Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: ZimbraAdmin unavailable after I try configure the SMTP Auth.

  1. #1
    FredArgolo Guest

    Default ZimbraAdmin unavailable after I try configure the SMTP Auth.

    Hello!!

    I want to send email by the outlook using smtp auth but I cant!

    I run the command: zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key with a root user, to generate smtpd.crt file. After that, the ZimbraAdmin web interface didnt work any more because a problem with the encryption. ?!?!

    When I use Kmail client (TLS + Plain Text) I can send email, but with the Outlook didnt work.The follow messages appear in log:


    "Jan 25 15:47:40 webmail postfix/smtpd[6381]: NOQUEUE: reject: RCPT from unknown[200.20.86.136]: 504 <windows>: Helo commandrejected: need fully-qualified hostname; from=<fred@piraidigital.com.br> to=<fred@linuxsolutions.com.br> proto=ESMTP helo=<windows>"

    But to correct this error, I need access the zimbraAdmin!!! And my firefox cant connect because the encryption problem. Who can help me?

  2. #2
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default ssl problems

    Your error isn't about smtp auth

    It's about
    "Jan 25 15:47:40 webmail postfix/smtpd[6381]: NOQUEUE: reject: RCPT from unknown[200.20.86.136]: 504 <windows>: Helo commandrejected: need fully-qualified hostname; from=<fred@piraidigital.com.br> to=<fred@linuxsolutions.com.br> proto=ESMTP helo=<windows>"

    non fully-qualified hostname in the HELO command, which is a client error. You can turn off the requirement for that in the admin console.

    So - about the admin console:

    I run the command: zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key with a root user, to generate smtpd.crt

    You really want to run that command as the zimbra user, not the root user. You're probably going to have to remove /opt/zimbra/conf/smtpd* and re-run the command (as zimbra).

    This should not have caused an encryption problem in FF - what version are you using?

    Did you try recreating all your certs? Is zmcertinstall the only command you ran as root, or did you run zmcreateca as root, too?

    Search the forums for cert recreationg steps.

  3. #3
    FredArgolo Guest

    Default

    I run the zmcreateca as root to!! I did this because I had permissions problems when I tried run this command with the zimbra user!!!!

    The error that appear when access the zimbraAdmin interface is:
    "Firefox cannot communicate securely because they have no common encryption algorithms."

    It was necessary I re-create the certifications?? And why when I try run the zmcreateca or zmcreatecert with zimbra user I got problems permissions, like:


    [zimbra@webmail ~]$ zmcreatecert
    rm: impossible remove `/opt/zimbra/ssl/ssl/newCA/index.txt': Permission denied
    rm: impossible remove `/opt/zimbra/ssl/ssl/newCA/index.txt.old': Permission denied
    rm: impossible remove `/opt/zimbra/ssl/ssl/newCA/newcerts/04.pem': Permission denied
    touch: cannot touch `/opt/zimbra/ssl/ssl/newCA/index.txt': Permission denied
    /opt/zimbra/bin/zmcreatecert: line 64: /opt/zimbra/ssl/ssl/ca/ca.srl: Permission denied
    ** Importing CA

    keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
    ** Creating keystore

    ** Creating server cert request

    Generating a 1024 bit RSA private key
    .++++++
    ..........++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
    -----
    ** Signing cert request

    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    I am unable to access the /opt/zimbra/ssl/ssl/newCA/newcerts directory
    /opt/zimbra/ssl/ssl/newCA/newcerts: Permission denied
    unable to write 'random state'
    Signature ok
    subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=webmail.piraidigital.com.br
    Getting CA Private Key
    error attempting to write serial number file
    /opt/zimbra/ssl/ssl/ca/ca.srl: Permission denied
    8956:error:0200100D:system library:fopen:Permission denied:bss_file.c:259:fopen('/opt/zimbra/ssl/ssl/ca/ca.srl','w')
    8956:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
    unable to write 'random state'

  4. #4
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default permissions problems

    I can only assume it had been run as root in the past.

    Do this:

    su - root
    rm -rf /opt/zimbra/ssl
    su - zimbra
    zmcreateca, etc.
    tomcat stop
    tomcat start

  5. #5
    FredArgolo Guest

    Default Now even my Zimbra startup!!!

    Hi,

    Sorry if I bored you, but now even my zimbra start!!!

    I do this:
    ----------------------------------------------------------------------------------------
    # rm -Rf /opt/zimbra/ssl
    # mkdir /opt/zimbra/ssl
    # chown zimbra:zimbra /opt/zimbra/ssl
    # su - zimbra
    $ keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra
    Enter keystore password:
    keytool error: java.lang.NullPointerException
    ----------------------------------------------------------------------------------------

    Why?! I tried solve this running the follow command:

    ----------------------------------------------------------------------------------------
    $ keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
    keytool error: java.lang.Exception: Alias <my_ca> does not exist
    ----------------------------------------------------------------------------------------

    Ok! I ignore this and continue!!

    ----------------------------------------------------------------------------------------
    $ keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra
    Enter keystore password:
    keytool error: java.lang.NullPointerException
    ----------------------------------------------------------------------------------------

    Ahh... again!!!

    ----------------------------------------------------------------------------------------
    [zimbra@webmail ~]$ keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
    keytool error: java.lang.Exception: Alias <tomcat> does not exist
    ----------------------------------------------------------------------------------------

    What can I do?!
    I ignore again!!!

    $zmcreateca
    <works fine>

    $ zmcreatecert
    ----------------------------------------------------------------------------------------
    ** Importing CA

    keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
    ** Creating keystore

    ** Creating server cert request

    Generating a 1024 bit RSA private key
    .....................++++++
    .++++++
    writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
    -----
    ** Signing cert request

    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    Check that the request matches the signature
    Signature ok
    The commonName field needed to be supplied and was missing
    Signature ok
    subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=
    Getting CA Private Key
    ----------------------------------------------------------------------------------------
    That's ok?!

    $ zmcertinstall mailbox
    ** Importing server cert

    keytool error: java.lang.Exception: Input not an X.509 certificate

    Aff....now I stop here. Where is my mistake???

    Thanks for your patience.
    Fred

  6. #6
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default keytool errors

    What version are you installing?

    What OS are you installing on?

    What is the zimbra user's home directory set to? Shell?

    su - zimbra
    which keytool
    java -version

    Quote Originally Posted by FredArgolo
    Hi,

    Sorry if I bored you, but now even my zimbra start!!!

    I do this:
    ----------------------------------------------------------------------------------------
    # rm -Rf /opt/zimbra/ssl
    # mkdir /opt/zimbra/ssl
    # chown zimbra:zimbra /opt/zimbra/ssl
    # su - zimbra
    $ keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra
    Enter keystore password:
    keytool error: java.lang.NullPointerException
    ----------------------------------------------------------------------------------------

    Why?! I tried solve this running the follow command:

    ----------------------------------------------------------------------------------------
    $ keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
    keytool error: java.lang.Exception: Alias <my_ca> does not exist
    ----------------------------------------------------------------------------------------

    Ok! I ignore this and continue!!

    ----------------------------------------------------------------------------------------
    $ keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra
    Enter keystore password:
    keytool error: java.lang.NullPointerException
    ----------------------------------------------------------------------------------------

    Ahh... again!!!

    ----------------------------------------------------------------------------------------
    [zimbra@webmail ~]$ keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
    keytool error: java.lang.Exception: Alias <tomcat> does not exist
    ----------------------------------------------------------------------------------------

    What can I do?!
    I ignore again!!!

    $zmcreateca
    <works fine>

    $ zmcreatecert
    ----------------------------------------------------------------------------------------
    ** Importing CA

    keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
    ** Creating keystore

    ** Creating server cert request

    Generating a 1024 bit RSA private key
    .....................++++++
    .++++++
    writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
    -----
    ** Signing cert request

    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    Check that the request matches the signature
    Signature ok
    The commonName field needed to be supplied and was missing
    Signature ok
    subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=
    Getting CA Private Key
    ----------------------------------------------------------------------------------------
    That's ok?!

    $ zmcertinstall mailbox
    ** Importing server cert

    keytool error: java.lang.Exception: Input not an X.509 certificate

    Aff....now I stop here. Where is my mistake???

    Thanks for your patience.
    Fred

  7. #7
    FredArgolo Guest

    Default Follow the answers

    > What version are you installing?

    I installed from zcs-3.0.0_M2_740.FC3.tgz package

    > What OS are you installing on?

    # cat /etc/fedora-release
    Fedora Core release 3 (Heidelberg)

    > What is the zimbra user's home directory set to? Shell?
    # fgrep zimbra /etc/passwd
    zimbra:x:501:501::/opt/zimbra:/bin/bash

    # su - zimbra
    $ which keytool
    ~/java/bin/keytool
    $ java -version
    java version "1.5.0_05"
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_05-b05)
    Java HotSpot(TM) Client VM (build 1.5.0_05-b05, mixed mode)

    Any idea?!

  8. #8
    FredArgolo Guest

    Default Others informations

    When I try restart zimbra stop in LDAP:

    # service zimbra restart
    Host
    Stopping antispam...Done
    Stopping antivirus...Done
    Stopping ldap...Done
    Stopping logger...Done
    Stopping mailbox...Done
    Stopping mta...Done
    Stopping snmp...Done
    Stopping spell...Done
    Host
    Starting ldap...Done.

    # tail -f /var/log/zimbra.log
    Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping ldap
    Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping logger
    Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping mailbox
    Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping mta
    Jan 26 16:52:28 webmail postfix/postfix-script: fatal: the Postfix mail system is not running
    Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping snmp
    Jan 26 16:52:28 webmail zimbramon[30513]: 30513:info: Stopping spell
    Jan 26 16:52:29 webmail zimbramon[30719]: 30719:info: Starting services
    Jan 26 16:52:29 webmail slapd[30774]: @(#) $OpenLDAP: slapd 2.2.28 (Nov 9 2005 12:02:16) $ root@build-fc3.liquidsys.com:/home/build/p4/main/ThirdParty/openldap/openldap-2.2.28/servers/slapd
    Jan 26 16:52:29 webmail slapd[30774]: bdb_db_init: Initializing BDB database

    I'm thinking in do a backup and re-install zimbra....

  9. #9
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default upgrade zimbra

    Your version of zimbra is very out of date, and you should upgrade to the latest release, which should work much better.

  10. #10
    FredArgolo Guest

    Default I will do that

    Ok! But...how can I migrate the emails and accounts?

    Thanks for your help.

    Fred

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How to configure SMTP AUTH (TLS) with Outlook Express
    By KevinH in forum Administrators
    Replies: 10
    Last Post: 01-18-2010, 08:46 AM
  2. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  3. INVALID_PDU error on 4.5 GA
    By figuser in forum Installation
    Replies: 33
    Last Post: 06-15-2007, 12:11 AM
  4. SMTP Auth error 535
    By FloydWilliams in forum Administrators
    Replies: 0
    Last Post: 01-04-2007, 02:33 PM
  5. SMTP Auth Failing?
    By mikea in forum Administrators
    Replies: 15
    Last Post: 01-03-2006, 10:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •