Symptoms
Qmail servers use NFS shares as mailbox storage.
Trying to log in to the webmail from Customer's Control Panel using the link Open Web Mail results in the following error:
Login failed.
This page was disabled by security reason. You can log into webmail using POA CP or url like 'webmail.yourdomain'.
Cause
One of possible reasons is unsynchronized time between Qmail server and NFS server where mailboxes are stored.
This issue can be identified by trying to authenticate to Courier-Imap service, e.g. run the command like this on webmail server:
# telnet IP_OF_QMAIL_SERVER 143
00000000 LOGIN someone@domain.tld mypassword
As the result, the similar output will appear:
* OK [CAPABILITY IMAP4rev1 NAMESPACE] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.
00000000 LOGIN someone@domain.tld mypassword
* BYE Clock skew detected. Check the clock on the file server
Or
NO Error in IMAP command received by server.
This message means that time is different on Qmail server and on NFS server and webmail cannot log in to IMAP service.
Resolution
Synchronize time on all Qmail and NFS servers using the utility 'ntpdate' (use some known NTP servers like time.nist.gov), e.g.:
# ntpdate 10.10.10.10 192.1.100.100 10.10.10.20
20 May 00:13:48 ntpdate[17580]: step time server 192.1.100.100 offset -191.476167 sec
In order to fix problem permanently, either configure cron job on all involved servers to run the utility 'ntpdate' periodically (e.g. every 5 minutes) or configure NTP service on all servers. Use instructions from OA Deployment Guide to set up NTP service:
Log on to server by SSH
Ensure that NTP package is installed (install if necessary):
# rpm -qa | grep ntp-Perform the following synchronization commands:
# echo "server time.nist.gov" > /etc/ntp.conf # chkconfig --level 2345 ntpd on # service ntpd stop # ntpdate time.nist.gov # service ntpd start