Results 1 to 10 of 10

Thread: external account(s)

  1. #1
    quietpenguin is offline Junior Member
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    5
    Rep Power
    3

    Question external account(s)

    Folks,

    I'm having some pretty big issues adding an external account to a fresh installation of Zimbra (7.1.1).

    I've confirmed that the mail server responds to both POP3 and IMAP communications with another mail client (Thunderbird, to be exact). When I attempt to add the external account, however, in Zimbra the GUI remains stuck in the "testing" phase and never completes.

    On the mail server itself I see that Zimbra has connected on port 995 (POP3 + SSL), requests the contents of the Inbox, and then logs off. In the mailbox.log file (on the Zimbra server), I can see that the test was successful.

    I'm not sure where to go from here. I've installed an older version of Zimbra (7.0.1) and did NOT have this problem at first. However, after importing my email from a raw .tgz Zimbra account backup, the issue resurfaced. Nothing I seem to do gets the external account to go past the "test" phase.

    Any help would be greatly appreciated...I'm out of ideas and am running out of hair to rip out.

  2. #2
    meesha is offline Senior Member
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default

    I have some similar problems too. I know that the target external IMAP/POP3 server have to set correct SSL certificates in "chain" type. That's mean, you have to add to .crt file all certificates from CA. Self-signed certificate on the external server is not supported. If your external server allow STARTTLS, zimbra always use SSL connection. So the second posibility is disable TLS support on external IMAP/POP3 server. I have solved this problem byt install not self signed certificate and do "chained" certificate.

  3. #3
    quietpenguin is offline Junior Member
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    5
    Rep Power
    3

    Default

    I appreciate the response, meesha, but I don't believe certificates have anything to do with this issue.


    • mailbox.log indicates that the external account test is successful
    • I'm fairly certain I tested this without encryption (using cleartext POP3 and IMAP) with similar results
    • The mail server that I'm attempting to download emails from indicates that proper POP3 communication occurs

    This seems to be either an issue with (a) something getting messed up after importing data into an account, AND (b) something wrong with 7.1.1 external account feature.

    I saw a post here a day or so ago with similar issues to what I'm experiencing, but no solution. So I can't imagine I'm the only one experiencing this problem.

    Any other thoughts?

  4. #4
    meesha is offline Senior Member
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default

    I can see the same issue - testing and nothing more. But I have no clean mailboxd. There are some problems with SSL, but I haven't checked SSL connection. It is similar problem like in 7.1.0, but there I have got some error message, not lagging without reason.

    But the connection to the "tuned" external site with Chained SSL certificate is still working properly and test finished OK (not lagging and no error in mailboxd.).

    Error in mailboxd.log:
    Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

    I'll do bugreport with more information.

  5. #5
    meesha is offline Senior Member
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default

    I have no error (= success information in mailboxd.log) if external IMAP server doesn't support STARTTLS and Testing still lagging in the window without Success end of the test. I have submitted this to bugzilla.

  6. #6
    quietpenguin is offline Junior Member
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    5
    Rep Power
    3

    Default

    Quote Originally Posted by meesha View Post
    I have no error (= success information in mailboxd.log) if external IMAP server doesn't support STARTTLS and Testing still lagging in the window without Success end of the test. I have submitted this to bugzilla.
    Hrmm, I'm pretty sure that my mail server does not support StartTLS, but I can check. If it does I'll disable it.

    I have a similar problem with 7.0.1, however. I think there's a slightly different error in the logs. At the moment I'm simply trying to find the "latest" version of Zimbra that works with external accounts.

    meesha -- maybe I'm not understanding your workaround correct, but you're saying that you've found the external account "issue" is related to a self-signed certificate in v7.1.1? Did you actually buy a cert to discover that it works well with a valid chained cert?

  7. #7
    meesha is offline Senior Member
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default

    Yes, I have checked in the real application, that bought chained certificate for correct common name (hostname) on the target external server is ok. I haven't found any other way how to successfully connect to external IMAP/POP3 server.

