Mail server connect error

Hello

I have installed the Mail server from the App Center on slave system in the UCS domain. I have enabled connections on Proxmox firewall from my local network and between the master and slave systems which are both on the same and latest UCS version, and hosted as Proxmox virtual machines. When connecting to the mail server from my local network or via webmail on slave, access is however denied.

I have followed the manual https://docs.software-univention.de/manual-4.4.html#mail::general and video tutorial https://www.youtube.com/watch?v=XBWWCT9vrCY.

Here are captures from the logs of the slave system.

/var/log/auth.log/auth:

Aug 10 15:08:53 mailserver PAM-univentionmailcyrus[23803]: Failed to connect to LDAP server ds1:7389
Aug 10 15:08:53 mailserver PAM-univentionmailcyrus[23803]: Failed to connect to the configured LDAP servers

/var/log/syslog.log:

Aug 10 15:08:53 mailserver kernel: [208799.298059] auth[23803]: segfault at 18 ip 00007f9ad34661cd sp 00007fffa9b42390 error 4 in libc-2.24.so[7f9ad33ef000+195000]
Aug 10 15:08:53 mailserver dovecot: auth: Error: auth worker: Aborted PASSV request for example@example.com: Worker process died unexpectedly
Aug 10 15:08:53 mailserver dovecot: auth-worker: Fatal: master: service(auth-worker): child 23803 killed with signal 11 (core dumps disabled)

/var/log/univention/listener.log:

10.08.20 15:28:21.349  LDAP        ( PROCESS ) : connecting to ldap://master.example.com:7389
10.08.20 15:28:21.351  LDAP        ( ERROR   ) : start_tls: Connect error
10.08.20 15:28:21.351  LISTENER    ( WARN    ) : can not connect to LDAP server master.example.com:7389
10.08.20 15:28:21.351  LISTENER    ( WARN    ) : can not connect any server, retrying in 30 seconds

So far I have tried to

• Reboot both systems.
• Rejoin the slave system.
• Resync dovecot and some other services (on both slave and master).

Obviously, the listener log suggests an error related to start_tls. On both systems I have Let’s Encrypt installed and no customizations made.

Any suggestions, what I should try next?

Hello,

there are two major problems.

1.:

The PAM service on a DC slave should connect to its own LDAP server. As its hostname seems to be mailserver, that’s where it should connect to (not ds1). Please check the UCR variables that start with ldap:
ucr search --brief '^ldap'

2.:

The auth service of Dovecot died with a segmentation fault (access to a memory region that is not its own). That should not happen. The most likely cause is a corrupted file or memory problems (either hardware or virtualization). Try to reinstall the file by running:
apt-get install --reinstall dovecot-core
If the problem persist, check your servers RAM and virtualization settings.

Greetings
Daniel Tröder

Okay, thanks @troeder for your answer.

I ran ucr search --brief '^ldap' but didn’t find anything unusual.

Also I ran apt-get install --reinstall dovecot-core.

The problem persist. There is plenty of RAM and no unusual consumption of it. I am using the latest Proxmox version with default settings.

Also I can find the following from the logs:

Aug 11 10:25:50 mailserver dovecot: imap-login: Disconnected: Inactivity (auth failed, 2 attempts in 178 secs): user=<user@example.com>, method=PLAIN, rip=local_network_address, lip=slave_dc_address, TLS, session=<sessionID>

Also I was able to find the following from the syslog:

Aug 11 10:57:10 mailserver python2.7: saml_msg is too small: minlength = 128

I followed the tutorials

• https://help.univention.com/t/how-to-reset-listener-notifier-replication/11710

• https://help.univention.com/t/how-to-using-acme-tiny-to-gather-lets-encrypt-certificates-for-your-ucs-sso-address/15778

Now it works!