Results 1 to 3 of 3

Thread: POP3 + SSL problem after upgrade to ZCS 7.1

  1. #1
    Labsy is offline Elite Member
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    5

    Default POP3 + SSL problem after upgrade to ZCS 7.1

    Hi,
    after upgrading my ZCS 7.0.2 to 7.1 users have problems connecting to server using POP3+SSL (port 995). They all get the same error:

    Your server does not support encryption type you have specified.

    I did not mess with (valid) SSL certificate after ZCS upgrade, and also SSL is valid and shows properly in admin console. POP3 service is running.
    Plain-text POP3 via port 110 works without problems.

    When testing with telnet to port 995, instead of blank reply, I get a bunch of smileys:
    §♥☺☻☺

    Connection to host lost.


    Any idea?
    Anybody else with same problems?
    Last edited by Labsy; 05-13-2011 at 01:44 AM.

  2. #2
    Labsy is offline Elite Member
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    5

    Default

    UPDATE:
    Found almost 100 connections to POP3S port 995 from 1 single IP, like:

    Code:
    tcp6    0    0    zimbra.server.com:pop3s 1.2.3.4%187:51234 ESTABLISHED
    tcp6    0    0    zimbra.server.com:pop3s 1.2.3.4%187:51235 ESTABLISHED
    tcp6    0    0    zimbra.server.com:pop3s 1.2.3.4%187:51236 ESTABLISHED
    tcp6    0    0    zimbra.server.com:pop3s 1.2.3.4%187:51237 ESTABLISHED
    tcp6    0    0    zimbra.server.com:pop3s 1.2.3.4%187:51238 ESTABLISHED
    tcp6    0    0    zimbra.server.com:pop3s 1.2.3.4%187:51239 ESTABLISHED
    ...
    As I cannot change default 100 pop3 connections limit without restart, I tried to block this IP on firewall level, but since connections are ESTABLISHED, firewall cannot kill them.

    So next I try to kill those sessions:

    Code:
    tcpkill host 1.2.3.4
    But no connections were killed, stuck with

    Code:
    tcpkill: listening on eth0 [host 1.2.3.4]
    Anyways, seems like I found problem source.

  3. #3
    Labsy is offline Elite Member
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    5

    Default

    Actually...considering circumstances, this could also be Zimbra vulnerability, since an attacker can open multiple POP3 connections to server, rendering it unavailable for all other users.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problems with the upgrade of zcs
    By vizapata in forum Administrators
    Replies: 9
    Last Post: 11-18-2010, 12:21 PM
  2. Problem after upgrade to 5.0
    By bmannella in forum Installation
    Replies: 6
    Last Post: 01-26-2008, 01:35 AM
  3. Upgrade from ZCS 4.5.9 to ZCS 5.0 RC3
    By punit.jain in forum Installation
    Replies: 4
    Last Post: 12-31-2007, 07:49 AM
  4. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  5. Odd GA upgrade problem
    By drewage in forum Installation
    Replies: 2
    Last Post: 02-08-2006, 10:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •