Koozali.org: home of the SME Server

HTTP and Mail services have stopped on SME8.x

Offline gabby

  • 18
  • +0/-0
HTTP and Mail services have stopped on SME8.x
« on: August 15, 2017, 05:58:26 AM »
I have an SME 8.x server at a remote location configured in GatewayServer mode. I do not have physical access, but I can reach someone who does.

Network configuration is:
Modem----SME----Firewalled Network Switch
   |
   |
Non-Firewalled Network Switch

Users on the Firewalled Network Switch are able to access the internet through the gateway server.
Users external to the network are unable to reach the HTTP or mail (POP3S or Horde) services.

I had a user use whatsmyip.com to compare the IP address assigned to the modem against the IP address in the DNS records. They match.
I am able to ping the server and it returns the correct IP address, but that may be due to the DNS server being setup properly.
I had a user login as admin and perform a Internet Connection Test. The test passed.
I have had a user reboot the server from the server-manager. Reboot completed, no change in behavior.

Over the weekend, a wireless access point which was between the SME and the Firewalled Network Switch died catastrophically. We removed it from the network and connected SME directly to the Firewalled Network Switch. The HTTP and Mail services were functioning properly (for the last 2+ years) until the WAP went belly up.
I am not aware of any other changes to the network configuration.

I know enough to be dangerous, so I don't try to do anything spectacular. SME just works, so I try to leave it alone.

I need to get mail services back up ASAP. Does anyone have suggestions on how to proceed in diagnosing/repairing this issue?

Best regards,

James

guest22

Re: HTTP and Mail services have stopped on SME8.x
« Reply #1 on: August 15, 2017, 06:33:04 AM »
Do you have ssh access?

Offline gabby

  • 18
  • +0/-0
Re: HTTP and Mail services have stopped on SME8.x
« Reply #2 on: August 15, 2017, 06:46:49 AM »
I do not have ssh access. All external access is blocked/disabled. I have a user inside the network that has direct access to the server.

guest22

Re: HTTP and Mail services have stopped on SME8.x
« Reply #3 on: August 15, 2017, 06:57:33 AM »
So the only change between working and not working was the removal of the WAP?

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: HTTP and Mail services have stopped on SME8.x
« Reply #4 on: August 15, 2017, 09:42:09 AM »
SME 8 is unsupported, please upgrade asap

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: HTTP and Mail services have stopped on SME8.x
« Reply #5 on: August 15, 2017, 11:22:52 AM »
I have an SME 8.x server at a remote location configured in GatewayServer mode. I do not have physical access, but I can reach someone who does.

There is no good news here really.

SME v8 is totally unsupported and should be upgraded immediately. That means an onsite visit, backup, install and restore. Quickly.

Clearly something is making a mess of the network there, and without a lot more details it is hard to tell what is going on. Why would you have a WAP between SME and a switch ?? That means it is routing I presume ? Normally you would just connect it to the switch ?

How does SME handle the external 'modem' connection ?

Notwithstanding all that, removal of a device behind SME should not prevent external access, so clearly there is something else going on.

If you have a local user then you could at least get them to enable SSH access so you can have a look at the server, check logs and settings, get all your IP addresses etc and write out a decent network map so you can see exactly what is going on.

Rgds
John
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline gabby

  • 18
  • +0/-0
Re: HTTP and Mail services have stopped on SME8.x
« Reply #6 on: August 15, 2017, 01:27:38 PM »
So the only change between working and not working was the removal of the WAP?
The only change I am aware of is the removal of the WAP.

SME 8 is unsupported, please upgrade asap
SME v8 is totally unsupported and should be upgraded immediately. That means an onsite visit, backup, install and restore. Quickly.
Understood. An upgrade has been in the plan. This is a server in a residence. Unfortunately life does stand in the way all too frequently.
It is going to take time to get the upgrade deployed.
An onsite visit is not possible, I will have to walk my users through the process over the phone or with written instructions.
I know that SME8 is not supported anymore, but it should still function. Let's not get hung up that my configuration is out of date please. I am not condemning the server as it has been rock solid for many years. There is something else happening, but I don't know where to look.

Clearly something is making a mess of the network there, and without a lot more details it is hard to tell what is going on. Why would you have a WAP between SME and a switch ?? That means it is routing I presume ? Normally you would just connect it to the switch ?
The Server is configured as the DHCP server. The WAP was simply using the Ethernet ports as a switch. I agree this is not a typical configuration, but I wasn't around when the network/server was installed and didn't know that this was the configuration until we started debugging the failed WAP.

If you have a local user then you could at least get them to enable SSH access so you can have a look at the server, check logs and settings, get all your IP addresses etc and write out a decent network map so you can see exactly what is going on.
I will get my user to enable SSH access. What should I be looking for?

Best regards,

James

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: HTTP and Mail services have stopped on SME8.x
« Reply #7 on: August 15, 2017, 02:29:57 PM »
The only change I am aware of is the removal of the WAP.

Hmmmm. Still not answered the question. See below.

Quote
Understood. An upgrade has been in the plan. This is a server in a residence. Unfortunately life does stand in the way all too frequently.
It is going to take time to get the upgrade deployed.

I know that SME8 is not supported anymore, but it should still function. Let's not get hung up that my configuration is out of date please. I am not condemning the server as it has been rock solid for many years. There is something else happening, but I don't know where to look.

You have had years of notice that SME v8 would go EOL. The same as users of XP. It may be rock solid, it will probably be rock solid for an indefinite period, unless it gets hacked because there is a bug that will never get fixed. And the longer you leave it, the higher the likelihood of that happening. Today is a good day to upgrade. Yesterday was better. Last year was even better again, particularly before 31st March 2016 which as the EOL date.

The problem is that you are also expecting help for a system that is now out of date and unsupported by any of us. If you have a bug, it isn't going to get fixed. If you have a misconfiguration then you are trusting that any of us can remember what to do to fix it, or can be bothered to help.

I'm sorry if you feel that is harsh, but those are the facts. We have all had to upgrade solid boxes (and we tried very hard to make sure v9 was just as rock solid so you could upgrade and sleep easy). All part of life I am afraid, and not an excuse to not upgrade. Putting it off just makes a rod for your own back.

Quote
An onsite visit is not possible, I will have to walk my users through the process over the phone or with written instructions.

The Server is configured as the DHCP server. The WAP was simply using the Ethernet ports as a switch. I agree this is not a typical configuration, but I wasn't around when the network/server was installed and didn't know that this was the configuration until we started debugging the failed WAP.

Earlier you said the WAP was BETWEEN SME and the firewalled switch, and now you are saying it was plugged into the switch ? Can you please go back and illustrate CLEARLY what your layout WAS, and what it IS now. Remember, we can't see it and are blind. What IP addresses are using, ranges, server network configuration?

Quote
a wireless access point which was between the SME and the Firewalled Network Switch

My guess is it made no difference as it was behind SME and your local users can still get online. You have an issue with your external users not being able to contact SME. Unless you have some incredibly weird wiring there then the WAP has nothing to do with it.


Quote
I will get my user to enable SSH access. What should I be looking for?

Read the wiki for some self help. Start looking in your logs. Check for added contributions. Check for services that are enabled/disabled.

Get some settings with:

Code: [Select]
db config show
Rgds
John
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

guest22

Re: HTTP and Mail services have stopped on SME8.x
« Reply #8 on: August 15, 2017, 08:44:49 PM »
If you establish ssh access I am willing to pitch in and take look at it.

Offline gabby

  • 18
  • +0/-0
Re: HTTP and Mail services have stopped on SME8.x
« Reply #9 on: August 16, 2017, 03:54:07 AM »
The problem is that you are also expecting help for a system that is now out of date and unsupported by any of us. If you have a bug, it isn't going to get fixed. If you have a misconfiguration then you are trusting that any of us can remember what to do to fix it, or can be bothered to help.

I'm sorry if you feel that is harsh, but those are the facts. We have all had to upgrade solid boxes (and we tried very hard to make sure v9 was just as rock solid so you could upgrade and sleep easy). All part of life I am afraid, and not an excuse to not upgrade. Putting it off just makes a rod for your own back.
No offense taken. I was never expecting support for SME 8 per se, knowing that it is EOL. That said, it has been my experience that the SME community is far more savvy regarding networking problems (common and esoteric) than other forums I have participated in. I am fairly certain that the problem is not with the SME server. I am simply trying to ask some folks who are most likely more expert that I for ideas on how to diagnose this issue.

I was able to get ssh enabled. However, I was unable to establish a connection to the server through ssh. Upon further investigation, I discovered that ALL of my ports are closed. I know for certain that my SMTP, POP3S and HTTP ports were previously open.

I am now taking a closer look at the modem settings. I have experienced instances in the past where the ISP issued a reset to my modem causing port forwarding tables and other configurations to be lost. This may take a day or two as I have to wait for my user inside the network to be available at the same time I am.

If you establish ssh access I am willing to pitch in and take look at it.
When I am successful at opening the necessary ports and if I still have a problem at that point, I would be happy to take you up on your offer.

Best regards,

James

guest22

Re: HTTP and Mail services have stopped on SME8.x
« Reply #10 on: August 16, 2017, 04:32:00 AM »
You should be able to access the modem from remote right? If so, you should be able to take a look at the 'firewall' on the modem and other settings, or even reboot it. Just thinking along here.

Offline gabby

  • 18
  • +0/-0
Re: HTTP and Mail services have stopped on SME8.x
« Reply #11 on: August 17, 2017, 04:14:18 AM »
Thank you all for taking the time to respond. The issue was that the port forwarding rules in the modem were somehow cleared.

We were able to re-create the port forwarding rules for the services of interest and that immediately solved the problem.

Best regards,

James

guest22

Re: HTTP and Mail services have stopped on SME8.x
« Reply #12 on: August 17, 2017, 08:06:44 AM »
Good for you.

You could write a little script that is executed by cron to check the ports on your modem. Basically check port(s), if closed, send email, if open, do nothing.

And as per above advises, please consider upgrading to 9.x.

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: HTTP and Mail services have stopped on SME8.x
« Reply #13 on: August 17, 2017, 02:37:51 PM »
And as per above advises, please consider upgrading to 9.x.

The same advice applies to the modem -- if your modem (which I assume is really a router since I've never seen a modem that controls port forwarding) is running firmware that hasn't been updated for a couple years it is probably subject to remote compromise...