    Test of the connection to external server with chained certificate is Success (checked in version 7.1.0, 7.1.1 +patch1) and I am able to use accounts on that server for external account or for source account to migration wizard.


    Quote Originally Posted by quietpenguin View Post
    Hrmm, I'm pretty sure that my mail server does not support StartTLS, but I can check. If it does I'll disable it.

    I have a similar problem with 7.0.1, however. I think there's a slightly different error in the logs. At the moment I'm simply trying to find the "latest" version of Zimbra that works with external accounts.

    meesha -- maybe I'm not understanding your workaround correct, but you're saying that you've found the external account "issue" is related to a self-signed certificate in v7.1.1? Did you actually buy a cert to discover that it works well with a valid chained cert?

  8. #8
    quietpenguin is offline Junior Member
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    5
    Rep Power
    3

    Default

    Quote Originally Posted by meesha View Post
    Yes, I have checked in the real application, that bought chained certificate for correct common name (hostname) on the target external server is ok. I haven't found any other way how to successfully connect to external IMAP/POP3 server.

    Test of the connection to external server with chained certificate is Success (checked in version 7.1.0, 7.1.1 +patch1) and I am able to use accounts on that server for external account or for source account to migration wizard.
    Unfortunately I do not have a real certificate for the server that houses the external account I'm using, so there's no way for me to confirm if this workaround is appropriate in my scenario.

    It's also worth noting that I've confirmed that this "external" server does not support STARTTLS.

    Do you have a bug ID yet, meesha? I'd like to keep tabs on it to see if a workaround is posted. I'm also curious if you've tested adding an external account without encryption of any sort and to see if it worked. Mine did not (which had me thinking originally this was not an issue with certs or encryption at all).

    Also, I'll recreate a Zimbra 7.0.1 environment and post the error that I receive when I add the external account shortly.

  9. #9
    meesha is offline Senior Member
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default

    Look here:
    External IMAP account forces TLS when I don't want it

    I am testing this issue for several weeks now...

    If external server doesen't support STARTTLS, mailboxd.log has Successfully information about test, but webclient is still in "Testing".

    If external server support STARTTLS, zimbra use TLS and then is SSL error in mailboxd.log until external server has valid chained certificate.

    Bugreport has mark privacy and you cannot read it. There are some IMAP accounts (server, user, pass) and it is not to be public visible.

    I let you know here and to the other thread with more information in the future.

  10. #10
    quietpenguin is offline Junior Member
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    5
    Rep Power
    3

    Default

    Quote Originally Posted by meesha View Post
    Look here:
    External IMAP account forces TLS when I don't want it

    I am testing this issue for several weeks now...

    If external server doesen't support STARTTLS, mailboxd.log has Successfully information about test, but webclient is still in "Testing".

    If external server support STARTTLS, zimbra use TLS and then is SSL error in mailboxd.log until external server has valid chained certificate.

    Bugreport has mark privacy and you cannot read it. There are some IMAP accounts (server, user, pass) and it is not to be public visible.

    I let you know here and to the other thread with more information in the future.
    I'm still not completely convinced this is the same issue, primarily because the STARTTLS workaround that you've indicated does not function for me.

    I'm going to try modifying the system settings as listed in the other thread to see if it alleviates the issue I'm seeing:

    zmlocalconfig -e ssl_allow_accept_untrusted_certs=true
    zmlocalconfig -e data_source_trust_self_signed_certs=true

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Licensing and external mail transport accounts
    By TheCowStir in forum Administrators
    Replies: 2
    Last Post: 03-23-2011, 08:17 PM
  2. Replies: 15
    Last Post: 12-06-2008, 05:18 PM
  3. Replies: 4
    Last Post: 03-05-2007, 08:59 AM
  4. Replies: 2
    Last Post: 02-23-2007, 04:34 PM
  5. Fetch mail from external POP3 accounts
    By timothyp in forum Installation
    Replies: 1
    Last Post: 03-16-2006, 03:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •