- Configuration of Hetzner mail servers
- Added another solution option for not retrieving mails from Exchange mail server
- List of some common error messages with log messages and solutions
- Layout adjustments
General
Can the UMA be used without a mail server?
Can the UMA be used without a mail server?- Answer
- Explanation
After a retrieval, the corresponding emails are either marked as read or deleted. A direct retrieval from user mailboxes would therefore result in only incoming mails being retrieved. Outgoing mails always have a "SEEN" tag and are therefore not archived. In addition, after the UMA has retrieved the emails, the client no longer sees any "New" emails or the UMA does not retrieve any emails because in the client, by clicking on the mails, they already have a "SEEN" tag (are marked as read). The only way the UMA can archive mails in HUB mode is to fetch them from a central mailbox/account, user independent. In order for the mails to enter this newly created mailbox/account, the option of forwarding must exist for each mailbox/account. This forwarding must be applicable for incoming as well as outgoing emails!
With most of the mentioned mail providers NO outgoing forwarding for emails can be set up, which is why the UMA cannot be used here!- Solution
Please consult your email provider in advance regarding the possibility of complete forwarding per mailbox/account! If this option is available, there is nothing to prevent the use of a UMA.
When using Office365 as well as hosted mail server solutions, journaling or full forwarding is possible in most cases.
It is also possible, in this context, to use the Terra Cloud solution or a free internal mail server such as H-Mail.
A guide to setting up MS Office 365 is available on the Securepoint Wiki under Configuration - Office 365.
Is it possible to connect the UMA to multiple user environments?
Is it possible to connect the UMA to multiple user environments?- Answer
Can the transparent mode be configured?
Can the transparent mode be configured?- Answer
What happens if the UMA's license becomes invalid?
What happens if the UMA's license becomes invalid?- Answer
- The retrieval of emails from the collective mailbox is discontinued.
- There is now a read-only system access to the previously archived emails
Do public folders need to be licensed?
Is it necessary to license public folders (distribution lists, shared mailboxes, public folders)?- Answer
Is it possible to map the folder structures of the UMA?
Is it possible to map the folder structures of the UMA?- Answer
Licensing
Why can't the license be imported?
Why can't the license be imported? (e.g.: There was an error uploading the files.)- Answer
- Solution
Another cause can be the internal time of the UMA. If this deviates too far from the license period, the license cannot be uploaded or is invalid after uploading.
1. Connect to the UMA via the console or with an ssh-client. Before an ssh-connect, the ssh-service of the UMA must be started under "Administration -> Maintenance":
ssh -l admin 192.168.175.254
2. Set the time of the UMA to the current date and time:
date -s "06 Oct 2019 10:50:00"
Archive / Archiving
Can certain email addresses be excluded from archiving?
Can certain email addresses be excluded from archiving?- Answer
How are spam emails excluded from archiving?
How are spam emails excluded from archiving?- Answer
Are encrypted emails archived?
Are encrypted emails archived?- Answer
Why are mails not picked up from the Exchange mail server?
Why are mails not picked up from the Exchange mail server?- Answer
- Solution
The retrieval of emails from the collective mailbox is discontinued.
Solution: A new valid license must be registered in the UMA.
Possibility 2: The archive space of the UMA is full
If no memory is available, the UMA cannot archive any more data. Taking into account the system requirements/project planning, the existing memory can be replaced by new memory with a higher capacity.
Detailed instructions on this topic can be found in the Securepoint Wiki under Replacing and Expanding the Archive Memory of the UMA.
Possibility 3: Journal mailbox too full
Above a certain number of emails, the IMAP service of an email system can react sluggishly.
Solution: In this case, on the mail server you need to check the inbox of the journal mailbox and delete unnecessary emails.
The "Leave emails on server" function can be deactivated via the UMA web interface. The UMA then deletes the emails from the journal mailbox after it has picked them up.
Possibility 4: The IMAP service on the mail system is not running
Solution: Check the status of the service on the mail server and restart the service if necessary.
