1 (edited by lostinignorance 2015-04-07 23:29:18)

Topic: 403 Forbidden [Solved]

======== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Apache
- Linux/BSD distribution name and version: FreeBSD 10.1
- Related log if you're reporting an issue:
====

When trying to log into a new email server I just built on FreeBSD 10.1 using your installation here, I am getting a "403 Forbidden: You don't have permission to access /iredadmin/ on this server." when I try to login to the admin panel.  I can get into the /mail, but not the /iredadmin.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: 403 Forbidden [Solved]

are you using https://{yourdomain}/iredadmin HTTPS: being KEY

3

Re: 403 Forbidden [Solved]

7t3chguy wrote:

are you using https://{yourdomain}/iredadmin HTTPS: being KEY

yes.  Do you know if the computer has to be external (outside private address space) to access that admin console?  I have multiple private subnets and routing going on.

4

Re: 403 Forbidden [Solved]

Don't think so, anything in your apache log?

5

Re: 403 Forbidden [Solved]

7t3chguy wrote:

Don't think so, anything in your apache log?

X.X.X.X - - [06/Apr/2015:11:06:26 -0500] "GET /iredadmin/ HTTP/1.1" 403 219
X.X.X.X - - [06/Apr/2015:11:12:27 -0500] "GET /iredadmin/ HTTP/1.1" 403 219
X.X.X.X - - [06/Apr/2015:11:26:38 -0500] "GET /iredadmin HTTP/1.1" 403 218
X.X.X.X - - [06/Apr/2015:11:26:38 -0500] "GET /favicon.ico HTTP/1.1" 404 209
X.X.X.X - - [06/Apr/2015:11:26:38 -0500] "GET /favicon.ico HTTP/1.1" 404 209
X.X.X.X - - [06/Apr/2015:11:26:49 -0500] "GET /iredadmin HTTP/1.1" 403 218
X.X.X.X - - [06/Apr/2015:11:26:49 -0500] "GET /favicon.ico HTTP/1.1" 404 209
X.X.X.X - - [06/Apr/2015:11:26:49 -0500] "GET /favicon.ico HTTP/1.1" 404 209

6

Re: 403 Forbidden [Solved]

sorry I meant Apache error log, not access log

7

Re: 403 Forbidden [Solved]

7t3chguy wrote:

sorry I meant Apache error log, not access log

[Mon Apr 06 11:06:04.924754 2015] [ssl:warn] [pid 1029] AH01906: www.example.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 06 11:06:04.924973 2015] [ssl:warn] [pid 1029] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 06 11:06:04.978211 2015] [ssl:warn] [pid 1030] AH01906: www.example.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 06 11:06:04.978257 2015] [ssl:warn] [pid 1030] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 06 11:06:05.639902 2015] [mpm_prefork:notice] [pid 1030] AH00163: Apache/2.4.12 (FreeBSD) OpenSSL/1.0.1l-freebsd mod_wsgi/3.5 Python/2.7.9 configured -- resuming normal operations
[Mon Apr 06 11:06:05.639955 2015] [core:notice] [pid 1030] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'
[Mon Apr 06 11:06:26.313276 2015] [core:error] [pid 1100] [client X.X.X.X:59969] AH00037: Symbolic link not allowed or link target not accessible: /usr/local/www/iredadmin
[Mon Apr 06 11:12:27.012894 2015] [core:error] [pid 1101] [client X.X.X.X:60077] AH00037: Symbolic link not allowed or link target not accessible: /usr/local/www/iredadmin
[Mon Apr 06 11:26:38.427068 2015] [core:error] [pid 1099] [client X.X.X.X:39739] AH00037: Symbolic link not allowed or link target not accessible: /usr/local/www/iredadmin
[Mon Apr 06 11:26:49.464884 2015] [core:error] [pid 1102] [client X.X.X.X:39745] AH00037: Symbolic link not allowed or link target not accessible: /usr/local/www/iredadmin

8

Re: 403 Forbidden [Solved]

could you run
ls -la /usr/local/www/iredadmin

9 (edited by lostinignorance 2015-04-07 00:57:29)

Re: 403 Forbidden [Solved]

still getting the 403, even after reboot

[Mon Apr 06 11:49:58.833927 2015] [ssl:warn] [pid 1021] AH01906: www.example.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 06 11:49:58.834442 2015] [ssl:warn] [pid 1021] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 06 11:49:58.882510 2015] [ssl:warn] [pid 1022] AH01906: www.example.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 06 11:49:58.882547 2015] [ssl:warn] [pid 1022] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 06 11:49:59.539097 2015] [mpm_prefork:notice] [pid 1022] AH00163: Apache/2.4.12 (FreeBSD) OpenSSL/1.0.1l-freebsd mod_wsgi/3.5 Python/2.7.9 configured -- resuming normal operations
[Mon Apr 06 11:49:59.539156 2015] [core:notice] [pid 1022] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'
[Mon Apr 06 11:50:02.767440 2015] [core:error] [pid 1090] [client 192.168.250.204:60739] AH00037: Symbolic link not allowed or link target not accessible: /usr/local/www/iredadmin
[Mon Apr 06 11:50:05.638604 2015] [core:error] [pid 1090] [client 192.168.250.204:60739] AH00037: Symbolic link not allowed or link target not accessible: /usr/local/www/iredadmin
[Mon Apr 06 11:50:07.832704 2015] [core:error] [pid 1094] [client 192.168.250.204:60740] AH00037: Symbolic link not allowed or link target not accessible: /usr/local/www/iredadmin
[Mon Apr 06 11:50:08.575772 2015] [core:error] [pid 1093] [client 192.168.250.204:60741] AH00037: Symbolic link not allowed or link target not accessible: /usr/local/www/iredadmin
[Mon Apr 06 11:55:40.215340 2015] [core:error] [pid 1091] [client 192.168.250.204:60895] AH00037: Symbolic link not allowed or link target not accessible: /usr/local/www/iredadmin

===============================
root@email:~ # ls -la /usr/local/www/iredadmin
lrwxr-xr-x  1 root  wheel  30 Apr  5 12:18 /usr/local/www/iredadmin -> /usr/local/www/iRedAdmin-0.4.1

10

Re: 403 Forbidden [Solved]

what about
ls -la /usr/local/www/iRedAdmin-0.4.1

11

Re: 403 Forbidden [Solved]

root@email:~ # ls -la /usr/local/www/iRedAdmin-0.4.1
ls: /usr/local/www/iRedAdmin-0.4.1: No such file or directory

12

Re: 403 Forbidden [Solved]

the symlink is broken, its like iRedAdmin doesn't exist,
could you show us the content of /usr/local/
ls -la /usr/local

13

Re: 403 Forbidden [Solved]

root@email:~ # ls -la /usr/local
total 125
drwxr-xr-x  16 root  wheel   17 Apr  5 12:18 .
drwxr-xr-x  16 root  wheel   16 Nov 11 15:03 ..
drwxr-xr-x   3 root  wheel  438 Apr  5 12:18 bin
drwxr-xr-x  18 root  wheel   48 Apr  5 12:18 etc
drwxr-xr-x  23 root  wheel  109 Apr  5 12:17 include
drwxr-xr-x   2 root  wheel   20 Apr  5 12:06 info
drwxr-xr-x  20 root  wheel  288 Apr  5 12:17 lib
drwxr-xr-x   3 root  wheel    3 Apr  5 11:43 lib32
drwxr-xr-x   5 root  wheel    5 Apr  5 11:43 libdata
drwxr-xr-x   9 root  wheel   11 Apr  5 12:17 libexec
drwxr-xr-x  23 root  wheel   23 Apr  5 11:44 man
-rw-r--r--   1 root  wheel  943 Apr  5 12:18 my.cnf
drwxr-xr-x   2 root  wheel    4 Apr  5 11:12 openssl
drwxr-xr-x   2 root  wheel   61 Apr  5 12:17 sbin
drwxr-xr-x  28 root  wheel   28 Apr  5 12:17 share
drwxr-xr-x   3 root  wheel    3 Apr  5 12:17 var
drwxr-xr-x   7 root  wheel    8 Apr  5 12:18 www

14

Re: 403 Forbidden [Solved]

oh crap, I meant /usr/local/www
so sorry xD

15

Re: 403 Forbidden [Solved]

root@email:~ # ls -la /usr/local/www
total 44
drwxr-xr-x   7 root  wheel   8 Apr  5 12:18 .
drwxr-xr-x  16 root  wheel  17 Apr  5 12:18 ..
drwxr-xr-x   6 root  wheel   6 Apr  5 11:52 apache24
drwxr-xr-x   8 root  wheel   8 Apr  5 12:17 awstats
lrwxr-xr-x   1 root  wheel  30 Apr  5 12:18 iredadmin -> /usr/local/www/iRedAdmin-0.4.1
drwxr-xr-x   5 root  wheel  83 Apr  5 12:06 policyd
drwxr-xr-x   2 root  wheel   2 Apr  5 12:17 proxy
drwxr-xr-x  12 root  wheel  15 Apr  5 12:17 roundcube

16

Re: 403 Forbidden [Solved]

iRedAdmin is missing, for whatever reason;
there's not an extremely easy way to just install it
as its config is generated by the iRedMail installer

Could you have a look around your file system to make sure it wasn't installed elsewhere, like /opt/ or /home/iredadmin/ or just run a find/locate command to check for it?

17

Re: 403 Forbidden [Solved]

Looks like its in the opt folder.  Should I link or move the file?

18

Re: 403 Forbidden [Solved]

just run

cd /usr/local/www && rm iredadmin && ln -s /opt/iRedAdmin-0.4.1 iredadmin

19

Re: 403 Forbidden [Solved]

I think its smarter keeping iRedAdmin in /opt, means you can keep older versions there without cluttering up more important directories, if you prefer to move it then that'll work too

20 (edited by lostinignorance 2015-04-07 01:24:04)

Re: 403 Forbidden [Solved]

I used the command above, but made a modification. It looks like there is a version difference too.  The link says iRedAdmin-0.4.1 where as the folder is iRedAdmin-0.4.4

EDIT: Sorry, was looking at a wrong folder.  I'll have to do a search for it.

21 (edited by lostinignorance 2015-04-07 01:29:06)

Re: 403 Forbidden [Solved]

The only place it showed up is in the original /root/iRedMail-0.9.0 file folder under /conf/
also under /var/mail/

22

Re: 403 Forbidden [Solved]

0.4.4? that iRedAdmin doesn't exist yet xD
Maybe you meant iRedApd 1.4.4
its possible iRedAdmin is just missing in your installation
which would be a huge pain in the ass

You'll have to download iRedAdmin from here http://iredmail.org/yum/misc/
extract it and look at the sample settings.py file for your backend, and fill it in with the passwords from the e-mail the iRedMail would have sent you right after you installed it [to your postmaster account]

23

Re: 403 Forbidden [Solved]

[sarcasm] YAY![/sarcasm]

What would cause this on a brand new install of 10 or 10.1 with the nginx or apache installs?  I thought I might have done something wrong before and re-tried this 4 times.

24

Re: 403 Forbidden [Solved]

http timeout to the iRedMail yum repo could be the only thing I can think of

25

Re: 403 Forbidden [Solved]

Also do I have to run anything, or do I just copy the file over to the correct directory (btw, what is the correct directory?)