1

Topic: iRedAPD stops working

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.0 OPENLDAP edition.
- Deployed with the downloadable installer.
- Linux/BSD distribution name and version: Debian 10.10
- Store mail accounts in which backend: LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? YES
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,
I have a problem with iredapd, it stops working after some hours.
When problem exists I can't send any e-mail.
Some information from: /var/log/mail.log:

Jul 23 23:18:36 mail postfix/submission/smtpd[10030]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 23 23:19:42 mail postfix/submission/smtpd[10102]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 23 23:20:17 mail postfix/submission/smtpd[10030]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 23 23:21:23 mail postfix/submission/smtpd[10102]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 18:18:47 mail postfix/submission/smtpd[30371]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 18:20:19 mail postfix/submission/smtpd[30461]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 18:20:28 mail postfix/submission/smtpd[30371]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 18:20:48 mail postfix/submission/smtpd[30509]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 18:22:00 mail postfix/submission/smtpd[30461]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 18:22:29 mail postfix/submission/smtpd[30509]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 19:13:09 mail postfix/submission/smtpd[1063]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 19:14:50 mail postfix/submission/smtpd[1063]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 19:15:21 mail postfix/submission/smtpd[1225]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 19:17:02 mail postfix/submission/smtpd[1225]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 21:24:25 mail postfix/submission/smtpd[8622]: warning: problem talking to server 127.0.0.1:7777: Connection timed out
Jul 24 21:25:41 mail postfix/submission/smtpd[8622]: warning: problem talking to server 127.0.0.1:7777: Connection reset by peer

###
But if I'll check processes, it looks fine:

root@mail:~# ps aux | grep iredap                         
iredapd   1408  0.0  0.1  58768 34732 ?        S    19:18   0:00 /usr/bin/python3 /opt/iredapd/iredapd.py
root      8680  0.0  0.0   6224   824 pts/0    S+   21:23   0:00 grep iredap

root@mail:~# systemctl status iredapd.service                       
● iredapd.service - iRedAPD (A simple posfix policy server)
   Loaded: loaded (/lib/systemd/system/iredapd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2021-07-24 19:18:53 CEST; 2h 5min ago
  Process: 687 ExecStart=/usr/bin/python3 /opt/iredapd/iredapd.py (code=exited, status=0/SUCCESS)
Main PID: 1408 (python3)
    Tasks: 1 (limit: 4915)
   Memory: 39.1M
   CGroup: /system.slice/iredapd.service
           └─1408 /usr/bin/python3 /opt/iredapd/iredapd.py
###
And also iredapd is listening:
root@mail:~# netstat -tulnp | grep 777           
tcp        1      0 127.0.0.1:7777          0.0.0.0:*               LISTEN      1408/python3       
tcp        0      0 127.0.0.1:7778          0.0.0.0:*               LISTEN      1408/python3       
tcp        0      0 127.0.0.1:7779          0.0.0.0:*               LISTEN      1408/python3

###
I can tenlnet to port 7777:
root@mail:~# telnet 0 7777             
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'

I have no idea why it happens.

Kind regards

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedAPD stops working

Is this a very busy mail server?

3

Re: iRedAPD stops working

Hi,
Not yet, it's a new server only prepared to work.
I changed my ldap server to localhost and it fixed the problem, but that's not what I mean.
I logged that iredapd crashed after querying ldap and did'n get answer.
After setup is complete, this server will have approximately 8k accounts.
Can you suggest how ldap should be set up in this case? What else should I pay attention to?

Kind regards
Piotr

4

Re: iRedAPD stops working

Your first post didn't mention you're using a remote LDAP server.
Please restart iredapd service and check its log file to figure out what it complains, the error log usually is very detailed and useful for troubleshooting.

5 (edited by pitterski 2021-07-30 04:23:04)

Re: iRedAPD stops working

ZhangHuangbin wrote:

Your first post didn't mention you're using a remote LDAP server.
Please restart iredapd service and check its log file to figure out what it complains, the error log usually is very detailed and useful for troubleshooting.

I turned on debugging and after that I noticed that sometimes iredapd makes a query to the LDAP server and doesn't get a response. After that, iredapd is dead and there is no response when connecting to 127.0.0.1:7777.

For now I have solved the problem and am using a local LDAP server. It's just a workaround.

But there is one question more, maybe it is related but I am not sure.

I would like to separate the SMTP server from the WEBMAIL server. And I am having trouble connecting remotely to managesieve-login daemon on iredmail server on tcp port 4190 remotely. Other connections (tcp 143, tcp 587) works fine.
I changed the configuration in /etc/dovecot/dovecot.conf to listen on all interfaces:

service managesieve-login {
    inet_listener sieve {
#        # Listen on localhost (ipv4)
        address = 0.0.0.0
        port = 4190
    }
}

And then managesieve-login listens correctly:
root@mail:~# netstat -tulnp | grep dove                   
tcp        0      0 127.0.0.1:24242         0.0.0.0:*               LISTEN      7090/dovecot       
tcp        0      0 127.0.0.1:12340         0.0.0.0:*               LISTEN      7090/dovecot       
tcp        0      0 127.0.0.1:24            0.0.0.0:*               LISTEN      7090/dovecot       
tcp        0      0 0.0.0.0:4190            0.0.0.0:*               LISTEN      7090/dovecot       
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      7090/dovecot       
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      7090/dovecot       
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      7090/dovecot       
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      7090/dovecot       
tcp6       0      0 :::993                  :::*                    LISTEN      7090/dovecot       
tcp6       0      0 :::995                  :::*                    LISTEN      7090/dovecot       
tcp6       0      0 :::110                  :::*                    LISTEN      7090/dovecot       
tcp6       0      0 :::143                  :::*                    LISTEN      7090/dovecot       

I'm using shorewall to manage iptables and this connection is permitted but when I'm trying to connect from remote serwer (in the same LAN) thers is no answer.

# connection from x.x.x.57 server
root@webmail:~# telnet x.x.x.55 4190
Trying x.x.x.55...
^C

#on x.x.x.55 server
root@mail:~# tcpdump -nn -n  port 4190             
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
15:39:51.889668 IP x.x.x.57.40178 > x.x.x.55.4190: Flags [S], seq 917008708, win 64240, options [mss 1460,sackOK,TS val 1360367981 ecr 0,nop,wscale 7], length 0
15:39:52.901317 IP x.x.x.57.40178 > x.x.x.55.4190: Flags [S], seq 917008708, win 64240, options [mss 1460,sackOK,TS val 1360368992 ecr 0,nop,wscale 7], length 0
15:39:54.917289 IP x.x.x.57.40178 > x.x.x.55.4190: Flags [S], seq 917008708, win 64240, options [mss 1460,sackOK,TS val 1360371008 ecr 0,nop,wscale 7], length 0

no reply and no other information in /var/log/dovecot/sieve.log

But there is one interesting thing, if I configure managesieve-login to listen on port 80, the connection works locally and remotely. Of course, nginx is then stopped for a while.

#from 57 server
pit@webmail:~$ telnet x.x.x.55 80
Trying x.x.x.55...
Connected to x.x.x.55.
Escape character is '^]'.
"IMPLEMENTATION" "Dovecot (Debian) Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot (Debian) ready."
^]
telnet> quit
Connection closed.

It was tested on two servers with iRedmail 1.4 and iRedAdmin 4.9 LDAP with debian 10.10
But it is working fine on server with iRedmail 1.3.2  iRedAdmin 4.8 SQL with debian 10.10

I tried the DNAT rules, stream redirect in nginx but always without luck.
What I can't see ??!!

Regards
Piotr

6

Re: iRedAPD stops working

iRedMail has its own iptables rule files, you'd better double check and make sure these rules are not loaded and only your own rules are loaded.

7

Re: iRedAPD stops working

ZhangHuangbin wrote:

iRedMail has its own iptables rule files, you'd better double check and make sure these rules are not loaded and only your own rules are loaded.

Besides iptables there is nftables running.
systemctl stop nftables.service
This solved the problem.
Thank you.

Piotr