Then perform a connection test with a telnet client to the mail server. How to do this is described in possibility 5.
Possibility 5: Fundamental problem with the IMAP service of the mail system
Solution: Debugging the IMAP service via telnet.
1. Connect to the mail system using a computer with Telnet client installed.
telnet 192.168.1.50 143
Welcome to the server.
OK The Microsoft Exchange IMAP4 service is ready.
2. Log in with the journal account that is also configured in the UMA. In this example, the username is "journal" and the password is "insecure".
a1 LOGIN journal insecure
The IMAP service of the mail system accepts the login.
a1 OK LOGIN completed.
3. Show the available IMAP folders.
a2 LIST „“ „*“
The mail system lists all folders.
* LIST (\HasNoChildren) „/“ Tasks
* LIST (\HasNoChildren) „/“ Entw&APw-rfe * LIST (\HasNoChildren) „/“ „Gel&APY-schte Items“ * LIST (\HasNoChildren) „/“ „Sent items“ * LIST (\HasNoChildren) „/“ Journal * LIST (\HasNoChildren) „/“ Junk-E-Mail * LIST (\HasNoChildren) „/“ Calender * LIST (\HasChildren) „/“ Contacts * LIST (\HasNoChildren) „/“ Notes * LIST (\HasNoChildren) „/“ Outgoing mail * LIST (\Marked \HasNoChildren) „/“ INBOX a2 OK LIST completed.
4. Select the INBOX (Inbox) folder.
a3 SELECT INBOX
The server outputs an overview of the folder.
* 0 EXISTS
* 0 RECENT * FLAGS (\Seen \Answered \Flagged \Deleted \Draft $MDNSent) * OK [PERMANENTFLAGS (\Seen \Answered \Flagged \Deleted \Draft $MDNSent)] Permanent flags * OK [UIDVALIDITY 14] UIDVALIDITY value * OK [UIDNEXT 40] The next unique identifier value a3 OK [READ-WRITE] SELECT completed.
If the mail system has not reported an error up to this point, the IMAP service appears to be running normally and without errors.
Common error: Imap Proxy component on Exchange is inactive.
The status of the component can be retrieved using the following command via the Exchange shell on Exchange 2013 and 2016:
Get-ServerComponentState -identity <ServerName>
If the ComponentState is "inactive", then it can be reactivated with the following command:
Set-ServerComponentState -identity <ServerName> -Component ImapProxy -Requester HealthAPI -State Active
After enabling ComponentState, the IMAPv4 and IMAPv4 BackEnd services must be restarted.
Possibility 6: Bug in the mail server software
It is no longer possible to retrieve emails from the collective mailbox.
Until CU6 (Cumulative Update 6) in the Exchange servers 2013 and 2016 there is a bug which affects the IMAP and POP service. After some time no login can take place, although the services are running and the component state is active.
Solution: Install the latest updates on the mail server. Starting with CU7 on both server variants this error is fixed.
Possibility 7: In Exchange, the trash of the mailbox is full
Pickup from an Exchange is no longer possible.
If the message NO Expunch failed appears in the log, then the recycle bin for the mailbox is full in the Exchange. Mail header errors also appear in the log, but they are not errors because the first mail retrieved is fetched and then cannot be deleted. Every further mail cannot be fetched and generates this message.
Does the UMA archive encrypted emails?
Does the UMA archive encrypted emails?- Answer
- Solution
What happens if there is no more archive space available?
What happens if there is no more archive space available?- Answer
How do I set up encrypted retrieval from Hetzner mail servers?
How do I set up encrypted retrieval from Hetzner mail servers?- Answer
Mail retrieval via IMAP with STARTTLS/TLS (port 143 recommended by Hetzner) or SSL (port 993) then also works via this server.
Import
Why is the bulk import not available?
Why is the bulk import not available?- Answer
Mass import can only be used in conjunction with an AD environment and Microsoft Exchange.
Monitoring
Enable SNMP in the UMA
Enable SNMP in the UMA- Answer
- SNMP Service
- Depending on the type of SNMP query, necessary settings for SNMPv3 or SNMPv2c/v1 can still be selected.
In the System settings / Network section SNMP settings
Read out occupied memory of the UMA via SNMP
Read out occupied memory of the UMA via SNMP- Answer
hrStorageUsed.45 → .1.3.6.1.2.1.25.2.3.1.5 New OID
hrStorageAllocationUnits.45 → .1.3.6.1.2.1.25.2.3.1.5 New OID
The two values must be multiplied:
hrStorageUsed.45 * hrStorageAllocationUnits.45 = Occupied memory in byte
Read out the total memory of the UMA via SNMP
Read out the total memory of the UMA via SNMP- Answer
hrStorageSize.45 → .1.3.6.1.2.1.25.2.3.1.5 New OID
hrStorageAllocationUnits.45 → .1.3.6.1.2.1.25.2.3.1.5 New OID
The two values must be multiplied:
hrStorageSize.45 * hrStorageAllocationUnits.45 = Total memory in byte
A warning message via the monitoring system should therefore be issued at the latest when the system is 80% full, in the best case 70%.
Error messages
Mails are not archived and remain in the journal
Mails are not archived and remain in the journal- Error message
err lmtp(testuser@securepoint.de): Error: auth-master: userdb lookup(testuser@securepoint.de): Auth USER lookup failed
err lmtp(6584): Error: lmtp-server: conn unix:pid=6596,uid=1 [1]: rcpt testuser@securepoint.de: Failed to lookup user testuser@securepoint.de: Internal error occurred. Refer to server log for more information.
err temp error on testuser@securepoint.de. will skip this run (8)
- Cause
- Solution
- In Azure AD, the same mail addresses can exist in different objects only under the item "otherMails"
- In a local AD, multiple entries are also possible for primary mail addresses (attribute "mail"), even if Microsoft does not support it
- Alternatively, duplicate entries can also exist under the attribute "proxyAddresses"
The email address must be removed from the multiple objects (user or public folder) so that it is assigned exclusively to one object.
Mails of a specific domain are not archived
Mails of a specific domain are not archived- Error message
- Cause
- Solution
The domain named in the mail header must be entered in the list of domains to be archived.
Mails of a certain email address are not archived
Mails of a certain email address are not archived- Error message
- Cause
- Solution
The log message "info" also indicates that this is not necessarily an error, but simply serves as an indication that this very email address is not currently archived.
If another header entry with an email address matching a user known to the UMA exists in the same email, this mail will also be archived despite the log message for the same.
Backup target cannot be mounted
Backup target cannot be mounted- Error message
- Cause
- Solution
On a successful backup with a Windows share and automatic SMB selection, the following log run is generated:
2021-05-11 13:46:25 +02:00 Kernel info EXT4-fs (dm-5): mounted filesystem with ordered data mode. Opts: (null)
2021-05-11 13:46:26 +02:00 Backup info syncing disks
2021-05-11 13:46:26 +02:00 Backup info unmounting snapshot
2021-05-11 13:46:26 +02:00 Backup info removing snapshot
2021-05-11 13:46:26 +02:00 Kernel warning No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
2021-05-11 13:46:26 +02:00 Backup info checking for old lingering backup snapshots
2021-05-11 13:46:26 +02:00 Backup info unmounting snapshot
2021-05-11 13:46:26 +02:00 Backup info removing snapshot
2021-05-11 13:46:26 +02:00 Backup info The data backup was completed (job: backup)
2021-05-11 13:46:26 +02:00 Backup info done
Backup has failed
Backup has failed- Error message
2021-05-11 14:03:20 +02:00 Backup info done
2021-05-11 14:03:20 +02:00 Kernel err CIFS VFS: Server 192.168.175.56 has not responded in 180 seconds. Reconnecting...
2021-05-11 14:03:20 +02:00 Kernel err CIFS VFS: Send error in SessSetup = -11
- Cause
- Solution
The cause can then be seen in the kernel log below. In this example, the backup target is no longer accessible.