port 465 is the "standard" port for SMTP over SSL, and it works on my server, SME8, while attempts to connect on port 25 do not.  I suspect the article referred to by Mary may just be outdated.  My SME is the gateway, and I never did anything to it to open port 465; like I said before, it just works.  I did nothing change settings from my upgrade, (although, it did go horribly wrong and I ended up restoring my data to clean install on the same hardware).

I'll certainly try that once I get back on site tomorrow. The article may be out of date - don't know. As to opening the ports in the router, the fact that they're closed by default means I can't test remote access from here. Should have remembered that before leaving on Friday.

If I am mistaken, it will be hard to believe from the performance of my server, here in Canada.  Not impossible, but hard ...

If it works, its a bit difficult to argue with.

[janet]

toothandnail

You might also check the smtp proxy setting in server manager on sme8 & gauge any effect it has on your problem.
I see 3 choices now, enabled, disabled, blocked, and the default is blocked on sme8.

Charlie feels this may be a bug so you best lodge a bug report describing your problem before making any further changes.
If you keep changing the system settings then important troubleshooting information will be lost.

[toothandnail]

Thanks for all the suggestions. I thought I should let people know that the problem is solved. Its a bug, but not an SME bug.

Went back on site this morning and tried several things without any change - any time I tried to send email, I got 'relaying denied'.

I then tried firing up Thunderbird on my laptop and let it autodetect settings. Which worked - once it was finished, there was no problem sending email. So the problem seems to be a Thunderbird one - even though all the settings were identical, the existing clients would still come up with the rellaying delayed error.

I then tried deleting existing profiles (after saving the address books). That didn't work (at least, not under Windows - Thunderbird didn't seem to be able to recreate profile information. So I had to uninstall Thunderbird and do a clean reinstall. At which point I was able to use its wizard to create new accounts, all of which worked. Problem solved, though it was a lot of work to fix....

A couple of observations, since they don't match the information in this link:

http://wiki.contribs.org/Email_-_Setting_up_E-mail_clients_for_SME_8.0

That link suggests that the fully qualified server name needs to be used, but the Thunderbird wizard set the server names as 'mail.xxxx.col.uk'. And the encryption is working. I should also note that the wizard setup used port 25 for the outgoing server.

Hope this helps someone else....

Paul.