Topic: https://mail/server-manager not working after upgrading to 9.0

[guest22]

with exception to administration

So you can not access logs, backup, reboor or shutdown via the server manager, but you can access all other menu items?? Again, what doe you SEE or read in the logs. Obviously you have root access.

"Can not access" or does not work" are very poor pointers to work with.

[cyberwatcher]

when accessing the server-manater your way:
https://mail.cyberwatchers.com/server-manager - I get the following when browsing using Internet Explorer   

More information  More information   
This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.
For more information about HTTP errors, see Help

in version 7.x and prior I needed to use internal naming conventions when on the LAN
when on the WAN I would do what you are telling me now.

When accessing the server my method on the LAN:
I get the RED shield letting me know the site is not trusted, I choose ignore however, still nothing

here! I found some logs!
:27:33 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 16:46:40 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 16:47:30 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
 

[Stefano]

ok.. from your client, try to ping mail.cyberwatchers.com: does it resolve to a private/lan ip or to the public ip?
who's the dns server for you client?

(BTW, I still can't find your tcpdump logs..)

[cyberwatcher]

when I ping mail.cyberwatchers.com I get the external. when I ping mail I get the internal I use a DNS server as this is a domain. I have the setup using it and the resolve.conf is setup with it.

here are the tcpdump files699854], length 0
16:58:30.715116 IP mail.cyberwatchers.com.https > gbook.cyberwatchers.local.49278: Flags [P.], seq 963:1048, ack 736, win 130, options [nop,nop,TS val 14714869 ecr 273244396], length 85
16:58:30.715165 IP mail.cyberwatchers.com.https > gbook.cyberwatchers.local.49278: Flags [F.], seq 1048, ack 736, win 130, options [nop,nop,TS val 14714869 ecr 273244396], length 0
16:58:30.735773 IP gbook.cyberwatchers.local.49278 > mail.cyberwatchers.com.https: Flags [.], ack 1048, win 4093, options [nop,nop,TS val 273259421 ecr 14714869], length 0
16:58:30.736141 IP gbook.cyberwatchers.local.49278 > mail.cyberwatchers.com.https: Flags [.], ack 1049, win 4093, options [nop,nop,TS val 273259421 ecr 14714869], length 0
16:58:35.025536 IP gbook.cyberwatchers.local.49278 > mail.cyberwatchers.com.https: Flags [F.], seq 736, ack 1049, win 4096, options [nop,nop,TS val 273263688 ecr 14714869], length 0
16:58:35.025563 IP mail.cyberwatchers.com.https > gbook.cyberwatchers.local.49278: Flags [.], ack 737, win 130, options [nop,nop,TS val 14719180 ecr 273263688], length 0

[cyberwatcher]

here is the httpd error log:[Sun Jan 25 16:46:40 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 16:47:30 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 16:55:31 2015] [error] [client 192.168.2.7] File does not exist: /home/e-smith/files/ibays/Primary/html/server-manager:980
[Sun Jan 25 16:55:38 2015] [error] [client 192.168.2.7] File does not exist: /home/e-smith/files/ibays/Primary/html/server-manager:980
[Sun Jan 25 16:57:20 2015] [error] [client 68.180.228.94] File does not exist: /home/e-smith/files/ibays/Primary/html/robots.txt
[Sun Jan 25 16:57:20 2015] [error] [client 68.180.228.94] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 16:57:45 2015] [error] [client 68.180.228.44] File does not exist: /home/e-smith/files/ibays/Primary/html/robots.txt
[Sun Jan 25 16:57:46 2015] [error] [client 68.180.228.44] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager

[Stefano]

if your client resolve mail.cyberwatchers.com to external ip than you can't access your server manager.. it's a feature, it's so by design..

so.. if you want to use the real FQDN you need to use SME as your DNS server or setup your dns server to resolve correctly

[cyberwatcher]

Ok. I had this setup exact last version and it was fine. I have now changed the configuration to allow the server to be the DNS server. I changed the resolve.conf back to mail.cyberwatchers.com as well as name server to be the internal IP like it was by default.

now the errors when using https://mail.cyberwatchers.com/server-manager:

Sun Jan 25 17:08:43 2015] [notice] Graceful restart requested, doing restart
[Sun Jan 25 17:08:43 2015] [notice] Digest: generating secret for digest authentication ...
[Sun Jan 25 17:08:43 2015] [notice] Digest: done
[Sun Jan 25 17:08:43 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jan 25 17:08:43 2015] [warn] RSA server certificate CommonName (CN) `mail.cyberwatchers.com' does NOT match server name!?
[Sun Jan 25 17:08:43 2015] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Sun Jan 25 17:10:33 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 17:12:11 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 17:16:41 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager

[cyberwatcher]

also this:
Forbidden

You don't have permission to access /server-manager on this server.


the logs with the above:
[Sun Jan 25 17:23:49 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager

[Stefano]

I changed the resolve.conf back to mail.cyberwatchers.com as well

please define.. where did you change it?

[cyberwatcher]

/etc/resolv.conf file
current settings:
mail.cyberwatchers.com
nameserver 172.16.10.3 (localhost)

I had it
mail.cyberwatchers.local
10.1.1.5 (internal DNS)

I am doing a roboot now maybe after all the changes wouldn't be a bad idea.

[Stefano]

are you talking about resolv.conf on SME?

[cyberwatcher]

yes on the SME (resolve.conf)

I have made changes and rebooted still the exact same thing. you see that certificate error saying that the name doesn't match whats on the cert? I had it in the other post a just 1 or 2 back if you can't find it I will:

here
Sun Jan 25 17:08:43 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jan 25 17:08:43 2015] [warn] RSA server certificate CommonName (CN) `mail.cyberwatchers.com' does NOT match server name!?
[Sun Jan 25 17:08:43 2015] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Sun Jan 25 17:10:33 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 17:12:11 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 17:16:41 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 17:23:49 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 17:26:59 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 17:28:34 2015] [notice] caught SIGTERM, shutting down
[Sun Jan 25 17:30:59 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jan 25 17:30:59 2015] [warn] RSA server certificate CommonName (CN) `mail.cyberwatchers.com' does NOT match server name!?
[Sun Jan 25 17:30:59 2015] [notice] Digest: generating secret for digest authentication ...
[Sun Jan 25 17:30:59 2015] [notice] Digest: done
[Sun Jan 25 17:31:03 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jan 25 17:31:03 2015] [warn] RSA server certificate CommonName (CN) `mail.cyberwatchers.com' does NOT match server name!?
[Sun Jan 25 17:31:03 2015] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Sun Jan 25 17:41:13 2015] [error] [client 75.151.247.29] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager
[Sun Jan 25 17:42:05 2015] [error] [client 66.249.65.140] File does not exist: /home/e-smith/files/ibays/Primary/html/robots.txt
[Sun Jan 25 17:42:06 2015] [error] [client 66.249.65.144] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager

Also since I made the changes I'm not getting internal relay emails because the internal servers cannot see mail server internaly. I am sure I can figure that out. but really I don't see the problem being the way it was setup (DNS) because this is an option SME offers and also I used it like that for the past 10 years. It has to be obviously something else because my settings are what you have asked me to make them now.

that error above may have something to do with it.

[Stefano]

please re read the first 10 rows on your /etc/resolv.conf

you are doing in the wrong way

please post the output of

Code: [Select]

db domains show
hostname -f

thank you

[cyberwatcher]

I put it back the way it was when it was working which is resolve locally. I have relay servers on my network that won't relay mail to me if it is to resolve externally. I can figure it out if it really has to resolve with external DNS servers but why is it an option 1 and 2 why has it worked perfectly for me the past 10 years doing in internal? I am not trying to argue I just don't think this issue resolves around DNS.

here are the results you asked for
root@mail etc]# db domains show
cyberwatchers.com=domain
    Content=Primary
    Description=Primary domain
    Nameservers=localhost
    Removable=no
    SystemPrimaryDomain=yes
[root@mail etc]# hostname -f
mail.cyberwatchers.com
[root@mail etc]#

[cyberwatcher]

total guess this is your IP testing it?

[Sun Jan 25 18:24:39 2015] [error] [client 66.249.73.199] File does not exist: /home/e-smith/files/ibays/Primary/html/robots.txt
[Sun Jan 25 18:24:39 2015] [error] [client 66.249.73.191] client denied by server configuration: proxy:http://127.0.0.1:980/server-manager

which is why I prefer to access it locally. there is that option to allow external access. However I have tired both ways. I am going to try it again using allow external. my server is on a 172 subnet. my desktop laptop are on a 10 and a 192. I have allowed both of them access vis the local networks config in server-manager (accessing it via root)