Mail Server Destroyed after very FIRST 'emerge system' !!!

[danielrm26]

Ok, well it was fun having a mail server based on Gentoo. Unfortunately, I wanted to do a system update and now none of my IMAP users can login anymore.

I updated baselayout, vim, and a couple of other things, and now none of my users can check their mail. (Oh, and the daemon won't start via rc-update anymore either...) I tried an upgrade to 1.7, but that didn't work either. Here's the log of the failure to connect to an IMAP account:

May 12 05:46:40 hermes imapd: Connection, ip=[x.x.x.x]
May 12 05:46:40 hermes authdaemon: authdaemon: s_connect() failed: Connection refused
May 12 05:46:45 hermes imapd: LOGIN FAILED, ip=[x.x.x.x]
May 12 05:47:12 hermes imapd: DISCONNECTED, ip=[x.x.x.x], headers=0, body=0

This obviously has something to do with authentication and/or pam, but I can't figure it out. The changelog mentions something about changing something with it as well, but the problem there is that it broke before I upgraded to 1.7. Anyhow, the changelog on the courier site says this:

2003-03-22 Alain NAKACHE <alain@cal.fr>
* authenticate_auth.c (authenticate): Add AUTHSERVICE functionality
to IMAP SASL, and POP3 plain+SASL authentication methods.
* pop3login.c (main): Ditto.

So, needless to say, I'm pretty pissed right now. It's easy to see why people take the easy way out and go with MS when this is what they have to deal with. Could I realistically deploy this in a production environment? Can I tell my boss that I shouldn't do updates because it'll break the mail server? I don't mean to bitch, but if I am one of the few who are out here playing with Gentoo and building mail servers based on it, and I can't even fix it after an update, then how are we supposed to expect the business world to dump MS and try it too?

Where are the warnings saying don't update? I know you aren't supposed to, but that's kind of like you aren't supposed to install and uninstall too many software packages on Windows - what's the point of having an OS if you can't do updates and install software without running the risk of stuff breaking?

Shit, I sound like an asshole.

Does anyone have any ideas about this? I'd appreciate any help...

[Genone]

Ok, it seems that you use courier-imap. I never used that one (I stick with cyrus), so maybe none of my tips are appropriate. First, did you update your config files or did you let etc-update overwrite them ? Can you connect to the server locally (via telnet), if so what's the output of the CAPABILITY command ? Check the /etc/pam.d/ config files for pam and the system log files (name depends on your logger).

[danielrm26]

Well, first of all, the package broke before I updated Courier, so the conf files weren't the issue. It had something to do with pam I think because I can connect via mutt from the inside.

So, at this point it looks like it's possibly some sort of host connection control that authdaemon is doing, but I haven't a clue what it could be.

Any ideas?
_________________
dmiessler.com -- grep understanding knowledge

[Genone]

As I said, check /etc/pam.d/* and your system log files.

[danielrm26]

Thanks for the help but there is nothing in there that I can see. Anyone have any ideas about what setting in my authdaemon files or pam could be doing this?
_________________
dmiessler.com -- grep understanding knowledge

[flurin]

Start the authdaemon:

/etc/init.d/authdaemond start

and afterwards add it to the default runlevel. I had the exact same symptoms as you had. I've no exact explanation yet, why this works but it did the trick for me. Don't fiddle with any of the courier-imap config files. I did and it wasn't necessary.

Cheers,

Flurin

[upnix]

[danielrm26]

That was a helpful post. Thank you for contributing.
_________________
dmiessler.com -- grep understanding knowledge

[relyt]

[danielrm26]

The users were still able to login via SSH, so no, I don't think that was the case.

Thanks, though...
_________________
dmiessler.com -- grep understanding knowledge

[danielrm26]

Ok, I solved this problem by installing an older version of baselayout - it fixed the problem immediately after a reboot (funny, that).

So the baselayout package did something to authentication (probably pam) that borked my IMAP daemon's ability to let users log in.

Upgrade at your own risk !!! (which we already knew...just reminding you...)
_________________
dmiessler.com -- grep understanding knowledge

[Chris W]

You ask, "Could I realistically deploy this [Gentoo] in a production environment? Can I tell my boss that I shouldn't do updates because it'll break the mail server?" The answer is yes it is realistic, and no updates don't automatically break things, but you need to adopt a reasonable attitude to your responsibility to provide service to your customer.

In Linux/Unix circles, just as in Microsoft Windows NT/2000 circles, it pays to test stuff before you do it on a production system. If you don't, you will run foul of glitches at some stage. That's not to say every production update will be faultless, but testing will minimise the incidence. To blame the administrator's failure to test on the operating system is just plain daft.

Upgrade one thing at a time and test in between, at least then you know what's changed when it does break. If an update requires dependencies to be updated then do those one at a time also: "emerge -pu" is your friend.

When asking for help include useful information. You failed to mention what IMAP server you were using, what versions of the various package you updated from and to, etc. We had to guess you were using Courier, and we still don't know which versions of baselayout you claim work/don't work.

Adopt a civil attitude. Going off half-cocked in this forum does not help the situation you are trying to correct.

At least with Gentoo you are able to roll back to an earlier incarnation, something that is increasing difficulty to do in Windows.
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein

[danielrm26]