javax.net.ssl.SSLHandshakeException when trying to connect without SSL

[VanHelsing]

I still got this problem, so I try it now with a properly named thread.

I'm trying to connect to mailserver inside my local network using an external account. since this mail server does only work within our localnetwork, there is no way to connect to it using its mx dns record from the "internet cloud". but within the localnetwork it's without a problem possible to connect to it using various mail clients (outlook or thunderbird for example). So on trying to connect to this server using an external account on my zimbra user (not using SSL!). I get the following exception according to the mailbox.log:

2011-10-13 10:27:29,904 INFO [btpool0-12://mail.football-db.com/service/soap/TestDataSourceRequest] [name=andreas@football-db.com;mid=3;ip=192.168.19.207;ua=ZimbraWebClient - FF3.0 (Win)/7.1.3_GA_3346;] datasource - Testing: DataSource: { id=TestId, type=pop3, isEnabled=false, name=Test, host=cult-t1.culturall.com, port=110, connectionType=cleartext, username=schabmann, folderId=-1 }
2011-10-13 10:27:30,086 WARN [btpool0-12://mail.football-db.com/service/soap/TestDataSourceRequest] [name=andreas@football-db.com;mid=3;ip=192.168.19.207;ua=ZimbraWebClient - FF3.0 (Win)/7.1.3_GA_3346;] datasource - Test failed: DataSource: { id=TestId, type=pop3, isEnabled=false, name=Test, host=cult-t1.culturall.com, port=110, connectionType=cleartext, username=schabmann, folderId=-1 }
com.zimbra.common.service.ServiceException: system failure: Unable to connect to POP3 server: DataSource: { id=TestId, type=pop3, isEnabled=false, name=Test, host=cult-t1.culturall.com, port=110, connectionType=cleartext, username=schabmann, folderId=-1 }
ExceptionId:btpool0-12://mail.football-db.com/service/soap/TestDataSourceRequest:1318494450086:6ccd138f1a07ed 36
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE (ServiceException.java:248)
at com.zimbra.cs.datasource.Pop3Sync.connect(Pop3Sync .java:156)
at com.zimbra.cs.datasource.Pop3Sync.test(Pop3Sync.ja va:109)
at com.zimbra.cs.datasource.DataSourceManager.test(Da taSourceManager.java:208)
at com.zimbra.cs.service.mail.TestDataSource.handle(T estDataSource.java:129)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:412)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:287)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:158)
at com.zimbra.soap.SoapServlet.doWork(SoapServlet.jav a:294)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:215)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:725)
at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:208)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:814)
at org.mortbay.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1166)
at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(Set HeaderFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1157)
at org.mortbay.servlet.UserAgentFilter.doFilter(UserA gentFilter.java:81)
at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter .java:132)
at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:218)
at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:422)
at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
at org.mortbay.jetty.handler.rewrite.RewriteHandler.h andle(RewriteHandler.java:230)
at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
at org.mortbay.jetty.handler.DebugHandler.handle(Debu gHandler.java:77)
at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:583)
at org.mortbay.jetty.HttpConnection$RequestHandler.co ntent(HttpConnection.java:986)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:756)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:414)
at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:429)
at org.mortbay.thread.BoundedThreadPool$PoolThread.ru n(BoundedThreadPool.java:451)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: d2:CN16:imap.example.com1:O0:2:OU11:IMAP server6:accept4:true5:alias38:cult-t1.culturall.com:897D72B6B11C4C924:fromi1130638247 000e4:host21:cult-t1.culturall.com3:icn16:imap.example.com2:io0:3:io u11:IMAP server3:md532:0E62FEC19C94C0D549B89BEFB88514C78:mi smatch5:false1:s16:897D72B6B11C4C924:sha140:36785D EA8DC7406BAC0EB6C93A9967562753DBCE2:toi11621742470 00ee
at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1649)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:893)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1165)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1149)
at com.zimbra.common.net.CustomSSLSocket.startHandsha ke(CustomSSLSocket.java:90)
at com.zimbra.cs.mailclient.MailConnection.startTls(M ailConnection.java:100)
at com.zimbra.cs.mailclient.MailConnection.connect(Ma ilConnection.java:84)
at com.zimbra.cs.datasource.Pop3Sync.connect(Pop3Sync .java:148)
... 38 more
Caused by: java.security.cert.CertificateException: d2:CN16:imap.example.com1:O0:2:OU11:IMAP server6:accept4:true5:alias38:cult-t1.culturall.com:897D72B6B11C4C924:fromi1130638247 000e4:host21:cult-t1.culturall.com3:icn16:imap.example.com2:io0:3:io u11:IMAP server3:md532:0E62FEC19C94C0D549B89BEFB88514C78:mi smatch5:false1:s16:897D72B6B11C4C924:sha140:36785D EA8DC7406BAC0EB6C93A9967562753DBCE2:toi11621742470 00ee
at com.zimbra.common.net.CustomTrustManager.checkServ erTrusted(CustomTrustManager.java:90)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:1198)
... 49 more


The other external account I set up works well. it is however connecting to a WAN mailserver with proper DNS MX record.
But I don't see why this can't work with our internal mailserver, since zimbra is only going to connect to it from within the LAN.

thx for help

[meesha]

I had the same problem. Zimbra can connect with TLS only to the servers with "chained" trusted certificates. Workaround is:
[root@zimbra /]# zmlocalconfig -e javamail_imap_enable_starttls=false
[root@zimbra /]# zmmailboxdctl restart

It is about DISABLE TLS. Zimbra always use TLS, if target server support STARTTLS. So you have to make trusted chained certificate on target server, or disable default TLS on on Zimbra side, or disable STARTTLS support on target server.

I have done it by javamail_imap_enable_starttls=false.

[VanHelsing]

thx for the advice.

I had to also set ssl_allow_untrusted_certs to true in order to make it work however.