1

Topic: POP/SMTP working but no HTTP/HTTPS to Roundcube and iRedAdmin

Zhang,

NOTE: This is on Ubuntu 10.04 x86_64 LTS

Some how I managed to disable my http/https access to roundcube and iRedAdmin. However, the following services DO work correctly:

- POP
- SMTP
- forwarding

After a clean reboot of the system, I see the following under ps -ef for apache2:

root@machine:~# ps -ef | grep apache2
root      1725  1038  0 20:47 ?        00:00:00 /bin/sh -e /etc/rc2.d/S91apache2 start
root      1734  1725  0 20:47 ?        00:00:00 /bin/sh /usr/sbin/apache2ctl start
root      1739  1734  0 20:47 ?        00:00:00 /usr/sbin/apache2 -k start
root      2032  2020  0 20:59 pts/1    00:00:00 grep --color=auto apache2
root@machine:~#

Here is netstat -an for 80 and 443:

root@machine:~# netstat -an | grep 443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
tcp      446      0 ###.###.210.8:443       ###.###.232.182:3672    CLOSE_WAIT
root@machine:~# netstat -an | grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp     1096      0 ###.###.210.8:80        ###.###.212.253:64995   ESTABLISHED
tcp     1096      0 ###.###.210.8:80        ###.###.212.253:65013   ESTABLISHED
tcp      968      0 ###.###.210.8:80        ###.###.44.13:58764     ESTABLISHED
tcp      968      0 ###.###.210.8:80        ###.###.44.13:58774     ESTABLISHED
tcp        0      0 127.0.0.1:40804         127.0.0.1:389           ESTABLISHED
tcp     1096      0 ###.###.210.8:80        ###.###.212.253:64987   ESTABLISHED
tcp      968      0 ###.###.210.8:80        ###.###.44.13:58784     ESTABLISHED
tcp        0      0 ###.###.210.8:25        ###.###.2.22:50802      TIME_WAIT 
tcp      968      0 ###.###.210.8:80        ###.###.44.13:58769     ESTABLISHED
tcp     1096      0 ###.###.210.8:80        ###.###.212.253:65006   ESTABLISHED
tcp        0      0 127.0.0.1:389           127.0.0.1:40804         ESTABLISHED
tcp        0      0 ###.###.210.8:25        ###.###.2.46:57080      TIME_WAIT 
tcp        0      0 127.0.0.1:43780         127.0.0.1:7777          CLOSE_WAIT
tcp      492      0 ###.###.210.8:80        ###.###.232.182:3677    CLOSE_WAIT
tcp        0      0 127.0.0.1:7777          127.0.0.1:43780         FIN_WAIT2 
tcp      968      0 ###.###.210.8:80        ###.###.44.13:58779     ESTABLISHED
tcp      968      0 ###.###.210.8:80        ###.###.44.13:58759     ESTABLISHED
tcp     1096      0 ###.###.210.8:80        ###.###.212.253:64998   ESTABLISHED
tcp     1096      0 ###.###.210.8:80        ###.###.212.253:64996   ESTABLISHED
unix  2      [ ACC ]     STREAM     LISTENING     4803     /tmp/clamd.socket
unix  2      [ ACC ]     STREAM     LISTENING     5280     /var/run/dovecot/auth-master
unix  2      [ ACC ]     STREAM     LISTENING     5080     private/bounce
unix  2      [ ]         DGRAM                    3807     
root@machine:~#

It looks like apache2 is running but there is no answer to my browser requests on port 80 or 443...

any ideas on how to debug?

Thanks,
Phil

2

Re: POP/SMTP working but no HTTP/HTTPS to Roundcube and iRedAdmin

Zhang,

I meant to include that the error in connecting to http/https seems to have occurred (though I am not absolutely certain) around the time I added our campus Class B subnet to "mynetworks" in /etc/postfix/main.cf to allow SMTP sending without authentication from friendly IP addresses.

After I did that, people reported that they no longer received mail.

Once I removed the addition to "mynetworks" mail started going again over POP and SMTP but no more http/https.

Thanks,
Phil

3

Re: POP/SMTP working but no HTTP/HTTPS to Roundcube and iRedAdmin

Sorry, i'm confused what you exactly want.

To disable HTTPS for all web applications, you can simply rename this file: /etc/apache2/sites-available/default-ssl.
To disable HTTPS for certain web applications, you can simply commend related lines in same file: /etc/apache2/sites-available/default-ssl. For example:

Alias /roundcube "/usr/share/apache2/roundcubemail/"
WSGIScriptAlias /iredadmin "/usr/share/apache2/iredadmin/"
Alias /iredadmin/static "/usr/share/apache2/iredadmin/static/"

4

Re: POP/SMTP working but no HTTP/HTTPS to Roundcube and iRedAdmin

Sorry, i'm confused what you exactly want.

To disable HTTPS for all web applications, you can simply rename this file: /etc/apache2/sites-available/default-ssl.
To disable HTTPS for certain web applications, you can simply commend related lines in same file: /etc/apache2/sites-available/default-ssl. For example:

Alias /roundcube "/usr/share/apache2/roundcubemail/"
WSGIScriptAlias /iredadmin "/usr/share/apache2/iredadmin/"
Alias /iredadmin/static "/usr/share/apache2/iredadmin/static/"

5

Re: POP/SMTP working but no HTTP/HTTPS to Roundcube and iRedAdmin

Zhang,

Sorry for the confusion.

Perhaps I gave too much data to describe a simple problem.

1) The VM running iRedMail crashed
2) When it came back online I could not log in via http or https
3) I made no changes to the /etc/apache2/sites-available/* files
4) Because I made no changes to the apache2 files, I do not know why all of the web access methods failed.

Can you help determine why I get "Error 7 (net::ERR_TIMED_OUT): The operation timed out." on my browser?
Thanks,
Phil

6

Re: POP/SMTP working but no HTTP/HTTPS to Roundcube and iRedAdmin

Did you check your firewall rules? You can show it with command:

# iptables -L -n

7

Re: POP/SMTP working but no HTTP/HTTPS to Roundcube and iRedAdmin

Zhang,

If I cannot get into the web interface, can you tell me how to modify mailing list members with iRedMail backend = OpenLDAP?
(such as from the bash shell)

Thanks,
Phil

8

Re: POP/SMTP working but no HTTP/HTTPS to Roundcube and iRedAdmin

Modify LDAP data in command line is a little complex, i suggest you login to your server with SSH, then access HTTP/HTTPS from localhost with a text-mode web browser, e.g. lynx, elinks, w3m, etc.

If it doesn't work, try ldapvi first: http://www.lichteblau.com/ldapvi/
Simple usage:

# ldapvi --host 127.0.0.1 --bind-dialog auto --user cn=Manager,dc=example,dc=com --password passwd

It will dump data and let you edit them directly, just like editing a file in Vim/Vi editor.

To remove member "user@example.com" from mail list "group@example.com", you should remove "memberOfGroup=group@example.com" in user object, not in mail list object.
To assign user "user@example.com" into mail list "group@example.com", add "memberOfGroup=group@example.com" in user object, too.

9

Re: POP/SMTP working but no HTTP/HTTPS to Roundcube and iRedAdmin

Fascinating. I did not know such a tool existed. I will first try local browser.

Thanks!
Phil

10

Re: POP/SMTP working but no HTTP/HTTPS to Roundcube and iRedAdmin

I forgot to add, I think the http config was corrupted when a disk malfunction cause the VM snapshot to roll back. Users started getting old messages but once the queue flushed, email transactions (pop, smtp, imap) worked great.

...just have to correct http sometime soon.

Thanks!
Phil