[SOLVED] WP7 to Zimbra behind firewall

[YakkoWarner]

My situation: I have a Debian Linux server acting as a router between my internal network and the internet. I have a Windows Phone 7 that I want to sync with my Zimbra server (also running on Debian) sitting behind the router.

My ultimate goal is to get my Windows Phone 7 to sync email, calendar, and contacts with my Zimbra server.

I first tried to connect my phone by setting up an IMAP account, just to get email. I have my router set up to forward ports 993 and 465 to my Zimbra server. I set incoming mail server to mydomain.com:993, outgoing to mydomain:465, checked "Require SSL" for both incoming and outgoing. I can see that packets are hitting the intended port forwarding rules, but I get an "Error code: 80072FA8" from the Windows Phone. So already, I think I'm doing something wrong; I just don't know what it is. (I did at one point try emailing the SSL cert to my phone, which seemed to install it, but that did not help.)

In my googling, I stumbled on a college's web site (UPenn) that had instructions for syncing a WP7 to Zimbra, and the instructions mentioned setting it up as an Exchange/Outlook account. My attempts were likewise unsuccessful (error code 80072EFF), but I suspect I might need to forward an additional port -- I just couldn't find what port it might need.

[phoenix]

Quote:

Originally Posted by YakkoWarner

My situation: I have a Debian Linux server acting as a router between my internal network and the internet. I have a Windows Phone 7 that I want to sync with my Zimbra server (also running on Debian) sitting behind the router.

My ultimate goal is to get my Windows Phone 7 to sync email, calendar, and contacts with my Zimbra server.

It's not possible to sync calendar/contacts with your phone and the Open Source version of Zimbra unless you use something like Funambol (search the forums for that).

Quote:

Originally Posted by YakkoWarner

I first tried to connect my phone by setting up an IMAP account, just to get email. I have my router set up to forward ports 993 and 465 to my Zimbra server. I set incoming mail server to mydomain.com:993, outgoing to mydomain:465, checked "Require SSL" for both incoming and outgoing. I can see that packets are hitting the intended port forwarding rules, but I get an "Error code: 80072FA8" from the Windows Phone. So already, I think I'm doing something wrong; I just don't know what it is. (I did at one point try emailing the SSL cert to my phone, which seemed to install it, but that did not help.)

You should use the correct submission port and that's 587, it will also require authentication. You also need to import your certificate to the phone, I believe there's details in the forums on that.

Quote:

Originally Posted by YakkoWarner

In my googling, I stumbled on a college's web site (UPenn) that had instructions for syncing a WP7 to Zimbra, and the instructions mentioned setting it up as an Exchange/Outlook account. My attempts were likewise unsuccessful (error code 80072EFF), but I suspect I might need to forward an additional port -- I just couldn't find what port it might need.

Those are the details for a Zimbra NE server.

[YakkoWarner]

Quote:

Originally Posted by phoenix

It's not possible to sync calendar/contacts with your phone and the Open Source version of Zimbra unless you use something like Funambol (search the forums for that).

I'll look into that later then. For now, I'll just keep working on getting it to connect to IMAP email.

Quote:

Originally Posted by phoenix

You should use the correct submission port and that's 587, it will also require authentication. You also need to import your certificate to the phone, I believe there's details in the forums on that.

I've added port 587 forwarding. I also exported my certificate with the command

Code:

openssl x509 -in ca.pem -inform PEM -out MyCertificatecrt.cer -outform DER

emailed it to my phone, and installed the certificate.

When I tell my phone to sync, I watch my firewall. I can see a few packets come in to port 993, but I eventually get an error code 800C2746.

I might be doing something really wrong, though. I ran this on my router:

Code:

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 465 -j DNAT --to-dest <zimbra server internal IP>:465
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 993 -j DNAT --to-dest <zimbra server internal IP>:993
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 587 -j DNAT --to-dest <zimbra server internal IP>:587

I've used nearly identical commands to open ports directly into other workstations on my network, so I expected this to work just as well.

I then took one of my internal PCs and changed my email configuration to use the router's address. Theoretically, the packets should just bounce over to the Zimbra server, and it should work just like it does when I configure my email client (Thunderbird) to point directly at the Zimbra server (ports 993 and 465 for incoming and outgoing, respectively). But now, the connection times out. (Again, I see a few packets hit the forwarding rule on port 993 when this is going on.)

So it's not working like I expect. What am I doing wrong?

--EDIT--

Did some googling on this, and I found that I needed to add:

Code:

/sbin/iptables -I FORWARD -p tcp -m state --state NEW --dport 993 -j ACCEPT

(and for the other ports as well). Once I added that, email started syncing immediately on my phone.

Thank you kindly for your help.