Author Topic: SOGo Weblogin can't access mailbox (new install 7.0 CE)  (Read 4202 times)

Lumanet2012

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
SOGo Weblogin can't access mailbox (new install 7.0 CE)
« on: November 28, 2022, 09:21:15 pm »
Hello,

I am running out of ideas and knowledge.
I installed a new 7.0 CE setup with 2 domains and AD Controller as well as DNS, Radius and SOGo Web Email.

I am new to this but the struggle is 2 folded :

https://prnt.sc/np6Da_MZjgwI

In the Admin Portal I created a new user within the Domain but can't add an Email account to it even Domain's are created and been used on the DNS side already and for the AD side as well. In case the picture don't work the error message I receive within the AD section to create a user at the bottom of the User where you should be able to create/select the Mail Account I get this error message:

Mail account is unavailable because either there isn't any mail virtual domain created or you need to save changes in order to activate the new domains.

How can I fix this/troubleshoot it?

The 2nd issue I did create a TEST User:

https://<FQDN>/SOGo/

The login screen does do work and I can login with the user ID not the Email address and proper password just fine.
But once I logged in I can only access the address book, calendar and other features, but the MAILBOX is not working.

https://prnt.sc/3w9D9x_A5LFw

So once you logged in the mailbox is "blank"

looking at the SOGo log file I see this :

Nov 28 15:15:57 sogod [102496]: [ERROR] <0x0x556c1981e800[NGImap4ConnectionManager]> IMAP4 login failed:
  host=10.0.0.255, user=admin@mynaturesdelight.com, pwd=yes
  url=imap://admin%40mynaturesdelight.com@10.0.0.255:143/?tls=NO&tlsVerifyMode=default
  base=(null)
  base-class=(null))
  = <0x0x556c1a182d30[NGImap4Client]: login=admin@mynaturesdelight.com(pwd) socket=<NGActiveSocket[0x0x556c1a0845f0]: mode=rw address=<0x0x556c1a00b090[NGInternetSocketAddress]: host=email.mynaturesdelight.com port=29148> connectedTo=<0x0x556c19fa13d0[NGInternetSocketAddress]: host=10.0.0.255 port=143>>>
Nov 28 15:15:57 sogod [102496]: <0x556c1a155b50[SOGoMailAccount]:0> renewing imap4 password
Nov 28 15:15:59 sogod [102496]: [ERROR] <0x0x556c1981e800[NGImap4ConnectionManager]> IMAP4 login failed:
  host=10.0.0.255, user=admin@mynaturesdelight.com, pwd=yes
  url=imap://admin%40mynaturesdelight.com@10.0.0.255:143/?tls=NO&tlsVerifyMode=default
  base=(null)
  base-class=(null))
  = <0x0x556c1a1a0d20[NGImap4Client]: login=admin@mynaturesdelight.com(pwd) socket=<NGActiveSocket[0x0x556c1a1d8220]: mode=rw address=<0x0x556c1a1904f0[NGInternetSocketAddress]: host=email.mynaturesdelight.com port=29154> connectedTo=<0x0x556c1a155400[NGInternetSocketAddress]: host=10.0.0.255 port=143>>>
Nov 28 15:15:59 sogod [102496]: [ERROR] <0x556c1a155b50[SOGoMailAccount]:0> Could not connect IMAP4


I do like to know what can be done and what I do need to check or do in order to make this work.

Thank you for all the help






turalyon

  • Zen Warrior
  • ***
  • Posts: 203
  • Karma: +15/-0
    • View Profile
Re: SOGo Weblogin can't access mailbox (new install 7.0 CE)
« Reply #1 on: November 29, 2022, 11:45:12 am »
Hi,

Apparently, you did not configure a virtual mail domain in 'Mail -> Virtual Domains' as the following link explains.

  * https://doc.zentyal.org/en/mail.html#creation-of-email-accounts-through-virtual-domains

As soon as you create the virtual mail domain (the mail module must be enabled) you will be able to create the email address in the domain user as the above link explains.

When the mail module is enabled, the virtual mail domain is created as well as the email in the domain user, you will be able to login in Sogo and see the user's mailbox.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

Lumanet2012

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: SOGo Weblogin can't access mailbox (new install 7.0 CE)
« Reply #2 on: November 30, 2022, 07:08:13 pm »
That would be a valid point but I do have it setup :

https://prnt.sc/UFq9dJpSz-io


turalyon

  • Zen Warrior
  • ***
  • Posts: 203
  • Karma: +15/-0
    • View Profile
Re: SOGo Weblogin can't access mailbox (new install 7.0 CE)
« Reply #3 on: December 01, 2022, 11:10:43 am »
That would be a valid point but I do have it setup :

https://prnt.sc/UFq9dJpSz-io

A few things come to my mind that may help:

1. Is the domain 'mynaturesdelight.com' configured in the Domain Controller and DNS modules?
2. Try to disable the mail module, save changes, and enable it again and save changes.
3. With the mail module enabled, check the status of the services.

Code: [Select]
sudo zs mail status
sudo systemctl status postfix dovecot

4. Try to restart the Webmail module (Sogo):

Code: [Select]
sudo zs sogo restart

5. Ensure the virtual mail domain exists in the filesystem:

Code: [Select]
sudo ls -laR /var/vmail/

6. Use a private window in the browser.

7. Finally, analyze the log files:

* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/mail.err
* /var/log/sogo/sogo.log

Hope it helps you to find out where is the issue.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

Lumanet2012

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: SOGo Weblogin can't access mailbox (new install 7.0 CE)
« Reply #4 on: December 01, 2022, 07:16:34 pm »
Thank you for those tips and yes something ain't right :

Code: [Select]
root@dal-email01:~# [b]zs mail status[/b]
Zentyal: status module mail:                    [ [b]STOPPED[/b] ]


root@dal-email01:~# [b]systemctl status postfix dovecot[/b]
● postfix.service - Postfix Mail Transport Agent
     Loaded: loaded (/lib/systemd/system/postfix.service; disabled; vendor preset: enabled)
     Active: active (exited) since Thu 2022-12-01 12:12:46 EST; 7min ago
   Main PID: 2641 (code=exited, status=0/SUCCESS)
      Tasks: 0 (limit: 4606)
     Memory: 0B
     CGroup: /system.slice/postfix.service

Dec 01 12:12:46 dal-email01 systemd[1]: Starting Postfix Mail Transport Agent...
Dec 01 12:12:46 dal-email01 systemd[1]: Finished Postfix Mail Transport Agent.

● dovecot.service - Dovecot IMAP/POP3 email server
     Loaded: loaded (/lib/systemd/system/dovecot.service; disabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-12-01 12:12:56 EST; 7min ago
       Docs: man:dovecot(1)
             http://wiki2.dovecot.org/
   Main PID: 3504 (dovecot)
      Tasks: 4 (limit: 4606)
     Memory: 7.3M
     CGroup: /system.slice/dovecot.service
             ├─3504 /usr/sbin/dovecot -F
             ├─3506 dovecot/anvil
             ├─3507 dovecot/log
             └─3508 dovecot/config

Dec 01 12:12:56 dal-email01 systemd[1]: Started Dovecot IMAP/POP3 email server.
Dec 01 12:12:56 dal-email01 dovecot[3504]: master: Dovecot v2.3.7.2 (3c910f64b) starting up for imap, sieve, pop3 (core dumps disabled)



So I rebooted the Server and did some OS upgrades. This is on a Ubuntu 20.04.5 LTS with latest updates.

I always have to manually start dovecot and postfix which do start just fine.

Code: [Select]
root@dal-email01:~# ls -laR /var/vmail/
/var/vmail/:
total 12
drwxr-xr-x  3 ebox ebox 4096 Oct 14 16:50 .
drwxr-xr-x 15 root root 4096 Nov 25 15:41 ..
drwxrwsr-x  2 ebox ebox 4096 Oct 14 16:50 sieve

/var/vmail/sieve:
total 8
drwxrwsr-x 2 ebox ebox 4096 Oct 14 16:50 .
drwxr-xr-x 3 ebox ebox 4096 Oct 14 16:50 ..
root@dal-email01:~# ^C



So I noticed the Domain don't exist on the /var/vmail side.

But I do know DNS it is there because it resolve, and I know the AD is also there as well as LDAP is there too.

So the AD looks like this :

https://prnt.sc/V7a-ngx9Upy0

https://prnt.sc/CR6TH7z2PVsk

/var/log/zentyal/zentyal.log :

Code: [Select]
2022/12/01 12:55:21 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command samba-tool group addmembers 'Domain Admins' zentyal-mail-dal-email01 failed.
Error output: lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated
 ldb_wrap open of secrets.ldb
 string_to_sid: SID zentyal-mail-dal-email01 is not in a valid format
 ERROR: Failed to add members ['zentyal-mail-dal-email01'] to group "Domain Admins" - (68, 'Attribute member already exists for target GUID 43f46327-4f71-46b9-a22b-bed2caf550e6')
   File "/usr/lib/python3/dist-packages/samba/netcmd/group.py", line 286, in run
     samdb.add_remove_group_members(groupname, groupmembers,
   File "/usr/lib/python3/dist-packages/samba/samdb.py", line 391, in add_remove_group_members
     self.modify_ldif(addtargettogroup)
   File "/usr/lib/python3/dist-packages/samba/__init__.py", line 242, in modify_ldif
     self.modify(msg, controls)

Command output: .

Not sure why this is thrown....

syslog also throws a bit :

Code: [Select]
Dec  1 12:55:48 dal-email01 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Dec  1 12:55:48 dal-email01 systemd[1]: Starting LSB: SOGo server...
Dec  1 12:55:48 dal-email01 sogo[14843]:  * Starting SOGo sogo
Dec  1 12:55:49 dal-email01 sogo[14843]:    ...done.
Dec  1 12:55:49 dal-email01 systemd[1]: Started LSB: SOGo server.
Dec  1 12:55:49 dal-email01 systemd[1]: Stopping The Apache HTTP Server...
Dec  1 12:55:49 dal-email01 systemd[1]: apache2.service: Succeeded.
Dec  1 12:55:49 dal-email01 systemd[1]: Stopped The Apache HTTP Server.
Dec  1 12:55:49 dal-email01 systemd[1]: Starting The Apache HTTP Server...
Dec  1 12:55:49 dal-email01 systemd[1]: Started The Apache HTTP Server.
Dec  1 12:57:51 dal-email01 samba[2402]: [2022/12/01 12:57:51.765062,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Dec  1 12:57:51 dal-email01 samba[2402]:   /usr/sbin/samba_kcc: lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated
Dec  1 13:02:35 dal-email01 samba[2405]: [2022/12/01 13:02:35.441920,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Dec  1 13:02:35 dal-email01 samba[2405]:   /usr/sbin/samba_spnupdate: lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated
Dec  1 13:02:35 dal-email01 samba[2405]: [2022/12/01 13:02:35.572272,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Dec  1 13:02:35 dal-email01 samba[2405]:   /usr/sbin/samba_dnsupdate: lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated
Dec  1 13:02:38 dal-email01 systemd[1]: proc-sys-fs-binfmt_misc.automount: Got automount request for /proc/sys/fs/binfmt_misc, triggered by 15135 (find)
Dec  1 13:02:38 dal-email01 systemd[1]: Mounting Arbitrary Executable File Formats File System...
Dec  1 13:02:38 dal-email01 systemd[1]: Mounted Arbitrary Executable File Formats File System.
Dec  1 13:02:51 dal-email01 samba[2402]: [2022/12/01 13:02:51.870541,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Dec  1 13:02:51 dal-email01 samba[2402]:   /usr/sbin/samba_kcc: lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated
Dec  1 13:06:36 dal-email01 snmpd[998]: Cannot statfs /sys/kernel/debug/tracing: Permission denied
Dec  1 13:07:51 dal-email01 samba[2402]: [2022/12/01 13:07:51.962058,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Dec  1 13:07:51 dal-email01 samba[2402]:   /usr/sbin/samba_kcc: lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated
Dec  1 13:11:35 dal-email01 snmpd[998]: Cannot statfs /sys/kernel/debug/tracing: Permission denied


mail.err just argues about the SSL but I will fix that :

Code: [Select]
Dec  1 11:40:06 dal-email01 dovecot: pop3-login: Error: Failed to initialize SSL server context: Can't load SSL certificate: There is no valid PEM certificate.: user=<>, rip=45.155.126.4, lip=162.251.146.150, session=<anSk38buVr8tm34E>


By looking at this I think it's either the SSL but for sure the vmail domain not been proper created. I even added a 2nd one and it did not show either. So for sure it's there what cause the issue.

Any idea ?


Lumanet2012

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: SOGo Weblogin can't access mailbox (new install 7.0 CE)
« Reply #5 on: December 01, 2022, 08:05:49 pm »
UPDATE :

so I did fix the SSL issue in dovecot :

Code: [Select]
ssl_cert = </etc/ssl/certs/mynaturesdelight.com.crt
ssl_key = </etc/ssl/private/mynaturesdelight.com.key

I had forgotten to leave the "<" infront of the path... so that is now fixed.

Lumanet2012

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: SOGo Weblogin can't access mailbox (new install 7.0 CE)
« Reply #6 on: December 01, 2022, 09:25:14 pm »
So since fixing now also the SSL Cert the mail status shows up as running :

zs mail status

https://prnt.sc/U94dF7NJTj5I


Lumanet2012

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: SOGo Weblogin can't access mailbox (new install 7.0 CE)
« Reply #7 on: December 01, 2022, 10:10:13 pm »
Update :

I found this :

Code: [Select]
root@dal-email01:/var/vmail# zs mail start
 * Restarting Zentyal module: mail                                                                                                                               [fail]
root command samba-tool group addmembers 'Domain Admins' zentyal-mail-dal-email01 failed.
Error output: lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated
 ldb_wrap open of secrets.ldb
 string_to_sid: SID zentyal-mail-dal-email01 is not in a valid format
 ERROR: Failed to add members ['zentyal-mail-dal-email01'] to group "Domain Admins" - (68, 'Attribute member already exists for target GUID 43f46327-4f71-46b9-a22b-bed2caf550e6')
   File "/usr/lib/python3/dist-packages/samba/netcmd/group.py", line 286, in run
     samdb.add_remove_group_members(groupname, groupmembers,
   File "/usr/lib/python3/dist-packages/samba/samdb.py", line 391, in add_remove_group_members
     self.modify_ldif(addtargettogroup)
   File "/usr/lib/python3/dist-packages/samba/__init__.py", line 242, in modify_ldif
     self.modify(msg, controls)

Command output: .
Exit value: 255
root@dal-email01:/var/vmail# zs mail status
Zentyal: status module mail:                    [ STOPPED ]
root@dal-email01:/var/vmail# ^C
root@dal-email01:/var/vmail# samba-tool group removemembers 'Domain Admins' zentyal-mail-dal-email01
lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated
ldb_wrap open of secrets.ldb
string_to_sid: SID zentyal-mail-dal-email01 is not in a valid format
Removed members from group Domain Admins
root@dal-email01:/var/vmail# zs mail status
Zentyal: status module mail:                    [ STOPPED ]
root@dal-email01:/var/vmail# zs mail start
 * Restarting Zentyal module: mail                                                                                                                               [ OK ]
root@dal-email01:/var/vmail#



somehow running this command : samba-tool group removemembers 'Domain Admins' zentyal-mail-dal-email01

it now enabled the Mail service to start

And now it also let me do the EMAIL config :

https://prnt.sc/s5e5mMd05G4b


Ok now I do can work a lot more still SOGo is an issue :


Code: [Select]
Dec 01 16:41:57 sogod [7271]: [ERROR] <0x0x55831c1b6960[NGImap4ConnectionManager]> IMAP4 login failed:
  host=127.0.0.1, user=obecker@mynaturesdelight.com, pwd=yes
  url=imap://obecker%40mynaturesdelight.com@127.0.0.1:143/?tls=NO&tlsVerifyMode=default
  base=(null)
  base-class=(null))
  = <0x0x55831c9230c0[NGImap4Client]: login=obecker@mynaturesdelight.com(pwd) address=<0x0x55831c769d30[NGInternetSocketAddress]: host=127.0.0.1 port=143>>
Dec 01 16:41:57 sogod [7271]: <0x55831ca59b20[SOGoMailAccount]:0> renewing imap4 password
Dec 01 16:41:57 sogod [7271]: [ERROR] <0x0x55831c1b6960[NGImap4ConnectionManager]> IMAP4 login failed:
  host=127.0.0.1, user=obecker@mynaturesdelight.com, pwd=yes
  url=imap://obecker%40mynaturesdelight.com@127.0.0.1:143/?tls=NO&tlsVerifyMode=default
  base=(null)
  base-class=(null))
  = <0x0x55831c044940[NGImap4Client]: login=obecker@mynaturesdelight.com(pwd) address=<0x0x55831c303aa0[NGInternetSocketAddress]: host=127.0.0.1 port=143>>
Dec 01 16:41:57 sogod [7271]: [ERROR] <0x55831ca59b20[SOGoMailAccount]:0> Could not connect IMAP4
Dec 01 16:41:57 sogod [7271]: 24.129.186.154 "GET /SOGo/so/obecker/Mail/0/view HTTP/1.1" 200 17/0 0.004 - - 0 - 31
Dec 01 16:41:57 sogod [7271]: [ERROR] <0x0x55831c1b6960[NGImap4ConnectionManager]> IMAP4 login failed:
  host=127.0.0.1, user=obecker@mynaturesdelight.com, pwd=yes
  url=imap://obecker%40mynaturesdelight.com@127.0.0.1:143/?tls=NO&tlsVerifyMode=default
  base=(null)
  base-class=(null))
  = <0x0x55831c8b1550[NGImap4Client]: login=obecker@mynaturesdelight.com(pwd) address=<0x0x55831c8927f0[NGInternetSocketAddress]: host=127.0.0.1 port=143>>
Dec 01 16:41:57 sogod [7271]: <0x55831ca60f10[SOGoMailAccount]:0> renewing imap4 password
Dec 01 16:41:57 sogod [7271]: [ERROR] <0x0x55831c1b6960[NGImap4ConnectionManager]> IMAP4 login failed:


« Last Edit: December 01, 2022, 10:44:58 pm by Lumanet2012 »

turalyon

  • Zen Warrior
  • ***
  • Posts: 203
  • Karma: +15/-0
    • View Profile
Re: SOGo Weblogin can't access mailbox (new install 7.0 CE)
« Reply #8 on: December 02, 2022, 11:32:28 am »
Great, the mail module is running, so users should be able to use a mail client like Thunderbird.

Regarding Sogo, things that you can check:

1. Ensure that the mailbox of the user exists in '/var/vmail/mynaturesdelight.com' and that the permissions are right (ebox:ebox , 0700).
Code: [Select]
drwx------ 3 ebox ebox 4096 nov 14 11:15 /var/vmail/somedomain.com/maria/

2. The port '143/tcp' is listening in '127.0.0.1' or 0.0.0.0.
Code: [Select]
sudo ss -tunpl | grep ':143'

3. Disable the Webadmin module, saving changes. Enable and save changes again.

4. Analysis of the configuration located at '/etc/sogo/sogo.conf', especially the section 'LDAP authentication. Basically, you must ensure that the values of the parameters: 'bindDN' and 'bindPassword' are correct. The password can be found in '/var/lib/zentyal/conf/zentyal-mail-_your_hostname.passwd' and the user: 'samba-tool group listmembers 'Domain Admins' and 'ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='zentyal-mail-_your_hostname'.

Hope it helps you.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".