Results 1 to 5 of 5

Thread: TLS issues / multiple smptd's?

  1. #1
    amb1545 is offline Member
    Join Date
    Dec 2007
    Posts
    12
    Rep Power
    7

    Default TLS issues / multiple smptd's?

    I've got a client that's running ZCS 5.0.2 NE and they recently requested that users be able to send mail through the Zimbra server when they are not on the LAN.

    Basically, I'm trying to get Zimbra to allow TLS connections so that they can AUTH and then send mail that way.

    TLS seems to be configured correctly, but I am unable to use TLS when I am not connected to their LAN.

    Further investigation has confused me even more. When connected to their lan, telneting to port 25 yields the following results.

    Code:
    [admin@mail ~]$ telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    220 mail.xxxx.net ESMTP Postfix
    ehlo test
    250-mail.xxxx.net
    250-PIPELINING
    250-SIZE 102400000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    However, if I try the same test from outside the LAN, I get these results.

    Code:
    sorrow:~ amb1545$ telnet mail.xxxx.net 25
    Trying xx.xx.xx.xx...
    Connected to mail.powderhouse.net.
    Escape character is '^]'.
    220 **********************************
    ehlo test
    250-mail.xxxx.net
    250-PIPELINING
    250-SIZE 102400000
    250-VRFY
    250-ETRN
    250-XXXXXXXA
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    Can anybody provide me with some insight here? What do I need to do to accept TLS connections from outside their LAN?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,504
    Rep Power
    57

    Default

    In that second example, is that the correct server name? Is this a single server installation? I assume that mail delivery is working OK? Have you checked that the mynetworks setting is correct.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    Do not set your mail client to use encrypted password. If you set it to use TLS/SSL the password will be encrypted. I know when OE and outlook are set to use encrypted password the AUTH command is not recognized.

    Use SSL without checking the "use encrypted password" box. Because the SSL connection is encrypted the password will be encrypted.

  4. #4
    amb1545 is offline Member
    Join Date
    Dec 2007
    Posts
    12
    Rep Power
    7

    Default

    Quote Originally Posted by Bill Brock View Post
    Do not set your mail client to use encrypted password. If you set it to use TLS/SSL the password will be encrypted. I know when OE and outlook are set to use encrypted password the AUTH command is not recognized.

    Use SSL without checking the "use encrypted password" box. Because the SSL connection is encrypted the password will be encrypted.
    This actually turned out to be the easiest solution. Since SSL was already set up with my commercial certificate, I just needed to open up 465 on the firewall. Seems to be working fine now.

    Thanks!

  5. #5
    CazaHenha is offline Junior Member
    Join Date
    Sep 2008
    Posts
    5
    Rep Power
    6

    Default

    I ran into a similar issue recently that when on the same subnet the box offered the STARTTLS command but when running from other subnets the STARTTLS was not offered. After losing a nights sleep on this the solution was that our Cisco routers had "application security" for esmtp, which by the looks of things works similar to a transparent proxy and does not support TLS. Once this was turned off the TLS started appearing again from the other subnets. So if people encounter this problem and TLS is offered via "telnet localhost 25" check any firewall/antivirus along the way as they may be causing the issue... I just wish I twigged this possibility hours earlier than I did

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. TLS not working?
    By 3RiversTechAdmin in forum Installation
    Replies: 9
    Last Post: 04-06-2009, 06:12 AM
  2. [SOLVED] OpenSUSE 10.3 - Multiple MX Record Issues
    By r8escjohn in forum Installation
    Replies: 4
    Last Post: 02-03-2008, 06:22 PM
  3. SLES 10 - New Install RC2 - Multiple issues.
    By brucealeg in forum Installation
    Replies: 18
    Last Post: 11-30-2007, 02:05 PM
  4. Upgrade: 4.5.5 -> 4.5.6 failed, LDAP/slapd issues
    By Daimyo in forum Installation
    Replies: 7
    Last Post: 08-04-2007, 09:23 PM
  5. Supporting SPA and TLS for SMTP relaying
    By pbwebguy in forum Installation
    Replies: 1
    Last Post: 05-18-2006, 07:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •