Zimbra

drsprite · #1 (**permalink**) 09-21-2010, 10:15 AM

Hello all,

I think I have narrowed down my troubles for a remote user to that of certificate problems.

I have found what I believe to be the latest cert I created in this directory, /opt/zimbra/ssl/zimbra/ca/newcerts/. I have downloaded the .pem, renamed it to .crt so that I can import into the Windows Certificate store. It imports successfully, and I verify that the expiration date matches that of the one displayed in the Admin Console.

However, when I try and send an email from within Outlook with my mail server setup as an IMAP connection, I see the following error in my logs:

Code:

Sep 21 13:16:19 mail postfix/smtpd[8723]: lost connection after EHLO from (hostname removed) [ip removed]

I have disabled zimbraMtaTlsAuthOnly, and the account can send email fine. When it's set to TRUE I run into this problem, which is why I don't think Outlook is playing nicely with my certificates - even after I have imported them into Windows.

I'm at a loss here.

Any thoughts?

Thanks

drsprite · #2 (**permalink**) 09-22-2010, 08:22 AM

Can anyone offer any help? I have a couple users who cannot access email through Outlook, and I think it may be a certificate error causing the disconnected on EHLO - but unsure.

Thanks

drsprite · #3 (**permalink**) 09-23-2010, 02:06 PM

Anyone? Bueller?

I'm open to anything (except for using Thunderbird since that isn't an option of my clients).

Thanks

phoenix · #4 (**permalink**) 09-24-2010, 04:56 AM

Why don't you get them to use the correct Submission port of 587 (instead of port 25, which I assume is what you're currently using)? That will require Authentication to send mail.

drsprite · #5 (**permalink**) 09-24-2010, 10:33 AM

Thanks for the reply Bill. I will have him try port 587. As a word of note however, port 25 works for everyone else.

In case he continues to fail on port 587, any other suggestions?

phoenix · #6 (**permalink**) 09-24-2010, 10:59 AM

Quote:

Originally Posted by drsprite

Thanks for the reply Bill. I will have him try port 587. As a word of note however, port 25 works for everyone else.

They should all be using port 587 as it's the correct Submission port, port 25 is for an MTA to communicate with another MTA.

Quote:

Originally Posted by drsprite

In case he continues to fail on port 587, any other suggestions?

Offhand I can't think of anything unless (a long shot) they have a firewall or ant-virus/anti-malware program that's scanning their mail ports or mail clients.

drsprite · #7 (**permalink**) 09-24-2010, 03:22 PM

Awesome. port 587 worked great. You were right, once I put in port 587, Outlook finally had prompted me to accept the certificate.

Weird because I am seeing that on port 25 as well for other Outlook setups.

In any event, I won't question it. Thanks for the help

Zimbra

Downloads

Product Information

Toolbox

Why Join?