[ZendTo] {Disarmed} Re: Zend.to error during drop-off

Ken Etter kle at msktd.com
Mon Oct 29 17:28:56 GMT 2018


Gray,
Yep, you did and I checked that and it wasn't it.
Turns out it was me making a stupid mistake.

Ken
>>> Gray McCord via ZendTo <zendto at zend.to> 10/29/2018 12:46 PM >>>
I think I mentioned this before, but I had this problem when clamd was
updated to v100.1 on my Centos7 server. Adding the apache user (in my
case “apache” ) to the “virusgroup” group cleared up the problem, which
was the clamd daemon being unable to properly access its socket file. 
 
Prior to the v100 versions of clamd, the scanner user and group were
the same: “clamscan:clamscan”. With the new version this changed to
“clamscan:virusgroup” for some reason and it broke my Zendto. (Thanks
to Jules for pointing me to a much more safe and simple solution to a
problem I originally overcomplicated! ��)
 
This may not be your problem, but it’s worth a try.
 
Good Luck!
 
Gray
 
 
Gray McCord
Adapt, Mutate, Migrate, or Die
														
 -C. Darwin
 
From: ZendTo <zendto-bounces at zend.to> on behalf of Ken Etter via ZendTo
<zendto at zend.to>
Reply-To: ZendTo Users <zendto at zend.to>
Date: Monday, October 29, 2018 at 11:17 AM
To: Jules Field <jules at zend.to>, ZendTo List <zendto at zend.to>
Cc: Ken Etter <kle at msktd.com>
Subject: {Disarmed} Re: [ZendTo] Zend.to error during drop-off
 
I started with that because I already had a downloaded copy.
I just completed another test install and got the same results - error
- failed to drop-off files.
I'll send the files off list.  Thanks.
Ken 
>>> Jules Field <Jules at Zend.To> 10/29/2018 10:16 AM >>>
> Ken,
 
I only changed the FQDN to set the domain name. As Ubuntu set itself
up, I didn't appear to have a domain name set, so "hostname --fqdn" was
just giving "kenetter" as it had no domain name. So I set the domain
name as per those instructions in order to get a fully-qualified name
out of "hostname --fqdn" before starting to install ZendTo.
If the ZendTo Installer cannot deduce a likely DNS domain name, it
tends to make some wrong decisions when setting up the preferences.php
and internaldomains.conf files. For a pain-free installation, I tend to
set that first, so that at least it has *a* domain name, even if it's
not the same one as the website is going to have. Having the output of
"hostname --fqdn" contain no dots at all is not a good sign of a "well
setup" server. :)
That actual hostname and such like is irrelevant to ZendTo. What's
important is that the serverRoot in preferences.php matches up with what
Apache thinks it's serving it as.
You can put ZendTo on a server that has lots of other sites on it as
well, that's no problem at all.
Do you want to send me (off list) your Apache config for ZendTo, in
addition to the preferences.php, zendto.conf and internaldomains.conf
files? It's either something odd in there, or else your Ubuntu 16.04.3
system isn't anything like as "vanilla" as you think it is.
Out of interest, why start with 16.04.3? That's not the latest 16.04
media available from Canonical, I had to go and hunt for it to reproduce
your steps.
Cheers,
Jules.
On 29/10/2018 14:06, Ken Etter wrote:


Jules,
Something doesn't seem clear here. You mention changing the FQDN of the
server. Why should that even be necessary? I run multiple web servers on
the same server and the site addresses do not have anything at all to do
with the server name or the server FQDN. For ZendTo to work properly
does the site address have to match the server FQDN?

Ken
>>> Jules Field <Jules at Zend.To>
( mailto:Jules at Zend.To)  10/26/2018 7:26 AM >>>
> Ken, 
 
I have just built a ZendTo VM from scratch using the exact same version
of Ubuntu you did, and the current production release of ZendTo (as
installed by my Installer).
It worked absolutely fine for me.
Attached is the PDF log of what I did, so you can read through it.
I didn't have to change the server name, as I had already set the FQDN
to the same name in the Ubuntu networking setup (as documented in the
PDF).
And I didn't touch *anythin
g* after running the Installer, including
zendto.conf, preferences.php and the Apache config.
I would be starting to suspect your preferences.php settings. What
happens if you check the serverRoot is right, and make sure that Apache
config matches. Otherwise just use the preferences.php as the Installer
leaves it.
On a VM with only 1GB, the current production release probably won't be
able to encrypt a drop-off. I've reduced the memory requirements for
that in the latest betas, but in the mean time you will probably need at
least 2GB RAM to be able to use encryption.
Cheers,
Jules.
On 26/10/2018 09:20, Jules Field wrote:


Ken, 
 
This is really odd. I did thoroughly test the Installer on every
supported version of every flavour of Linux that I say it works on. I've
got dozens of old VMs to prove it. :-/
I'm downloading 16.04.3 (amd64) right now, and will walk through the
same steps as you listed below.
I'll let you know the results as soon as I've built it.
Cheers,
Jules.
On 25/10/2018 17:57, Ken Etter wrote:


Jules,
I just finished setting up a brand new VM and I get the same error
message! This makes no sense! Any thoughts?
* installed Ubuntu 16.04.3 as a basic server
* configured networking
* installed openssh-server
* patched server to 16.04.5
* downloaded your installer and ran it
used most defaults except I had to specify the smtp server and the
address of the site
the site address defaulted to https://server_name and I changed it to
https://transfer.msktd.com
* modified preferences.php and zendto.conf for my settings
* reboot
* login to site and attempt a drop off and I get the same error as my
upgraded site
 
What could possibly be wrong in what I did?
 
Ken
>>> Jules Field <Jules at Zend.To>
( mailto:Jules at Zend.To)  10/25/2018 11:41 AM >>>
> Edit your /etc/passwd file to set the shell for your Apache user to
/bin/bash. 
 
Then "pwconv" so the change takes effect.
Then try this
su - apache (or whatever user your Apache is running as) 
 
clamdscan /var/zendto/* 
 
clamdscan --fdpass /var/zendto/* 
 
exit 
 
What happened? Did the virus scans both complete successfully?
If not, and you're running CentOS/RedHat 7, try this and then give the
above another try:
groupmems --group virusgroup --add apache 
 
systemctl restart httpd 
 
I added that extra groupmems command to the Installer a day or two ago
when I discovered that RedHat/CentOS had changed their group membership
rules in an update.
Any improvement?
Cheers,
Jules.
P.S. Otherwise, if you can give me remote ssh access I can login myself
and take a look for you. I would be interested to see what it is, if
it's not any of the above.
On 25/10/2018 16:22, Ken Etter wrote:


Yep, PHP 7.2 is installed. I've run through the installer multiple
times now. No change, still get the error.
Ken
>>> Jules Field <Jules at Zend.To>
( mailto:Jules at Zend.To)  10/25/2018 11:15 AM >>>
> Do you have PHP 7.2 installed? 
 
My Installer can be run in stages, and those stages can be run
independently.
So you might want to download the Installer, unpack it and wander into
it. In what will obviously be the right sub-dir for your OS, you will
see the numbered scripts.
# cd install.ZendTo/CentOS-RedHat/ 
 
# ls 
 
1-devtools.sh 3-clamav.sh 5-httpd-php.sh 7-zendto.sh CentOS6 RHEL7 
 
2-php.sh 4-firewall.sh 6-email.sh 8-selinux.sh RHEL5 
 
# 
 
If your web server is already working nicely, then you can probably
skip stage 1 (though it won't do any harm).
If you haven't installed PHP 7.2 along with things like the sodium
extension, then run stage 2 which installs PHP. (Grab a backup copy of
your ZendTo installation first, as it may have to remove the *whole* of
PHP first which can also remove ZendTo and other PHP applications in the
process, before it can install the correct version).
Stages 3 and 5 shouldn't do any damage, but will add any new settings
they need for PHP and so on.
Stage 7 does the actual ZendTo installation itself, which it will do as
an upgrade if it finds a zendto R
PM already installed. Well worth
running.
Stage 8 is only relevant if you are using SELinux, and won't do
anything if you're not.
Since version 4, ZendTo no longer needs any form of custom-built PHP or
anything like that. So there's no recompiling to be done.
Then if you have a previous preferences.php and/or zendto.conf, you
need to use
/opt/zendto/bin/upgrade_preferences_php
and
/opt/zendto/bin/upgrade_zendto_conf
to upgrade those files.
Also, if you have done an RPM upgrade from ZendTo 4, you probably have
a whole stack of *.rpmnew files in /opt/zendto/templates. You want to
move each of those into place so they replace your old *.tpl files.
As I said, it really is faster/easier/better to build v5 from scratch,
its requirements are so different from v4.
Hope that helps,
Jules.
On 25/10/2018 15:59, Ken Etter wrote:


None of that helps. I'm building a new system. This is a production
system. I never had problems in the past with upgrading so I went ahead
and did it. Bad move. Unless anyone has any other ideas, I will just
keep working on setting up the new system. I have to get something
running again for my users.
 
Ken
>>> Jules Field via ZendTo <zendto at zend.to>
( mailto:zendto at zend.to)  10/25/2018 10:53 AM >>>
> Yes, those directories do need to be writable by whatever user and
group your web server is running as. 
 
If you are using SELinux (most likely if you are using CentOS or
RedHat), then I would also advise
restorecon -FRv /opt/zendto /var/zendto 
 
to reset all the SELinux attributes to the values configured by my
Installer.
Also, if you think it might be an SELinux problem, you can switch it
into "permissive" mode by
setenforce permissive 
 
systemctl restart httpd 
 
systemctl restart clamd at scan 
 
To switch it back to "enforcing", you then do
setenforce enforcing 
 
systemctl restart httpd 
 
systemctl restart clamd at scan 
 
Cheers,
Jules.
On 25/10/2018 14:31, Gray McCord via ZendTo wrote:


I’ve seen that message as well. Check the file permissions on the
/opt/zendto directories. Seems like I needed to make them writeable by
the apache user, but I could be mistaken.
Gray McCord
Adapt, Mutate, Migrate, or Die
-C. Darwin
From: ZendTo <zendto-bounces at zend.to>
( mailto:zendto-bounces at zend.to)  On Behalf Of Ken Etter via ZendTo
Sent: Thursday, October 25, 2018 8:26 AM
To: ZendTo List <zendto at zend.to>
( mailto:zendto at zend.to) 
Cc: Ken Etter <KLE at msktd.com>
( mailto:KLE at msktd.com) 
Subject: Re: [ZendTo] Zend.to error during drop-off
Going back through the mailing list archives, I see that I am having
exactly the same problem as Kevin O'Connor in this thread: MailScanner
has detected a possible fraud attempt from
"emea01.safelinks.protection.outlook.com" claiming to be
http://jul.es/pipermail/zendto/2018-June/003208.html
(
https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjul.es%2Fpipermail%2Fzendto%2F2018-June%2F003208.html&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=%2FMQVOSO5ZjLwkrQ991eChCvoSfFOLwm3yUcnFSzoRc0%3D&reserved=0)

Files are uploaded, but I get that error message and the email is not
sent.
There is no stated resolution in that thread. Any suggestions or do I
have to rebuild a brand new Zend.To server?
Zend.To has been fairly solid for me...a bit of a pain to find this
upgrade to be so fragile.
Ken
>>> Ken Etter via ZendTo <zendto at zend.to> 10/25/2018 8:38 AM >>>
I am running this on Ubuntu 16.04.5 LTS if that matters.

Ken
>>> Ken Etter via ZendTo <zendto at zend.to> 10/25/2018 8:36 AM >>>
Just upgraded my Zend.To installation from 4.x to 5.15-1. Everything
appeared to go ok. But when I click drop-off files, I get an error that
states: "Sorry, I failed to drop-off your files! Note that you cannot
drop-off directories, only files." I'm not dropping off a directory,
just a single file. I tried a couple different file types - same error
each time. Any suggestions for fixing this? Thanks!



Ken Etter, System Admin
istrator
Architectural Group
260.432.9337 | MailScanner has detected a possible fraud attempt from
"emea01.safelinks.protection.outlook.com" claiming to be msktd.com
(
https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmsktd.com%2F&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=XsZydsv5daB1usPtdakyqf%2BjPxBLH9n8NbGcrjhC34Y%3D&reserved=0)

 
_______________________________________________ZendTo mailing
listZendTo at zend.tohttps://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjul.es%2Fmailman%2Flistinfo%2Fzendto&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=xP3P4EW7oR3QO73%2Bha6sE0Qt7F6lTIDgT%2B09ppjkZZ0%3D&reserved=0
(
https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjul.es%2Fmailman%2Flistinfo%2Fzendto&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=xP3P4EW7oR3QO73%2Bha6sE0Qt7F6lTIDgT%2B09ppjkZZ0%3D&reserved=0)
 
Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'The past is
supposed to be a place of reference, not a place ofresidence! There is a
reason why your car has a big windshield anda small rearview mirror. You
are supposed to keep your eyes on whereyou are going, and just
occasionally check out where you have been.' - Willie Jolley
www.Zend.ToTwitter: @JulesFM
 
Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM IMPORTANT: This
email is intended for the use of the individualaddressee(s) named above
and may contain information that isconfidential, privileged or
unsuitable for overly sensitive personswith low self-esteem, no sense of
humour or irrational religiousbeliefs. If you are not the intended
recipient, any dissemination,distribution or copying of this email is
not authorised (eitherexplicitly or implicitly) and constitutes an
irritating social fauxpas. Unless the word absquatulation has been used
in its correct contextsomewhere other than in this warning, it does not
have any legalor no grammatical use and may be ignored. No animals were
harmedin the transmission of this email, although the kelpie next dooris
living on borrowed time, let me tell you. Those of you with
anoverwhelming fear of the unknown will be gratified to learn thatthere
is no hidden message revealed by reading this warning backwards,so just
ignore that Alert Notice from Microsoft. However, by pouring a complete
circle of salt around yourself andyour computer you can ensure that no
harm befalls you and your pets.If you have received this email in error,
please add some nutmegand egg whites, whisk and place in a warm oven for
40 minutes. www.Zend.ToTwitter: @JulesFM
 
Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'It's very
unlikely indeed he will ever recover consciousness, and if he does he
won't be the Julian you knew.' - A hospital consultant I proved very
wrong in 2007 :-) www.Zend.ToTwitter: @JulesFM
 
Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'Is the Holocaust
an aberration, or a reflection of who we really are?' - Holocaust
Museum, Berlin www.Zend.ToTwitter: @JulesFM 
Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'Named must your
fear be before banish it you can.' - Yoda www.Zend.ToTwitter: @JulesFM
 
Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM IMPORTANT: This
email is intended for the use of the individualaddressee(s) named above
and may contain information that isconfidential, privileged or
unsuitable for overly sensitive personswith low self-esteem, no sense of
humour or irrational religiousbeliefs. If you are not the intended
recipient, any dissemination,distribution or copying of this email is
not authorised (eitherexplicitly or implicitly) and constitutes an
irritating social fauxpas. Unless the word absquatulation has been used
in its correct contextsomewhere other than in this warning, it does not
have any legalor no grammatical use and may be ignored
. No animals were
harmedin the transmission of this email, although the kelpie next dooris
living on borrowed time, let me tell you. Those of you with
anoverwhelming fear of the unknown will be gratified to learn thatthere
is no hidden message revealed by reading this warning backwards,so just
ignore that Alert Notice from Microsoft. However, by pouring a complete
circle of salt around yourself andyour computer you can ensure that no
harm befalls you and your pets.If you have received this email in error,
please add some nutmegand egg whites, whisk and place in a warm oven for
40 minutes. www.Zend.ToTwitter: @JulesFM
_______________________________________________ ZendTo mailing list
ZendTo at zend.to http://jul.es/mailman/listinfo/zendto 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20181029/72554f1d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMAGE.png
Type: image/png
Size: 10425 bytes
Desc: Portable Network Graphics Format
URL: <http://jul.es/pipermail/zendto/attachments/20181029/72554f1d/attachment-0001.png>


More information about the ZendTo mailing list