This is a somewhat strange issue with a freshly updated 6.0.7 (coming from 6.0.6)
When the update is applied, external POP accounts on servers that offer TLS authentication (over port 110) do not work anymore. I keep getting the error
"Unrecognized SSL message, plaintext connection?"
(addition: same for newly created accoutns, they don#t pass the connection test with the same error)
logging the traffic being passed and trying my luck with openssl s_client, i found out that zimbra is actually trying to connect to TLSv1 via SSL2.
(the interesting line here is
"14079:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:588:")
I'm running this on CentOS 5.3 x64 with a multi-server setup (though that should not play into it in this case)
Trying openssl s_client with the starttls pop option and tlsv1 as the forced protocol, communication works - if i leave the default it tries ssl2 and fails.
I guess that might be a part of the problem for Zimbra.
... you might expect the port 110 pop connection to default to tlsv1, though.
Note that external pop works just fine on port 110 when hosts do not offer TLS.
Any ideas how i can get this cleanly back up and working without having to apply a fix on each update?