Kolab 3.4 - Problem when securing installation

Philip Trickett (List) phil-ml at techworks.ie
Wed Nov 25 18:42:05 CET 2015 

On 25/11/15 17:18, Brady, Mike wrote:
> Phil
>
> I am going need some more details on what you have done.
>
> I am assuming:
>
>  1. Install OS and Kolab
>  2. Run setup-kolab
>  3. Migrate LDAP Data
>  4. Migrate IMAP Data
>
> If this is what you did, when you migrated the LDAP data did you 
> either exclude everything in ou=Special Users,dc=your,dc=domain or 
> change the passwords in all the configuration files?
>
> Mike
>
Hi Mike,

I pretty much followed those steps, but I cheated slightly ;)

I did steps 1 & 2, for setup-kolab, I used the configuration passwords 
from the original server on the new server, to save having to change 
passwords, then I migrated all the LDAP data from the old server.

I then migrated the IMAP data, by rsyncing /var/lib/imap and 
/var/spool/imap from the old server (during this time, cyrus-imapd was 
shutdown, as well as the directory server etc.)

Once I had done this, I logged in to roundcube on a couple of the 
accounts, and checked a few messages etc. which showed up fine with no 
errors.

Then I proceeded to follow the guide to secure the installation, and 
after this, logging in give a mailbox not found.

However, on looking at logs and firebug, I can only see the successful 
login to cyrus from roundcube, and no errors are returned, so I am a bit 
stumped by this.

There is a bit of a log excerpt below of the login process:

tail -f /var/log/maillog /var/log/httpd/ssl_access_log 
/var/log/httpd/ssl_error_log
==> /var/log/maillog <==
Nov 25 17:29:55 mail imap[3785]: USAGE philip.trickett at example.org user: 
0.009205 sys: 0.005508
Nov 25 17:29:55 mail imap[3786]: starttls: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 25 17:29:55 mail imap[3786]: login: localhost.localdomain 
[127.0.0.1] philip.trickett at example.org PLAIN+TLS User logged in 
SESSIONID=<mail2-3786-1448472595-1-1905125910673132224>
Nov 25 17:29:55 mail imap[3786]: USAGE philip.trickett at example.org user: 
0.009059 sys: 0.006039
Nov 25 17:29:57 mail imap[3783]: starttls: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 25 17:29:57 mail imap[3783]: login: localhost.localdomain 
[127.0.0.1] philip.trickett at example.org PLAIN+TLS User logged in 
SESSIONID=<mail2-3783-1448472597-1-4950283356597843003>
Nov 25 17:29:57 mail imap[3785]: starttls: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 25 17:29:57 mail imap[3785]: login: localhost.localdomain 
[127.0.0.1] philip.trickett at example.org PLAIN+TLS User logged in 
SESSIONID=<mail2-3785-1448472597-1-9158458248579971895>
Nov 25 17:29:57 mail imap[3783]: USAGE philip.trickett at example.org user: 
0.008515 sys: 0.006386
Nov 25 17:29:57 mail imap[3785]: USAGE philip.trickett at example.org user: 
0.000567 sys: 0.003450

==> /var/log/httpd/ssl_access_log <==
192.168.156.30 - - [25/Nov/2015:12:52:14 +0000] "GET 
/roundcubemail/35fe554a98f8ebb6/?_task=mail&_refresh=1&_mbox=INBOX&_remote=1&_unlock=loading1448455935036&_action=list&_=1448455934624 
HTTP/1.1" 200 933
192.168.156.30 - - [25/Nov/2015:12:52:15 +0000] "GET 
/roundcubemail/assets/program/resources/blank.tif HTTP/1.1" 200 270
192.168.156.23 - philip.trickett at example.org [25/Nov/2015:12:53:15 
+0000] "GET /chwala//api/?method=authenticate&version=2 HTTP/1.1" 200 128
192.168.156.30 - - [25/Nov/2015:12:53:14 +0000] "POST 
/roundcubemail/35fe554a98f8ebb6/?_task=mail&_action=refresh HTTP/1.1" 
200 186
192.168.156.30 - - [25/Nov/2015:17:29:43 +0000] "GET /roundcubemail/ 
HTTP/1.1" 200 7124
192.168.156.30 - - [25/Nov/2015:17:29:54 +0000] "POST 
/roundcubemail/?_task=login HTTP/1.1" 302 -
192.168.156.30 - - [25/Nov/2015:17:29:55 +0000] "GET 
/roundcubemail/63350724609ca0f3/?_task=mail HTTP/1.1" 200 55032
192.168.156.30 - - [25/Nov/2015:17:29:57 +0000] "GET 
/roundcubemail/assets/program/resources/blank.tif HTTP/1.1" 200 270
192.168.156.30 - - [25/Nov/2015:17:29:57 +0000] "GET 
/roundcubemail/63350724609ca0f3/?_task=mail&_refresh=1&_mbox=INBOX&_remote=1&_unlock=loading1448472597825&_action=list&_=1448472597435 
HTTP/1.1" 200 933
192.168.156.30 - - [25/Nov/2015:17:29:57 +0000] "GET 
/roundcubemail/63350724609ca0f3/?_task=mail&_remote=1&_unlock=0&_action=getunread&_=1448472597436 
HTTP/1.1" 200 75

==> /var/log/maillog <==
Nov 25 17:30:57 mail imap[3782]: starttls: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 25 17:30:57 mail imap[3782]: login: localhost.localdomain 
[127.0.0.1] philip.trickett at example.org PLAIN+TLS User logged in 
SESSIONID=<mail2-3782-1448472657-1-14027085326122907929>
Nov 25 17:30:57 mail imap[3783]: starttls: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 25 17:30:57 mail imap[3783]: login: localhost.localdomain 
[127.0.0.1] philip.trickett at example.org PLAIN+TLS User logged in 
SESSIONID=<mail2-3783-1448472657-1-7942227074731681134>
Nov 25 17:30:57 mail imap[3783]: USAGE philip.trickett at example.org user: 
0.002896 sys: 0.001913

==> /var/log/httpd/ssl_access_log <==
192.168.156.23 - philip.trickett at example.org [25/Nov/2015:17:30:57 
+0000] "GET /chwala//api/?method=authenticate&version=2 HTTP/1.1" 200 128

==> /var/log/maillog <==
Nov 25 17:30:58 mail imap[3782]: USAGE philip.trickett at example.org user: 
0.009165 sys: 0.006415

==> /var/log/httpd/ssl_access_log <==
192.168.156.30 - - [25/Nov/2015:17:30:57 +0000] "POST 
/roundcubemail/63350724609ca0f3/?_task=mail&_action=refresh HTTP/1.1" 
200 186
192.168.156.30 - - [25/Nov/2015:17:31:01 +0000] "GET 
/roundcubemail/63350724609ca0f3/?_task=logout&_token=8cfe772e7b2535db746bbaafb49449ba 
HTTP/1.1" 200 5936

==> /var/log/maillog <==
Nov 25 17:31:13 mail imap[4897]: starttls: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 25 17:31:13 mail imap[4897]: login: localhost.localdomain 
[127.0.0.1] philip.trickett at example.org PLAIN+TLS User logged in 
SESSIONID=<mail2-4897-1448472673-1-655763290223196110>
Nov 25 17:31:13 mail imap[4897]: USAGE philip.trickett at example.org user: 
0.009506 sys: 0.003168

==> /var/log/httpd/ssl_access_log <==
192.168.156.30 - - [25/Nov/2015:17:31:13 +0000] "POST 
/roundcubemail/63350724609ca0f3/?_task=login HTTP/1.1" 302 -

==> /var/log/maillog <==
Nov 25 17:31:13 mail imap[3783]: starttls: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 25 17:31:13 mail imap[3783]: login: localhost.localdomain 
[127.0.0.1] philip.trickett at example.org PLAIN+TLS User logged in 
SESSIONID=<mail2-3783-1448472673-1-6058572438371252881>
Nov 25 17:31:13 mail imap[3783]: USAGE philip.trickett at example.org user: 
0.003986 sys: 0.001599

==> /var/log/httpd/ssl_access_log <==
192.168.156.30 - - [25/Nov/2015:17:31:13 +0000] "GET 
/roundcubemail/1b8c245e42d4ac37/?_task=mail HTTP/1.1" 200 55032
192.168.156.30 - - [25/Nov/2015:17:31:15 +0000] "GET 
/roundcubemail/assets/program/resources/blank.tif HTTP/1.1" 200 270

==> /var/log/maillog <==
Nov 25 17:31:15 mail imap[4897]: starttls: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 25 17:31:15 mail imap[3785]: starttls: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 25 17:31:15 mail imap[4897]: login: localhost.localdomain 
[127.0.0.1] philip.trickett at example.org PLAIN+TLS User logged in 
SESSIONID=<mail2-4897-1448472675-1-12513764351967823944>
Nov 25 17:31:15 mail imap[3785]: login: localhost.localdomain 
[127.0.0.1] philip.trickett at example.org PLAIN+TLS User logged in 
SESSIONID=<mail2-3785-1448472675-1-17553890062648386401>
Nov 25 17:31:15 mail imap[3785]: USAGE philip.trickett at example.org user: 
0.003053 sys: 0.002034

==> /var/log/httpd/ssl_access_log <==
192.168.156.30 - - [25/Nov/2015:17:31:15 +0000] "GET 
/roundcubemail/1b8c245e42d4ac37/?_task=mail&_remote=1&_unlock=0&_action=getunread&_=1448472675540 
HTTP/1.1" 200 75

==> /var/log/maillog <==
Nov 25 17:31:15 mail imap[4897]: USAGE philip.trickett at example.org user: 
0.003734 sys: 0.002348

==> /var/log/httpd/ssl_access_log <==
192.168.156.30 - - [25/Nov/2015:17:31:15 +0000] "GET 
/roundcubemail/1b8c245e42d4ac37/?_task=mail&_refresh=1&_mbox=INBOX&_remote=1&_unlock=loading1448472675929&_action=list&_=1448472675539 
HTTP/1.1" 200 933





>
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20151125/f8227e71/attachment-0001.html>

More information about the users mailing list