-
After lots more fiddling, it now seems to be trying to use SSL, but failing :
Code:
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: connect from localhost.localdomain[127.0.0.1]
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: setting up TLS connection from localhost.localdomain[127.0.0.1]
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: SSL_accept:before/accept initialization
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: read from 08223128 [0822F090] (11 bytes => -1 (0xFFFFFFFF))
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: SSL_accept:error in SSLv2/v3 read client hello A
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: read from 08223128 [0822F090] (11 bytes => 11 (0xB))
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: 0000 80 7c 01 03 01 00 63 00|00 00 10 .|....c. ...
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: read from 08223128 [0822F09B] (115 bytes => -1 (0xFFFFFFFF))
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: SSL_accept:error in SSLv2/v3 read client hello B
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: read from 08223128 [0822F09B] (115 bytes => 115 (0x73))
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: 0000 00 00 39 00 00 38 00 00|35 00 00 16 00 00 13 00 ..9..8.. 5.......
...
Code:
Feb 20 16:08:15 xxxx postfix/smtpd[31353]: SSL_accept:SSLv3 read finished A
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: SSL_accept:SSLv3 write change cipher spec A
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: SSL_accept:SSLv3 write finished A
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: write to 08223128 [08245CE8] (59 bytes => 59 (0x3B))
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: 0000 14 03 01 00 01 01 16 03|01 00 30 6d a9 ed ab b3 ........ ..0m....
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: 0010 ab 09 5e 4a 5d 68 5b db|a5 72 72 6a 79 a7 c4 3d ..^J]h[. .rrjy..=
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: 0020 ce 51 c9 62 72 2c 1e f4|16 a6 2a 9f a2 99 a5 c3 .Q.br,.. ..*.....
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: 0030 52 88 8d 99 21 87 50 10|ac 26 32 R...!.P. .&2
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: SSL_accept:SSLv3 flush data
Feb 20 16:08:15 xxxxx postfix/smtpd[31353]: TLS connection established from localhost.localdomain[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 20 16:08:15 xxxxx sendmail[626]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
And this seems to lead to the 100's of messages being queued in the active spool again....
-
sasl problem - you're probably finding the wrong version of the library. ldd /opt/zimbra/postfix/libexec/master will show which one you're getting. Fix is to mod /etc/ld.so.conf and run ldconfig. Covered elsewhere in the forums.
ssl problem - it looks like sendmail is trying to deliver, but postfix wants to use ssl - is sendmail rejecting postfix's cert, since it's self-signed? Can you add the CA to sendmail's CA path? (Not sure how to do this). Cleaning up and recreating the certs is covered in the forums. You can allow plaintext auth in postfix, it's in the admin console.
-
Hi,
An ldd shows me :
Code:
# ldd /opt/zimbra/postfix/libexec/master
libpcre.so.0 => /lib/libpcre.so.0 (0x00310000)
libldap-2.2.so.7 => /opt/zimbra/lib/libldap-2.2.so.7 (0x0059e000)
liblber-2.2.so.7 => /opt/zimbra/lib/liblber-2.2.so.7 (0x0032b000)
libz.so.1 => /usr/lib/libz.so.1 (0x0033b000)
libm.so.6 => /lib/tls/libm.so.6 (0x00111000)
libsasl2.so.2 => /opt/zimbra/cyrus-sasl/lib/libsasl2.so.2 (0x003d6000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x0035d000)
libssl.so.4 => /lib/libssl.so.4 (0x005e0000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x00461000)
libnsl.so.1 => /lib/libnsl.so.1 (0x003b6000)
libresolv.so.2 => /lib/libresolv.so.2 (0x003a1000)
libc.so.6 => /lib/tls/libc.so.6 (0x001e4000)
/lib/ld-linux.so.2 (0x001cb000)
libdl.so.2 => /lib/libdl.so.2 (0x00134000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00138000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x0014c000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x0034d000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x0036f000
Which looks like I'm getting the correct sasl.
Clearing up the certs seems to mostly assume I'm running a single box. As I'm running 3 is the process different? Most searches for it return comments about searching the forums as it's already been covered.... ;)
-
I've done a completely fresh install on the 3 machines (clean OS, clean zimbra install) and am immediately gettting this on the MTA box :
Code:
Feb 21 13:08:13 xxxxx amavis[3829]: (03829-01) Checking: B72yuE2m4xSD [127.0.0.1] <root@xxxxxx> -> <user1@xxxxxx>
Feb 21 13:08:13 xxxxxx postfix/smtpd[12454]: initializing the server-side TLS engine
Feb 21 13:08:13 xxxxxx postfix/smtpd[12454]: warning: cannot get certificate from file /opt/zimbra/conf/smtpd.crt
Feb 21 13:08:13 xxxxxx postfix/smtpd[12454]: warning: TLS library problem: 12454:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/opt/zimbra/conf/smtpd.crt','r'):
Feb 21 13:08:13 xxxxxx postfix/smtpd[12454]: warning: TLS library problem: 12454:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Feb 21 13:08:13 xxxxxx postfix/smtpd[12454]: warning: TLS library problem: 12454:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Feb 21 13:08:13 xxxxxx postfix/smtpd[12454]: cannot load RSA certificate and key data
Feb 21 13:08:13 xxxxxx postfix/smtpd[12454]: connect from localhost.localdomain[127.0.0.1]
Feb 21 13:08:13 xxxxxx postfix/smtpd[12454]: 619FDB7F22: client=localhost.localdomain[127.0.0.1]
This is with the same 3 machine setup (1xLDAP, 1xMTA, 1xMailstore) running zcs-NETWORK-3.0.0_GA_156.RHEL4 on CentOS 4 (server install, web & samba de-selected, yum update & yum install of the dependancy rpms - reboot. No vm's or anything else strange). I guess the installer script is missing something. I'd rather not mess around with the install/cert files until I hear back a suggestion as I don't want to potentially alter anything from the install.
-
certs
On the mta:
zmcreateca
zmcreatecert
zmcertinstall mta cert_path key_path (cert path and key path will be under /opt/zimbra/ssl/ssl)
On the ldap host:
zmcreateca
zmcreatecert
on the mailstore:
zmcreateca
zmcreatecert
zmcertinstall mailbox
-
Is this as the zimbra user?
-
Just bumping this to see if anyone knows...
-
Did you try it? Have you looked in the forums?
-
-
Ok - followed the instructions exactly and am now back to the errors I was getting earlier :
Code:
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: initializing the server-side TLS engine
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: connect from localhost.localdomain[127.0.0.1]
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: setting up TLS connection from localhost.localdomain[127.0.0.1]
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: SSL_accept:before/accept initialization
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: read from 08224C28 [0822EE48] (11 bytes => -1 (0xFFFFFFFF))
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: SSL_accept:error in SSLv2/v3 read client hello A
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: read from 08224C28 [0822EE48] (11 bytes => 11 (0xB))
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: 0000 80 7c 01 03 01 00 63 00|00 00 10 .|....c. ...
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: read from 08224C28 [0822EE53] (115 bytes => -1 (0xFFFFFFFF))
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: SSL_accept:error in SSLv2/v3 read client hello B
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: read from 08224C28 [0822EE53] (115 bytes => 115 (0x73))
Code:
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: 0020 ad 04 2c 20 1e be a7 fa|a3 69 3d 2d 76 21 2f ff .., .... .i=-v!/.
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: 0030 15 ff 9e 41 d8 a1 93 9b|f6 3d 89 ...A.... .=.
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: SSL_accept:SSLv3 flush data
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: TLS connection established from localhost.localdomain[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 23 10:19:37 xxxxxx sendmail[8863]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Feb 23 10:19:37 xxxxxx postfix/smtpd[8864]: 730102A6EE1: client=localhost.localdomain[127.0.0.1], sasl_sender=root@xxxxxx
