API not working after update to 2014.10

Bugs and fixes announcements. Please post real bugs and fixes here. Ask in the help forums if unsure.

Moderators: FlorianB, Pascal, bourgeois, mentor

del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

API not working after update to 2014.10

Postby del » Tue Dec 16, 2014 8:16 pm

Hey,

I updated on saturday but the API is not working anymore.
When calling /api/soap/ i get:

Code: Select all

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>WSDL</faultcode>
<faultstring>
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://localhost:443/api/soap?wsdl' : failed to load external entity "https://localhost:443/api/soap?wsdl"
</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Before update I got:

Code: Select all

<SOAP-ENV:Envelope>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>Sender</faultcode>
<faultstring>Invalid XML</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Any ideas? :D
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: API not working after update to 2014.10

Postby del » Fri Dec 19, 2014 6:22 pm

This is a serious problem here, anyone any idea?
Julien
Posts: 31
Joined: Mon Jul 14, 2014 8:43 am
How did you hear about Mailcleaner: job

Re: API not working after update to 2014.10

Postby Julien » Mon Dec 22, 2014 3:39 pm

Hi del,

The last patch did not introduce large change.
About web server config you have to check your certificate because of apache version / cypher preferences / no sslv3.

On our community cluster it works. On the enterprise version also.
:?

Julien.
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: API not working after update to 2014.10

Postby del » Mon Dec 22, 2014 4:18 pm

Hm.
So you dont get this error when using your /api/soap/ site?
The Certificate is valid (SHA256RSA) but it sure doesn't match "localhost" ;)
May there be a problem? Any idea where I can have a look at? Maybe enable more logging?

Best regards,
del
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: API not working after update to 2014.10

Postby del » Fri Jan 02, 2015 12:04 pm

Still no news on this?
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: API not working after update to 2014.10

Postby del » Sun Jan 04, 2015 12:39 am

How do I say the server not to call localhost:443 but the server's name?
It's just not true, that I'm the only one with this problem :)
Julien, Olivier, please give me a hint.

Found this post too:
viewtopic.php?f=12&t=2144
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: API not working after update to 2014.10

Postby del » Thu Jan 15, 2015 2:24 pm

Still not fixed. Seriously, you dont have any problems on your test systems?
What are the differences between your Community Edition Cluster and the version you gave us?

I'd really like to help but without any information from you it's impossible and very frustrating for me.
Seems like the problems started when you included the openssl 1.0.1
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: API not working after update to 2014.10

Postby del » Tue Feb 10, 2015 8:32 pm

Dear Olivier, dear Julien,

I am really upset about this one here. You do not provide any paid support for mailcleaner community edition anymore but also do not support us here with some information to get rid of problems.
Olivier, we talked about this last year on the CeBIT in Germany and I told you that I'd love to support MC more and be absolutely willing to pay money. We have spent about 700USD in 2013 and 2014 because I really think, this project is good and worth getting supported. We would even use the commercial version of MC but we have to do some modifications that makes it impossible for us to use.

When Julien joined this board and made that post: viewtopic.php?p=8722#p8722 I thought it is getting better but it's getting worse. Not even the things contributed by the community are used to improve mailcleaner like my post from December 2013: viewtopic.php?f=6&t=1894

I really hope we can find a solution for this. There are so many users here that want to improve, want to help and maybe spend some money for this project. Please, let us provide input for you, support the users and get MC ready for the future. And please, help us fixing problems.

Thank you,
Fabian
jimp
Posts: 14
Joined: Tue Aug 13, 2013 5:27 pm
How did you hear about Mailcleaner: Google searching for antispam gateway

Re: API not working after update to 2014.10

Postby jimp » Tue Feb 24, 2015 7:53 am

del,

I noticed the upgrade to 2014.10 has enabled strict SSL verification in general, but I still do not know what exactly upgraded to cause that. My guess is MailCleaner's code isn't at fault, but rather a system package (openssl) upgraded and has introduced strict validation. I wish I could turn it off, or at least configure MC to allow certificate name mismatches. See my post about the SMTP connector breaking, which is still not fixed or acknowledged by anyone else: viewtopic.php?p=8763#p8763. I think our issues are related. I worked around the issue by configuring the correct FQDN for domains that actually login to my MC.

You could edit out the HTTPS portion of the URL in the SOAP code. I haven't tried this, but I went searching for a solution to try to help you out. I want to try the API soon, but it definitely looks broken based your reports and the code--for anyone using HTTPS with MC at least.

1. Edit /usr/mailcleaner/www/api/application/api/controllers/SoapController.php.
2. Comment out the line (or entire if block) that initializes the URL to "https://":

Code: Select all

        public function init()
        {
                Zend_Registry::set('soap', true);

                $this->_url = 'http://';
                if (isset($_SERVER['HTTPS'])) {
//                      $this->_url = 'https://';
                }
                $this->_url .= 'localhost'.":".$_SERVER['SERVER_PORT'].$_SERVER['REQUEST_URI']."?wsdl";
                $this->_options{'uri'} = $this->_url;

                require_once('SoapInterface.php');

        }

The CVS log doesn't indicate this code has changed since it was first introduced to the Community Edition, which is further evidence a system library upgrade is the origin of the issue.

Alternatively, you could also try replacing 'localhost' with your SSL common name, although it wouldn't be ideal to hardcode your hostname there. Non-SSL on the localhost is fine, IMO.
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: API not working after update to 2014.10

Postby del » Tue Feb 24, 2015 1:18 pm

Hi jimp,

thanks for the hint but it doesnt work:

Code: Select all

<SOAP-ENV:Envelope><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>WSDL</faultcode><faultstring>SOAP-ERROR: Parsing WSDL: Couldn't load from 'http://localhost:443/api/soap/?wsdl' : failed to load external entity "http://localhost:443/api/soap/?wsdl"
</faultstring></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>


I think the problem is the new httpd-package which comes with openssl 1.0.1.
It's located in /opt/openssl/

Code: Select all

# /opt/openssl/bin/openssl version -a
OpenSSL 1.0.1j 15 Oct 2014
built on: Thu Nov 13 10:55:07 CET 2014
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/opt/openssl"

Code: Select all

# /opt/apache2/bin/httpd -V
Server version: Apache/2.2.29 (Unix)
Server built:   Nov 13 2014 10:59:03
Server's Module Magic Number: 20051115:36
Server loaded:  APR 1.5.1, APR-Util 1.5.3
Compiled using: APR 1.5.1, APR-Util 1.5.3
Architecture:   64-bit
Server MPM:     ITK
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/experimental/itk"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/opt/apache2"
 -D SUEXEC_BIN="/opt/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/opt/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/opt/apache2/httpd.conf"


Can you see anything that might cause the problems?
jimp
Posts: 14
Joined: Tue Aug 13, 2013 5:27 pm
How did you hear about Mailcleaner: Google searching for antispam gateway

Re: API not working after update to 2014.10

Postby jimp » Sat Mar 14, 2015 6:58 am

I'm sorry I didn't get back to you. I thought I had forum notifications enabled but did not.

I am with you. The SOAP API doesn't work. (The REST one still does.) I have been trying for a while tonight to figure out where the error is, but I haven't had much success. But my research points to PHP 5.6, which I'm guessing must have been upgraded with the latest MailCleaner release.

http://stackoverflow.com/questions/2514 ... ct-to-wsdl
http://php.net/manual/en/class.soapclient.php#116724
http://php.net/manual/en/migration56.openssl.php
aevans
Posts: 6
Joined: Mon Mar 16, 2015 6:46 pm
How did you hear about Mailcleaner: Google

Re: API not working after update to 2014.10

Postby aevans » Fri Mar 27, 2015 10:10 am

Would this bug cause the CANNOTLOADMESSAGE problems when trying to view a quarantined message from a slave machine in a cluster setup?

Return to “Bugs and fixes”

Who is online

Users browsing this forum: No registered users and 1 guest