Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Smtp Tls

  1. #1
    kollross is offline Senior Member
    Join Date
    Nov 2005
    Posts
    50
    Rep Power
    9

    Default Smtp Tls

    I'm currently trying to get TLS working on our Filter server for incoming emails. Currently TLS works fine for outgoing SMTP connection on the other server. Currently with a manual telnet i'm getting this response

    Connected to black.soltec.net.
    Escape character is '^]'.
    220 black.soltec.net ESMTP Postfix
    ehlo xyz
    250-black.soltec.net
    250-PIPELINING
    250-SIZE 102400000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250 8BITMIME
    starttls
    454 TLS not available due to local problem


    I'm guessing this was a cert error (planning on using self signed). I then took your directions for creating a self signed cert

    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit

    But I'm getting this error.
    keytool error: java.lang.Exception: Alias <my_ca> does not exist

    Any ideas or is this even a cert problem. Only thing installed on filter server is mta spamfilter virusfilter and snmp

  2. #2
    rsharpe is offline Elite Member & Volunteer
    Join Date
    Nov 2005
    Location
    London, ON
    Posts
    255
    Rep Power
    9

    Default

    The cert CA is not there so you don't need that command it is already deleted just zmcreateca to recreate the CA.

  3. #3
    kollross is offline Senior Member
    Join Date
    Nov 2005
    Posts
    50
    Rep Power
    9

    Default

    Basically This then

    zmcreateca
    zmcreatecert
    zmcertinstall mailbox ssl/ssl/server/tomcat.crt
    zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key

  4. #4
    rsharpe is offline Elite Member & Volunteer
    Join Date
    Nov 2005
    Location
    London, ON
    Posts
    255
    Rep Power
    9

    Default

    I believe so.

  5. #5
    kollross is offline Senior Member
    Join Date
    Nov 2005
    Posts
    50
    Rep Power
    9

    Default

    yep that works thanks

  6. #6
    jerryboi is offline Special Member
    Join Date
    Apr 2006
    Posts
    111
    Rep Power
    9

    Default 454 TLS Local Problem

    I have installed a commercial certificate as described in the wiki and I had the https site and the pop3 access working fine with it, however, when I tried to send mail through smtp, I got "error 454 - TLS not available due to a local problem". I tried settting the certificate for the mta manually by issuing
    Code:
    zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key
    which installed the original, zimbra issued certificate there. Not happy with that, in a particularly experimental mindset I copied my commercial .crt file over the /opt/zimbra/conf/smtpd.crt file. Now I get the error "unable to connect to smtp server via STARTTLS since it doesn't offer STARTTLS in EHLO response". Not happy with this one either, please help!

  7. #7
    nexus is offline Member
    Join Date
    Jul 2006
    Posts
    11
    Rep Power
    8

    Default

    I'm having the exact same problem.

  8. #8
    Nutz is offline Special Member
    Join Date
    Feb 2007
    Location
    Massachusetts
    Posts
    136
    Rep Power
    8

    Default

    I used to have this problem...

    Try this (from http://mark.foster.cc/kb/openssl-keytool.html ):

    Export the *public key* (certificate) from a keystore
    |keytool -export -alias mykey -keystore keystore -file exported.crt|

    The result is a DER (binary) formatted certificate in exported.crt

    |openssl x509 -noout -text -in exported.crt -inform der|

    Now you will want to convert it to another format - PEM - which is
    more widely used in applications such as apache and by openssl to do
    the pkcs12 conversion.

    | openssl x509 -out exported-pem.crt -outform pem -text -in
    exported.crt -inform der|


    Then just copy it over smtpd.crt

  9. #9
    nexus is offline Member
    Join Date
    Jul 2006
    Posts
    11
    Rep Power
    8

    Default

    that worked without trouble but didnt fix the problem for me at least. my zimbra log now shows this

    Mar 9 14:09:54 mail postfix/smtpd[31353]: lost connection after STARTTLS from c-67-169-127-128.hsd1.ca.comcast.net[67.169.127.128]
    Mar 9 14:13:44 mail postfix/smtpd[22605]: warning: TLS library problem: 22605:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:632:Expecting: CERTIFICATE:
    Mar 9 14:13:44 mail postfix/smtpd[22605]: warning: TLS library problem: 22605:error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:765:
    Mar 9 14:15:13 mail postfix/smtpd[11729]: lost connection after STARTTLS from c-67-169-127-128.hsd1.ca.comcast.net[67.169.127.128]


    client shows same error as before
    Last edited by nexus; 03-09-2007 at 03:19 PM.

  10. #10
    Nutz is offline Special Member
    Join Date
    Feb 2007
    Location
    Massachusetts
    Posts
    136
    Rep Power
    8

    Default

    can you post the first line of your exported-pem.crt (just open with a text editor)?

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  2. Certificate problem with SMTP using TLS
    By yuit in forum Installation
    Replies: 4
    Last Post: 11-02-2006, 06:03 PM
  3. Supporting SPA and TLS for SMTP relaying
    By pbwebguy in forum Installation
    Replies: 1
    Last Post: 05-18-2006, 07:59 AM
  4. smtp TLS auth error
    By PAI in forum Administrators
    Replies: 1
    Last Post: 12-23-2005, 10:57 AM
  5. tls auth only?
    By rmvg in forum Administrators
    Replies: 16
    Last Post: 10-23-2005, 08:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •