1 Topic by Bronko (edited by Bronko 2024-02-28 02:28:12)

  • Bronko
  • Member
  • Offline
  • Registered: 2009-10-20
  • Posts: 112

Topic: send from email alias as sender is rejected after reboot...

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.8
- Deployed with downloadable installer
- Linux/BSD distribution name and version: ubuntu 22.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====


As described here http://www.iredmail.org/docs/errors.htm … e-username 

ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True

is in place at /opt/iredapd/settings.py

But periodically ->edit:after reboot (Recipient address rejected: Sender is not same as SMTP authenticate username) I have to 

systemctl restart iredapd.service

to work again...?

Anyone with same behavior?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 826

Re: send from email alias as sender is rejected after reboot...

looks like lack of RAM

how much ram do you have?

3 Reply by Bronko

  • Bronko
  • Member
  • Offline
  • Registered: 2009-10-20
  • Posts: 112

Re: send from email alias as sender is rejected after reboot...

Cthulhu wrote:

looks like lack of RAM

how much ram do you have?

4GB and a half of it is consumed...

4 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 826

Re: send from email alias as sender is rejected after reboot...

4GB is absolutely bare minimum, and a statement "half of it is consumed" doesn't matter, since most is consumed when an mail is processed and amavis, clamav, SA, and iredapd gets invoked

check journal why iredapd stopped working, my guess is that it gets OOM terminated

5 Reply by Bronko

  • Bronko
  • Member
  • Offline
  • Registered: 2009-10-20
  • Posts: 112

Re: send from email alias as sender is rejected after reboot...

Cthulhu wrote:

check journal why iredapd stopped working, my guess is that it gets OOM terminated

Thanks, you pointed me in right direction...


So, my Mailserver VM started/rebooted (due to proxmox maintenance) and iRedAPD runs into 'LDAP bind failed: SERVER_DOWN' following error messages at any email handling, but no issue at mail transfer.
Then at some point I tried to send via alias name and observe the error message at roundcube. Restart iRedAPD manually solved the issue...


...
Feb 26 12:04:49 mail iredapd LDAP bind failed: SERVER_DOWN({'desc': "Can't contact LDAP server", 'errno': 107, 'info': 'Transport endpoint is not connected'})
Feb 26 12:04:49 mail iredapd Starting iRedAPD (version: 5.3.3, backend: ldap), listening on 127.0.0.1:7777.
Feb 26 12:04:49 mail iredapd Loading plugin (priority: 100): reject_null_sender
Feb 26 12:04:49 mail iredapd Loading plugin (priority: 99): wblist_rdns
Feb 26 12:04:49 mail iredapd Loading plugin (priority: 90): reject_sender_login_mismatch
Feb 26 12:04:49 mail iredapd Loading plugin (priority: 80): greylisting
Feb 26 12:04:49 mail iredapd Loading plugin (priority: 60): throttle
Feb 26 12:04:49 mail iredapd Loading plugin (priority: 50): ldap_maillist_access_policy
Feb 26 12:04:49 mail iredapd Loading plugin (priority: 40): amavisd_wblist
Feb 26 12:04:49 mail iredapd Starting SRS sender rewriting channel, listening on 127.0.0.1:7778
Feb 26 12:04:49 mail iredapd Starting SRS recipient rewriting channel, listening on 127.0.0.1:7779
Feb 26 12:21:47 mail iredapd <!> Error while querying local domain: INSUFFICIENT_ACCESS({'desc': 'Insufficient access'})
Feb 26 12:21:47 mail iredapd <!> Error while querying alias domain: INSUFFICIENT_ACCESS({'desc': 'Insufficient access'})
...
Feb 26 12:21:47 mail iredapd <!> Error while querying alias domain: INSUFFICIENT_ACCESS({'desc': 'Insufficient access'})
Feb 26 12:21:47 mail iredapd <!> Error while querying alias domain: INSUFFICIENT_ACCESS({'desc': 'Insufficient access'})
...
Feb 26 12:21:47 mail iredapd <!> Error while querying alias domain: INSUFFICIENT_ACCESS({'desc': 'Insufficient access'})
Feb 26 12:21:47 mail iredapd <!> Error while querying alias domain: INSUFFICIENT_ACCESS({'desc': 'Insufficient access'})
...
Feb 26 12:27:38 mail iredapd <!> Error while querying local domain: INSUFFICIENT_ACCESS({'desc': 'Insufficient access'})
Feb 26 12:27:38 mail iredapd <!> Error while querying alias domain: INSUFFICIENT_ACCESS({'desc': 'Insufficient access'})
...
Feb 27 15:20:36 mail iredapd <!> Error while querying alias domain: INSUFFICIENT_ACCESS({'desc': 'Insufficient access'})
Feb 27 15:20:36 mail iredapd <!> Error while querying alias domain: INSUFFICIENT_ACCESS({'desc': 'Insufficient access'})
Feb 27 15:41:09 mail iredapd [127.0.0.1] RCPT, me@mydomain.com => alias.me@mydomain.com -> user@anydomain.com, REJECT Sender is not same as SMTP authenticate username [sasl_username=me@mydomain.com, sender=alias.me@mydomain.com, client_name=mail.server.local, reverse_client_name=mail.server.local, helo=localhost, encryption_protocol=TLSv1.3, encryption_cipher=TLS_AES_256_GCM_SHA384, server_port=587, process_time=0.0010s]

systemctl restart iredapd.service

Feb 27 15:41:16 mail iredapd Starting iRedAPD (version: 5.3.3, backend: ldap), listening on 127.0.0.1:7777.
Feb 27 15:41:16 mail iredapd Loading plugin (priority: 100): reject_null_sender
Feb 27 15:41:16 mail iredapd Loading plugin (priority: 99): wblist_rdns
Feb 27 15:41:16 mail iredapd Loading plugin (priority: 90): reject_sender_login_mismatch
Feb 27 15:41:16 mail iredapd Loading plugin (priority: 80): greylisting
Feb 27 15:41:16 mail iredapd Loading plugin (priority: 60): throttle
Feb 27 15:41:16 mail iredapd Loading plugin (priority: 50): ldap_maillist_access_policy
Feb 27 15:41:16 mail iredapd Loading plugin (priority: 40): amavisd_wblist
Feb 27 15:41:16 mail iredapd Starting SRS sender rewriting channel, listening on 127.0.0.1:7778
Feb 27 15:41:16 mail iredapd Starting SRS recipient rewriting channel, listening on 127.0.0.1:7779
Feb 27 15:41:21 mail iredapd [127.0.0.1] RCPT, me@mydomain.com => alias.me@mydomain.com -> user@anydomain.com, DUNNO [sasl_username=me@mydomain.com, sender=alias.me@mydomain.com, client_name=mail.server.local, reverse_client_name=mail.server.local, helo=localhost, encryption_protocol=TLSv1.3, encryption_cipher=TLS_AES_256_GCM_SHA384, server_port=587, process_time=0.0056s]
Feb 27 15:41:21 mail iredapd [127.0.0.1] END-OF-MESSAGE, me@mydomain.com => alias.me@mydomain.com -> user@anydomain.com, DUNNO [recipient_count=1, size=2618, process_time=0.0025s]

... = normal email handling as send and delivery



Checked another reboot and it runs into same failure... ( beside 'Error while querying alias domain' messages doesn't appear yet)

Any hints?

6 Reply by Bronko (edited by Bronko 2024-02-28 02:40:59)

  • Bronko
  • Member
  • Offline
  • Registered: 2009-10-20
  • Posts: 112

Re: send from email alias as sender is rejected after reboot...

Cthulhu wrote:

4GB is absolutely bare minimum

(run my installations since 15 years at 6GB RAM)

Doubled the RAM to 8GB and reboot, same behavior and 'Error while querying alias domain' messages are back... Restart iRedAPD still helps.

7 Reply by Pavel Zhe

  • Pavel Zhe
  • Member
  • Offline
  • Registered: 2023-12-12
  • Posts: 28

Re: send from email alias as sender is rejected after reboot...

Bronko wrote:
Cthulhu wrote:

4GB is absolutely bare minimum

(run my installations since 15 years at 6GB RAM)

Doubled the RAM to 8GB and reboot, same behavior and 'Error while querying alias domain' messages are back... Restart iRedAPD still helps.

Do you have LDAP service on the same host? Looks like LDAP server is not ready at iRedAPD start, so iRedAPD failed to start. After some time LDAP server become available and restart iRedAPD resolve issue

8 Reply by Bronko (edited by Bronko 2024-02-28 05:26:40)

  • Bronko
  • Member
  • Offline
  • Registered: 2009-10-20
  • Posts: 112

Re: send from email alias as sender is rejected after reboot...

Pavel Zhe wrote:

Do you have LDAP service on the same host?

Yes, on same host as default iRedMail setup would configure it.
Will testing 'After=' or 'Requires=' directive at systemd...

9 Reply by Bronko (edited by Bronko 2024-02-28 05:27:20)

  • Bronko
  • Member
  • Offline
  • Registered: 2009-10-20
  • Posts: 112

Re: send from email alias as sender is rejected after reboot...

Edit iredapd.service file solved the issue:

/usr/lib/systemd/system/iredapd.service:

After=network.target local-fs.target remote-fs.target slapd.service

(add slapd.service)

'Requires=' doesn't helped.

Open an issue: https://github.com/iredmail/iRedMail/issues/252

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: send from email alias as sender is rejected after reboot...

Fixed. Thanks for the feedback. smile
https://github.com/iredmail/iRedAPD/com … 8589f11246

11 Reply by Bronko

  • Bronko
  • Member
  • Offline
  • Registered: 2009-10-20
  • Posts: 112

Re: send from email alias as sender is rejected after reboot...

Ok, fine...!

My assumption was to have 'Requires='  in place, to be sure service is up and running, while 'After=' should only give an order, not a check of running slapd.service.
But the reality by tests give me the answer from above.
May be some farther tests necessary...

12 Reply by Cthulhu (edited by Cthulhu 2024-02-28 21:34:39)

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 826

Re: send from email alias as sender is rejected after reboot...

Doesn't this conflict with every installation which doesn't use ldap or especially slapd?

the condition will never be satisfied

13 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: send from email alias as sender is rejected after reboot...

Cthulhu wrote:

Doesn't this conflict with every installation which doesn't use ldap or especially slapd?

the condition will never be satisfied

Exactly. So "After=" is enough.