Article ID: 116693, created on Aug 9, 2013, last review on May 11, 2014

  • Applies to:
  • Operations Automation 5.5
  • Operations Automation 5.4

Symptoms

Authentication works only on the first qmail server in a cluster after POA 5.4.13 installation. Below is an example of a successful login:

# telnet mta1.provider.com 110
Trying 10.39.84.21...
Connected to 10.39.84.21.
Escape character is '^]'.
+OK Hello there.
user qmailbox@customer.com
+OK Password required.
pass xxxxxx
+OK logged in.

On all other qmail servers in the cluster except for the first one authentication fails like in the example below:

# telnet mta2.provider.com 110
Trying 10.39.84.22...
Connected to 10.39.84.22.
Escape character is '^]'.
+OK Hello there.
user qmailbox@customer.com
+OK Password required.
pass xxxxxx
-ERR Login failed.

As a result, all customers who are directed by the load balancer away from the first qmail server in the cluster cannot log in to their mailboxes using mail clients. The problem affects webmail also.

Cause

POA 5.4.13 puts the IP address of only the first qmail server in the cluster in the /etc/openldap/schema/mail.access file which is included in the /etc/openldap/slapd.conf file on the LDAP server used by the qmail cluster. The LDAP server accepts requests only from servers listed in the mail.access file. As a result, only the first qmail server in the cluster can authenticate mail users.

Resolution

  1. Add IP addresses of all qmail servers in the cluster and the IP address of the POA Management Node into the /etc/openldap/schema/mail.access file on the LDAP server like in the example below:

    # Allow access only for the authorized admin user and for qmail hosts
    access to dn.subtree="ou=mail,dc=pem,dc=swsoft,dc=com"
      by peername.regex=127\.0\.0\.1 read
      by peername.regex=10\.39\.84\.20 read # POA Management Node
      by peername.regex=10\.39\.84\.21 read # qmail server #1 IP address
      by peername.regex=10\.39\.94\.21 read # qmail server #1 IP address
      by peername.regex=10\.39\.84\.22 read # qmail server #2 IP address
      by peername.regex=10\.39\.94\.22 read # qmail server #2 IP address
      by users none
      by * none
    
  2. Restart ldap service on the LDAP server:

    /etc/init.d/ldap restart

Search Words

qmail cluster

authentication failure

ERR Login failed

Users cannot authenticate in qmail after 5.5 upgrade

Проблема при работе с почтой на почтовых клиентах

ac82ce33439a9c1feec4ff4f2f638899 caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae 2554725ed606193dd9bbce21365bed4e 5b048d9bddf8048a00aba7e0bdadef37 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF