Results 1 to 8 of 8

Thread: MultiServer Installation Problem

  1. #1
    Mido3mad is offline Active Member
    Join Date
    Mar 2010
    Location
    Egypt
    Posts
    41
    Rep Power
    5

    Default MultiServer Installation Problem

    Hi All experts,

    I have a problem with my zimbra mail system we use server ldap,mailbox,smtp

    with zimbra 7.1 ZCS

    problem begin when i cant receive mails from some domains like gmail,hotmail,..etc and after some restarting the systems many times there is much delay of the mails received by my mail for also many domains and have this
    log in smtp and mailbox logs : /var/log/zimbra.log

    connect from mail-ob0-f176.google.com[209.85.214.176]
    Apr 18 12:26:46 smtp postfix/smtpd[15366]: lost connection after CONNECT from mail-ob0-f176.google.com[209.85.214.176]
    Apr 18 12:26:46 smtp postfix/smtpd[15366]: disconnect from mail-ob0-f176.google.com[209.85.214.176]

    and when i telnet from ldap or mailbox server to smtp port 465 i got this error

    Apr 18 12:01:04 smtp postfix/smtpd[7361]: connect from unknown
    Apr 18 12:01:04 smtp postfix/smtpd[7361]: setting up TLS connection from unknown
    Apr 18 12:01:08 smtp postfix/smtpd[7361]: SSL_accept error from unknown[10.1.1.80]: -1
    Apr 18 12:01:08 smtp postfix/smtpd[7361]: warning: TLS library problem: 7361:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:584:
    Apr 18 12:01:08 smtp postfix/smtpd[7361]: lost connection after CONNECT from unknown
    Apr 18 12:01:08 smtp postfix/smtpd[7361]: disconnect from unknown

    Any Ideas about this case???

  2. #2
    Mido3mad is offline Active Member
    Join Date
    Mar 2010
    Location
    Egypt
    Posts
    41
    Rep Power
    5

    Default

    No Answer about how to fix the TLS library????

  3. #3
    ZMike is offline Active Member
    Join Date
    Mar 2012
    Posts
    39
    Rep Power
    3

    Default

    Quote Originally Posted by Mido3mad View Post
    when i telnet from ldap or mailbox server to smtp port 465 i got this error

    Apr 18 12:01:08 smtp postfix/smtpd[7361]: warning: TLS library problem: 7361:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:584:
    This is not an error. What else should you expect when telnetting to tls encrypted port?

  4. #4
    Mido3mad is offline Active Member
    Join Date
    Mar 2010
    Location
    Egypt
    Posts
    41
    Rep Power
    5

    Default

    I use tls to connect to 3 server with each other + with external connection its use this ports to connect internally is this normal to show this warning?

  5. #5
    ZMike is offline Active Member
    Join Date
    Mar 2012
    Posts
    39
    Rep Power
    3

    Default

    This warning is normal when you try to connect to tls port using non-tls client (i.e. telnet)

  6. #6
    justdave is offline Trained Alumni
    Join Date
    Nov 2008
    Location
    Grand Rapids, MI
    Posts
    123
    Rep Power
    6

    Default

    You need to use openssl's s_client subcommand to test TLS connections.

    Typically something like this:

    Code:
    openssl s_client -connect myserver:465
    Code:
    openssl s_client -connect myserver:587 -starttls smtp
    As for the first error from Google that you pasted, all that shows is that they disconnected right after they connected, without actually sending any mail. They might have received email from your domain and were checking to make sure something was actually answering on your MX before accepting it.

  7. #7
    Mido3mad is offline Active Member
    Join Date
    Mar 2010
    Location
    Egypt
    Posts
    41
    Rep Power
    5

    Default

    Thanks dave

    the log files of the mailbox and smtp has the same issues with connect and disconnect with some domains


    When i test the ssl on the smtp server it gave errors like that i use self sigh certificate for the all servers


    openssl s_client -connect myserver:465
    CONNECTED(00000003)

    verify error:num=20:unable to get local issuer certificate
    verify return:1

    verify error:num=27:certificate not trusted
    verify return:1

    verify error:num=21:unable to verify the first certificate
    verify return:1
    ---
    is that normal?

    and about the MX record the messages received after delay time how can it be with dns records??
    Last edited by Mido3mad; 04-24-2012 at 01:09 AM.

  8. #8
    justdave is offline Trained Alumni
    Join Date
    Nov 2008
    Location
    Grand Rapids, MI
    Posts
    123
    Rep Power
    6

    Default

    Yeah, by default openssl s_client considers any certificate to be self-signed. There's a -CAfile option you can pass to point it at your root certificate store if you want it to try to validate the certificates, but it's usually in a different place on every distribution, so it's hard to use in an example. If it actually let you connect is the important part in this case.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 10-07-2011, 07:35 AM
  2. zcs Red Cat cluster (4) installation problem
    By alessio in forum Installation
    Replies: 3
    Last Post: 02-21-2008, 08:18 AM
  3. merging multiserver installation.
    By chezgi in forum Administrators
    Replies: 5
    Last Post: 09-23-2007, 12:05 PM
  4. Replies: 16
    Last Post: 09-07-2006, 06:39 AM
  5. Another installation ldap problem
    By genesis in forum Installation
    Replies: 10
    Last Post: 12-24-2005, 07:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •