1 Topic by honza

  • honza
  • Member
  • Offline
  • Registered: 2019-01-17
  • Posts: 2

Topic: SOGo can't login, mysql bad handshake

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9 MYSQL edition.
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: FREEBSD
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

We have a troubles with new installed iredmail of FreeBSD. We migrated all emails via imapsync, all acccounts was created, everything is OK.

Bud, after some time it isn't possible to login to anything in iredmail (iredadmin, SOGo, roundcube, IMAP, POP3, ActiveSync, ...). Restart of mysql-server service helps, bud only for some hours.

Do you have any suggestion?

Here is log from mysql.err
2019-01-17T07:52:00.493173Z 1482 [Note] Aborted connection 1482 to db: 'sogo' user: 'sogo' host: 'localhost' (Got an error reading communication packets)
2019-01-17T07:52:00.907814Z 1483 [Note] Aborted connection 1483 to db: 'sogo' user: 'sogo' host: 'localhost' (Got an error reading communication packets)
2019-01-17T07:52:22.566383Z 1486 [Note] Bad handshake
2019-01-17T07:52:22.566961Z 1485 [Note] Bad handshake
2019-01-17T07:52:25.812844Z 1487 [Note] Bad handshake
2019-01-17T07:52:26.956286Z 1488 [Note] Bad handshake
2019-01-17T07:53:00.424018Z 1495 [Note] Bad handshake
2019-01-17T07:53:00.841185Z 1496 [Note] Bad handshake
2019-01-17T07:53:03.411885Z 1498 [Note] Bad handshake
2019-01-17T07:53:03.433570Z 1499 [Note] Bad handshake
2019-01-17T07:53:04.665222Z 1501 [Note] Bad handshake
2019-01-17T07:53:26.824213Z 1505 [Note] Bad handshake
2019-01-17T07:53:58.768794Z 1511 [Note] Bad handshake
2019-01-17T07:54:00.514707Z 1512 [Note] Bad handshake
2019-01-17T07:54:00.941266Z 1513 [Note] Bad handshake
2019-01-17T07:54:16.926744Z 1516 [Note] Access denied for user 'honza@fifejdy.cz'@'localhost' (using password: YES)
2019-01-17T07:54:21.214642Z 1517 [Note] Bad handshake
2019-01-17T07:54:21.251095Z 1518 [Note] Bad handshake
2019-01-17T07:54:22.629152Z 1519 [Note] Bad handshake
2019-01-17T07:54:30.292893Z 1540 [Note] Bad handshake
2019-01-17T07:54:55.555042Z 1547 [Note] Bad handshake
2019-01-17T07:55:00.575727Z 1557 [Note] Bad handshake
2019-01-17T07:55:00.989098Z 1558 [Note] Bad handshake
2019-01-17T07:55:02.359758Z 1559 [Note] Bad handshake
2019-01-17T07:55:03.278928Z 1560 [Note] Bad handshake
2019-01-17T07:55:27.358546Z 1567 [Note] Bad handshake
2019-01-17T07:55:34.139269Z 1568 [Note] Bad handshake

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SOGo can't login, mysql bad handshake

We got same issue on few clients' servers, and some user reported in this forum, but i couldn't figure it out yet. sad
I'm not sure whether this is FreeBSD(-12)-relevant issue, or iRedMail issue. Sorry about this.

Temporary solution is restarting mysql service.

3 Reply by honza

  • honza
  • Member
  • Offline
  • Registered: 2019-01-17
  • Posts: 2

Re: SOGo can't login, mysql bad handshake

ZhangHuangbin wrote:

We got same issue on few clients' servers, and some user reported in this forum, but i couldn't figure it out yet. sad
I'm not sure whether this is FreeBSD(-12)-relevant issue, or iRedMail issue. Sorry about this.

Temporary solution is restarting mysql service.

So, have You any suggestion or bash script which can recognize this issue, and automaticaly restart mysql-server service?

Because, when issue occur, incoming emails are LOST!

Thanks.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SOGo can't login, mysql bad handshake

Temporary solution:

- Increase max error count in MySQL.
- Detect the error count and restart mysql.

I don't have such script, sorry. sad

5 Reply by cvcvelo

  • cvcvelo
  • Member
  • Offline
  • Registered: 2014-06-16
  • Posts: 150

Re: SOGo can't login, mysql bad handshake

I'm seeing the same issue with FreeBSD 12.0-RELEASE-p2 and MySQL 5.7.25.

Where to increase max error count? I don't see anything like that in /usr/local/etc/my.cnf.

Also, don't know if this is related, but it appears MySQL listens on port 3306 for any address, not just localhost. Is there any reason not to restrict the server to localhost?

root@mail8:/usr/local/etc/mysql # netstat -an -f inet | grep 3306

<a bunch of connections on 127.0.0.1 deleted>

tcp46      0      0 *.3306                 *.*                    LISTEN

Thanks.

6 Reply by amvincere

  • amvincere
  • Member
  • Offline
  • Registered: 2019-01-16
  • Posts: 3

Re: SOGo can't login, mysql bad handshake

I got same error, and same build...
=== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): iRedMail-0.9.9
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Freebsd 12.0-RELEASE
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? : No

7 Reply by cvcvelo (edited by cvcvelo 2019-02-02 06:35:39)

  • cvcvelo
  • Member
  • Offline
  • Registered: 2014-06-16
  • Posts: 150

Re: SOGo can't login, mysql bad handshake

@amvincere, that might be a different error since you're using LDAP, while the "Bad handshake" errors @honza and I are seeing come from MySQL. Does the LDAP version of iredmail also use MySQL?

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SOGo can't login, mysql bad handshake

Hi all,

I reported this issue to SOGo team, you can monitor the issue below, and please help push SOGo team to fix it:
https://sogo.nu/bugs/view.php?id=4684

As a temporary solution, you can disable sogo cron jobs as mentioned in this forum post:
https://forum.iredmail.org/post67762.html#p67762

9 Reply by cvcvelo (edited by cvcvelo 2019-02-22 02:52:53)

  • cvcvelo
  • Member
  • Offline
  • Registered: 2014-06-16
  • Posts: 150

Re: SOGo can't login, mysql bad handshake

As previously noted, I had been getting the "Bad handshake" error with MySQL on FreeBSD 12 even without SOGo. Uncertain if this is related to the SOGo issue, but the logs showed a large number of outside connection attempts.

Adding this line to /etc/rc.conf greatly helped:

mysql_args="--bind-address=127.0.0.1"

Since making this change 10 days ago, the Bad handshake count has increased by only one, in comparison with thousands before, necessitating a restart of the MySQL service.

Again, don't know if this is the same issue as with SOGo but it worked here -- and in any event, I can't think of a good reason why iRedMail should accept MySQL connections from non-localhost addresses.

Thanks!

ps. Belated Happy Lunar Year greetings to zhb and family!

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: SOGo can't login, mysql bad handshake

cvcvelo wrote:

ps. Belated Happy Lunar Year greetings to zhb and family!

Thank you very much, @cvcvelo. big_smile

I don't understand why this issue happened on FreeBSD 12, no matter it's jailed or not.
Same (iRedMail) configuration works fine since FreeBSD 9 to 11, but i didn't find any obvious changes made to MySQL on FreeBSD 12.