Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: ZCS 4.5.10 upgrade to ZCS 5.0.0

  1. #1
    socate is offline Senior Member
    Join Date
    Dec 2007
    Location
    Romania
    Posts
    50
    Rep Power
    7

    Default ZCS 4.5.10 upgrade to ZCS 5.0.0

    Hi all,

    I use Open SuSe 10.3 as a Server for ZCS mail service; until two days ago I use ZCS 4.5.10 with success with no issues - everything was OK!

    I make the upgrade to 5.0.0 - the upgrade process run OK, the server start but now the POP3/POP3S works only when Enable Clear Text Login option is checked.
    The "TLS Authentification only" option is unchecked in Global options and Servers; I read that this issue was corrected since version 4.

    Someone have the same issues?

    A question for experts: what effect have the option "Enable clear text login" option to server security? I don't find a page where to be explaned...

    Thanks

  2. #2
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    I'm gonna guess that you have an SSL certificate that is different from the old server (got re-generated in the upgrade) and your clients still have the old cert. in their stores. You might need to delete the old certs from your clients and re-install the new ones.

    I'm presuming, of course, that you can log into the web client just fine, it is only your external clients that aren't working; otherwise you'd be having a lot more login troubles than just clear text.

    And since clear text means that anyone who packet-sniffs your email anywhere in the network path gets not only the mail stream itself, but also your passwords and user ids, I don't think it's a really wise configuration.

    Cheers,

    Dan

  3. #3
    socate is offline Senior Member
    Join Date
    Dec 2007
    Location
    Romania
    Posts
    50
    Rep Power
    7

    Thumbs up

    "You might need to delete the old certs from your clients and re-install the new ones."

    How I do this? Stupid question but I don't know!

    And in webmail everything seems fine! No issues!

    Thks for tips!

    If I uncheck the option Clear text loging in POP section, again the same issue; I try to use also POP3S but the same...
    ------------
    new add
    ------------
    I just take a closer look to webUI on Certificates section and there is only one certificate and is valid since I install for first time Zimbra on November 12'th 2007. I try to install a new certificate and I receive an error.
    What I need to do?
    Last edited by socate; 01-14-2008 at 01:01 AM.

  4. #4
    socate is offline Senior Member
    Join Date
    Dec 2007
    Location
    Romania
    Posts
    50
    Rep Power
    7

    Default

    I just update to the version 5.0.1 but the error persist; someone know how to downgrade back to 4.5.10 without lossing informations and settings?

  5. #5
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    Quote Originally Posted by socate View Post
    "You might need to delete the old certs from your clients and re-install the new ones."

    How I do this? Stupid question but I don't know!
    No, not a stupid question at all. Each browser stores SSL certificates in its own place. I described this in detail on this post.

  6. #6
    socate is offline Senior Member
    Join Date
    Dec 2007
    Location
    Romania
    Posts
    50
    Rep Power
    7

    Default

    Hi,

    Like I told before, I don't have issues with webmail! Works fine! My problems are regarding POP3 access - because many of our colegues use Blackbarry services so they need POP3 access! In previous version (4.5.10) all setting work normal - it was not necesary to check option "Clear text password". I really don't want to use this option anymore because the risk is too big! I don't know when someone will attack the server.

    Anyway, I don't know if this is a real bug or someone miss some setting from previous version!

    I really hope that this error will be repaired soon.

    Regarding Security Certificates I see that IE7 don't import him so all the time he ask me if I want to load him...

  7. #7
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    I don't have a Blackberry so I can't check the specific settings, but if Blackberries can use SSL (which they must since you used it before) they, too, may need the SSL certificates cleared out and refreshed. I can't tell you how to do that because I've never used one, but all SSL connections require a valid SSL certificate, and if your certificate has changed, devices that used to connect may not give offer you the opportunity to import the changed certificate till you clear out the old one.

    I've only looked at IE7 on Vista since I'm keeping it off of my network machines, but on the one instance where I did use it, importing the certificate was a royal pain that involved importing the Zimbra certificate authority (from your own Zimbra server) to the root certification authorities. It's not in the same place it was for IE6 and before. Microsoft details the security "enhancements" to IE7 here. The relevant portion:
    If the certificate was not signed by a trusted certification authority, you can add the certification authority if you trust the authority. Trusting a malicious certification authority will put your computer at risk, so use discretion. To add a Trusted certification authority, continue navigation from the Certificate Error page, and then click the Certificate Error button in the Internet Explorer address bar. Click the View Details link. On the Certification Path tab, select the root certificate and click the View Certificate button. On the General tab, click Install Certificate.
    It's a pain, but it does work. Once you have approved the certification authority, the certificate will be accepted.

    Cheers,

    Dan

  8. #8
    socate is offline Senior Member
    Join Date
    Dec 2007
    Location
    Romania
    Posts
    50
    Rep Power
    7

    Default

    Quote Originally Posted by dwmtractor View Post
    I don't have a Blackberry so I can't check the specific settings, but if Blackberries can use SSL (which they must since you used it before) they, too, may need the SSL certificates cleared out and refreshed. I can't tell you how to do that because I've never used one, but all SSL connections require a valid SSL certificate, and if your certificate has changed, devices that used to connect may not give offer you the opportunity to import the changed certificate till you clear out the old one.
    OK, Blackberry it's a service offer by our Mobile Provider (Vodafone) and the process is this: Vodafone check the message from our server and after that the messages will be delivered on our mobile devices! If Vodafone can't verify e-mail (via POP3 or POP3S) I don't receive any email on mobile device! This is Blackbarry service!

    The problem is somewere inside Zimbra because I install a new Windows into a VM and the same issue!
    Last edited by socate; 01-17-2008 at 01:26 AM.

  9. #9
    socate is offline Senior Member
    Join Date
    Dec 2007
    Location
    Romania
    Posts
    50
    Rep Power
    7

    Exclamation

    Hi again!

    I make again a simple test on the same server/same OS!

    What I do:

    1) Backup last version
    2) uninstall Actual Version (5.0.1)
    3) install again 4.5.10

    On clean install I discover that this issue still exist! Can't connect via POP3

    I go forward and I restore the last backup maded on 4.5.10! I repair permisions, all process started after another upgrade (another install of 4.5.10) and now Everything it's OK!

    Maybe it's something in Postfix? Why the clean install don't work from begining?

  10. #10
    socate is offline Senior Member
    Join Date
    Dec 2007
    Location
    Romania
    Posts
    50
    Rep Power
    7

    Default

    What I discover:

    I make some test as I write before; on version 4.5.10 the TLS error are depending on SMTP Proxy - this service from default is not running! After enable this process everything it's fine.
    Now, on this version we use Postfix version 2.2.9; since 2.3.0, postfix include TLS (as version1 - TLSv1) protocos as a standard insteed SSLv3. Now, the ZCS 5.0.x use direct Postfix v 2.4.3 and this is the issue.

    I try different combinations of SMTP_TLS options (from The Postfix Home Page) but with no success. Maybe someone, with more expirience" can help us! We can not use anymore 'Clear Text login" option - for security reasons!

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 04:52 AM
  2. Migrate from 4.5.10 to 5.0.0 GA?
    By folioguru in forum Migration
    Replies: 3
    Last Post: 01-10-2008, 10:14 AM
  3. Replies: 27
    Last Post: 01-07-2008, 09:07 AM
  4. Replies: 41
    Last Post: 10-29-2007, 02:36 PM
  5. ZCS 3.2 Beta Available
    By KevinH in forum Announcements
    Replies: 31
    Last Post: 07-07-2006, 03:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •