ZimbraAdmin unavailable after I try configure the SMTP Auth.

[FredArgolo]

Hello!!

I want to send email by the outlook using smtp auth but I cant!

I run the command: zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key with a root user, to generate smtpd.crt file. After that, the ZimbraAdmin web interface didnt work any more because a problem with the encryption. ?!?!

When I use Kmail client (TLS + Plain Text) I can send email, but with the Outlook didnt work.The follow messages appear in log:


"Jan 25 15:47:40 webmail postfix/smtpd[6381]: NOQUEUE: reject: RCPT from unknown[200.20.86.136]: 504 <windows>: Helo commandrejected: need fully-qualified hostname; from=<fred@piraidigital.com.br> to=<fred@linuxsolutions.com.br> proto=ESMTP helo=<windows>"

But to correct this error, I need access the zimbraAdmin!!! And my firefox cant connect because the encryption problem. Who can help me?

[marcmac]

Your error isn't about smtp auth

It's about
"Jan 25 15:47:40 webmail postfix/smtpd[6381]: NOQUEUE: reject: RCPT from unknown[200.20.86.136]: 504 <windows>: Helo commandrejected: need fully-qualified hostname; from=<fred@piraidigital.com.br> to=<fred@linuxsolutions.com.br> proto=ESMTP helo=<windows>"

non fully-qualified hostname in the HELO command, which is a client error. You can turn off the requirement for that in the admin console.

So - about the admin console:

I run the command: zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key with a root user, to generate smtpd.crt

You really want to run that command as the zimbra user, not the root user. You're probably going to have to remove /opt/zimbra/conf/smtpd* and re-run the command (as zimbra).

This should not have caused an encryption problem in FF - what version are you using?

Did you try recreating all your certs? Is zmcertinstall the only command you ran as root, or did you run zmcreateca as root, too?

Search the forums for cert recreationg steps.

[FredArgolo]

I run the zmcreateca as root to!! I did this because I had permissions problems when I tried run this command with the zimbra user!!!!

The error that appear when access the zimbraAdmin interface is:
"Firefox cannot communicate securely because they have no common encryption algorithms."

It was necessary I re-create the certifications?? And why when I try run the zmcreateca or zmcreatecert with zimbra user I got problems permissions, like:


[zimbra@webmail ~]$ zmcreatecert
rm: impossible remove `/opt/zimbra/ssl/ssl/newCA/index.txt': Permission denied
rm: impossible remove `/opt/zimbra/ssl/ssl/newCA/index.txt.old': Permission denied
rm: impossible remove `/opt/zimbra/ssl/ssl/newCA/newcerts/04.pem': Permission denied
touch: cannot touch `/opt/zimbra/ssl/ssl/newCA/index.txt': Permission denied
/opt/zimbra/bin/zmcreatecert: line 64: /opt/zimbra/ssl/ssl/ca/ca.srl: Permission denied
** Importing CA

keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
.++++++
..........++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
I am unable to access the /opt/zimbra/ssl/ssl/newCA/newcerts directory
/opt/zimbra/ssl/ssl/newCA/newcerts: Permission denied
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=webmail.piraidigital.com.br
Getting CA Private Key
error attempting to write serial number file
/opt/zimbra/ssl/ssl/ca/ca.srl: Permission denied
8956:error:0200100D:system library:fopen:Permission denied:bss_file.c:259:fopen('/opt/zimbra/ssl/ssl/ca/ca.srl','w')
8956:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to write 'random state'

[marcmac]

I can only assume it had been run as root in the past.

Do this:

su - root
rm -rf /opt/zimbra/ssl
su - zimbra
zmcreateca, etc.
tomcat stop
tomcat start

[FredArgolo]

Hi,

Sorry if I bored you, but now even my zimbra start!!!

I do this:
----------------------------------------------------------------------------------------
# rm -Rf /opt/zimbra/ssl
# mkdir /opt/zimbra/ssl
# chown zimbra:zimbra /opt/zimbra/ssl
# su - zimbra
$ keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra
Enter keystore password:
keytool error: java.lang.NullPointerException
----------------------------------------------------------------------------------------

Why?! I tried solve this running the follow command:

----------------------------------------------------------------------------------------
$ keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
keytool error: java.lang.Exception: Alias <my_ca> does not exist
----------------------------------------------------------------------------------------

Ok! I ignore this and continue!!

----------------------------------------------------------------------------------------
$ keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra
Enter keystore password:
keytool error: java.lang.NullPointerException
----------------------------------------------------------------------------------------

Ahh... again!!!

----------------------------------------------------------------------------------------
[zimbra@webmail ~]$ keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
keytool error: java.lang.Exception: Alias <tomcat> does not exist
----------------------------------------------------------------------------------------

What can I do?!
I ignore again!!!

$zmcreateca
<works fine>

$ zmcreatecert
----------------------------------------------------------------------------------------
** Importing CA

keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
.....................++++++
.++++++
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
The commonName field needed to be supplied and was missing
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=
Getting CA Private Key
----------------------------------------------------------------------------------------
That's ok?!

$ zmcertinstall mailbox
** Importing server cert

keytool error: java.lang.Exception: Input not an X.509 certificate

Aff....now I stop here. Where is my mistake???

Thanks for your patience.
Fred

[marcmac]

What version are you installing?

What OS are you installing on?

What is the zimbra user's home directory set to? Shell?

su - zimbra
which keytool
java -version

Quote:

Originally Posted by FredArgolo

Hi,

Sorry if I bored you, but now even my zimbra start!!!

I do this:
----------------------------------------------------------------------------------------
# rm -Rf /opt/zimbra/ssl
# mkdir /opt/zimbra/ssl
# chown zimbra:zimbra /opt/zimbra/ssl
# su - zimbra
$ keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra
Enter keystore password:
keytool error: java.lang.NullPointerException
----------------------------------------------------------------------------------------

Why?! I tried solve this running the follow command:

----------------------------------------------------------------------------------------
$ keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
keytool error: java.lang.Exception: Alias <my_ca> does not exist
----------------------------------------------------------------------------------------

Ok! I ignore this and continue!!

----------------------------------------------------------------------------------------
$ keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra
Enter keystore password:
keytool error: java.lang.NullPointerException
----------------------------------------------------------------------------------------

Ahh... again!!!

----------------------------------------------------------------------------------------
[zimbra@webmail ~]$ keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
keytool error: java.lang.Exception: Alias <tomcat> does not exist
----------------------------------------------------------------------------------------

What can I do?!
I ignore again!!!

$zmcreateca
<works fine>

$ zmcreatecert
----------------------------------------------------------------------------------------
** Importing CA

keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
.....................++++++
.++++++
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
The commonName field needed to be supplied and was missing
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=
Getting CA Private Key
----------------------------------------------------------------------------------------
That's ok?!

$ zmcertinstall mailbox
** Importing server cert

keytool error: java.lang.Exception: Input not an X.509 certificate

Aff....now I stop here. Where is my mistake???

Thanks for your patience.
Fred

[FredArgolo]

> What version are you installing?

I installed from zcs-3.0.0_M2_740.FC3.tgz package

> What OS are you installing on?

# cat /etc/fedora-release
Fedora Core release 3 (Heidelberg)

> What is the zimbra user's home directory set to? Shell?
# fgrep zimbra /etc/passwd
zimbra:x:501:501::/opt/zimbra:/bin/bash

# su - zimbra
$ which keytool
~/java/bin/keytool
$ java -version
java version "1.5.0_05"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_05-b05)
Java HotSpot(TM) Client VM (build 1.5.0_05-b05, mixed mode)

Any idea?!

[FredArgolo]

When I try restart zimbra stop in LDAP:

# service zimbra restart
Host
Stopping antispam...Done
Stopping antivirus...Done
Stopping ldap...Done
Stopping logger...Done
Stopping mailbox...Done
Stopping mta...Done
Stopping snmp...Done
Stopping spell...Done
Host
Starting ldap...Done.

# tail -f /var/log/zimbra.log
Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping ldap
Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping logger
Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping mailbox
Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping mta
Jan 26 16:52:28 webmail postfix/postfix-script: fatal: the Postfix mail system is not running
Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping snmp
Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping spell
Jan 26 16:52:29 webmail zimbramon[30719]: 30719:info: Starting services
Jan 26 16:52:29 webmail slapd[30774]: @(#) $OpenLDAP: slapd 2.2.28 (Nov 9 2005 12:02:16) $ root@build-fc3.liquidsys.com:/home/build/p4/main/ThirdParty/openldap/openldap-2.2.28/servers/slapd
Jan 26 16:52:29 webmail slapd[30774]: bdb_db_init: Initializing BDB database

I'm thinking in do a backup and re-install zimbra....

[marcmac]

Your version of zimbra is very out of date, and you should upgrade to the latest release, which should work much better.

[FredArgolo]

Ok! But...how can I migrate the emails and accounts?

Thanks for your help.

Fred